Tailscale Funnel Setup for Jellyfin

Linux
1

I’m trying to setup a funnel for Jellyfin to get around a CGNAT, and I found two different commands for setting up the port. Which command would it be?
tailscale serve / proxy 8096
tailscale serve tcp 8096
Currently, serve / proxy doesn’t work at all, and serve tcp works while connected with tailnet. Should I just wait for the DNS to propagate?

1 Like
2

/ proxy 8096 should work. Did you get any error or is the DNS just not fully propagated?
My funnel took about 24hrs to be fully available.

1 Like
3

It’s been about 48 hours, no error but no DNS either.
Serve status:
https://[server address].tail7bf03.ts.net (Funnel on)
|-- / proxy http://127.0.0.1:8096

I’ve tried turning funnel off and on, https certificates are on, and the server has the right attribute.
I can access the server through the url when I’m on the VPN, but can’t from the outside.

Saw your comment in the other thread, I guess it’s just more waiting.

4

Hey team - I’m experiencing a similar issue. I enabled funnel last night around 8pm PT.

$ sudo tailscale serve status
https://<MACHINE>.<TAILNET>.ts.net (Funnel on)
|-- / proxy http://127.0.0.1:8096

I am able to access ..ts.net when connected to the tailnet.
When I run dig on a machine NOT connected to the Tailnet, I receive the following response:

$ dig <MACHINE>.<TAILNET>.ts.net

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>><MACHINE>.<TAILNET>.ts.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12708
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 44a55270173a0c880100000063bb34f8bc22280b252ba679 (good)
;; QUESTION SECTION:
;<MACHINE>.<TAILNET>.ts.net. IN        A

;; AUTHORITY SECTION:
ts.net.                 141     IN      SOA     ns1.dnsimple.com. admin.dnsimple.com. 1615419595 86400 7200 604800 300

;; Query time: 10 msec
;; SERVER: 172.27.96.1#53(172.27.96.1) (UDP)
;; WHEN: Sun Jan 08 13:26:16 PST 2023
;; MSG SIZE  rcvd: 156

Hope this helps - happy to share the full URL in a PM.
I have also confirmed the following:

  • Funnel enabled
  • HTTPS certificates enabled by running sudo tailscale cert <MACHINE>.<TAILNET>.ts.net
  • Access controls modified