SSL + magic DNS ideas?

Really loving tailscale. I have ~10 or so different ‘services’ hosts connected serving up HTTP traffic. Home Assistant, minecraft dashboards, the usual media apps, proxmox UI, etc. I’d love to access all of them exclusively through HTTPS, and via Magic DNS. E.g. https://homeassistant:8123/. But it’s not clear how cert generation would work with the ‘magic’ part and lack of domain ownership. Is this possible?

EDIT as I think about it more - this isn’t for home assistant - that works over HTTP, and there is no added security for HTTPS I think in this case. But some services like proxmox seem to require an HTTPS connection, so removing the constant cert warnings would be great.

One way to handle your own TLS cert generation linked to MagicDNS is to use your own public-facing domain name, and CNAME the names from their to their MagicDNS names. That would let you use something like letsencrypt to request names. You can also skip the MagicDNS layer and put your 100.x IP addresses directly into your own DNS domain.

Since Tailscale is already encrypted, https doesn’t really add that much other than removing browser warnings, although removing browser warnings is kinda nice.

We have a few ideas on how to automate TLS cert generation with MagicDNS, but it’s going to be at least several months before that is available. It’s relatively low on the roadmap right now.

2 Likes