Funnel stops working when using ACL tags

I have a funnel set-up on a machine, it works no problem while untagged. The moment I tag, it stops responding outside of my tailnet. So my question is, do tunnels work with ACL tags? If they do, what ACLs should I be using to allow it to work?

I’m certain I’m doing something wrong, so any help would be appreciated.

Thanks in advance!

This is an example of my ACLs:

	// Groups
	"groups": {
		"group:admins": [""],
	// ACL Tags
	"tagOwners": {
		"tag:webhost":  ["group:admins"],
	// Access control lists
	"acls": [
		// Web host
			"action": "accept",
			"src":    ["*"],
			"dst":    ["tag:webhost:443"],
	"nodeAttrs": [
			"target": ["group:admins"],
			"attr":   ["funnel"],