Hi ,

we currently have a setup where we have a caddy reverse proxy that also runs tailscale that points to an internal application. When people want to use this internal app they just activate Tailscale go to the url and use it. Since the reverse proxy knows who a user connecting is, is there a save way to use this information to authorize what actions users can perform?

Take a look at forward_auth (Caddyfile directive) — Caddy Documentation which shows how to use the Tailscale NGINX auth tool with Caddy.

Thanks! That is exactly what I am looking for, any idea how I can enable this in a docker container since I don’t have access to systemctl?