TailScale with Nginx Access Lists

my home server is running Debian 12 and I have services only accessible on my local network. that is controlled through Nginx Access Lists. I have followed the instructions to set up Subnet router on the server and i have added and to the access list allowed subnet. sadly, I could not access the services via the URL (although it works just fine when i am home) but I can through IP:Port of each service when connected from outside over TailScale.

so I figured it could be the device is on a subnet not allowed in the access list.
I thought setting up a subnet router would allow access of devices as they were connected on the same subnet ? can anyone explain to me where i am going wrong ?