This should be excellent for selfhosters that have all their services in one VM. I haven’t tried this myself, but I think this means you can:
- you can create memorable links instead of memorizing port numbers:
jellyfin.foo-bar.ts.net - share one service from a machine instead of all of them in a more intuitive way
If you’re new to Tailscale Services, it lets you publish internal resources like databases, APIs, and web servers as named services in your tailnet, using stable MagicDNS names. Rather than connecting to individual machines, teams connect to logical services that automatically route traffic to healthy, available backends across your infrastructure. This decoupling makes migrations, scaling, and high availability far easier, without reconfiguring clients, rewriting access policies, or standing up load balancers. Our documentation has details on use cases, requirements, and implementation.
jellyfin.foo-bar.ts.netBTW, I’m doing something similar with standard DNS records that point to an internal Tailscale IP. I can go to https://immich.mydomain.com/ which only works if Tailscale is active. Let’s Encrypt works too. Obviously the setup isn’t automatic but it’s automateable for more adept self-hosters.
Immich needs this, right? I remember it not working on a tailscale funnel path.
I haven’t tried funnel but it works using an internal Talscale IP/host and port. E.g. http://the-immich-host:1234/ if the-immich-host is a Tailscale machine.
I do this too. Can recommend.
Does this work from outside your lan or just when you’re in the network with your dns server?
Works outside. I’m setting a standard DNS record on a standard DNS provider to an internal TS IP. The record works everywhere but the IP is only accessible when TS is on. Whether I’m on the local net or outside.