Cannot access locally hosted webserver through exit node public ip (on vps)

Hi everyone,

I want to be able to access a webserver exposed to localhost:3000 on my home computer, from public internet through my exit node setup on my vps.

I managed to set up tailscale on an aws instance, and successfuly use it as exit node on my home computer. I enable access to home computer local network with tailscale client and I configured the vps firewall to open port 3000.
I then tried to access through publicip:3000 and couldn’t access it.

I’m stuck at this stage, I’m sure I’m missing something but can’t figure it out after countless google searches.

Thanks for your help

Hi yanisik!

Could you try having your webserver listen on all interfaces on your computer instead of just localhost? Usually a webserver which listens to localhost only sees connections from processes on your computer, and regardless of firewalls is inaccessible from other machines. Different webservers specify this differently, but most of them understand :3000 to mean listen on port 3000 on all interfaces.

Let me know if that works!

Hi !

I exposed my webserver to but still cannot access it from outside my computer (through the exit node public ip, I want to precise that it’s accessible from outside through the tailscale ip only, from a tailscale connected device).
I also tried a simple plex webserver, which should be working by default on port 32400.
I can access it using localhost and the tailscale ip of the home computer from another tailscale device, but not from the ip of the exit node.

After some research, I found that I have to reroute incoming traffic to my VPS to my home computer tailscale ip, with either a reverse proxy or some iptables commands.
Is that the right way ? I hoped I didn’t have to use a reverse proxy and just expose my home server entirely through my VPS dedicated ip.

This is what I’m trying to achieve:

Internet <–> exit node vps with public ip <–> home computer

Thanks !

Using a reverse proxy is the correct solution here. nginx is a good choice, and is relatively straightforward to set up.

Or, you install tailscale on each device you want to access the resource, if it’s private.

Thanks, so setting up a reverse proxy and configuring the forwarding manually would work then.

Is there a way to just reroute all the traffic from VPS to my homeserver, so that I can expose my home server directly through the vps public IP and access any port (as long as it’s open on the firewall) without manually changing the forwarding config everytime I want to access a new port ?

My initial thinking was that the “exit node” feature of tailscale would be bidirectional, and that I could directly expose a home server to the public internet through an exit node.

No, Exit nodes are one-way. You can manually set up iptables to forward traffic, but a reverse proxy is the better solution.