1. Install a tailscale self signed certificate#
sudo tailscale cert [ts-hostname].[ts-domain]
# or im my case
sudo tailscale cert codeserver.snares-stairs.ts.nettailscale cert: This tells Tailscale to reach out to Let’s Encrypt (a free certificate authority) and generate a security certificate for your specific machine.
2. Enable the Tailscale Reverse Proxy#
Tailscale has a built-in feature called serve that acts as a reverse proxy. This automatically handles SSL encryption (HTTPS) for you, so you don’t have to manually manage certificate files.
Run the following command (replace 8080 if you used a different port):
sudo tailscale serve --bg --https=443 8080What this does:
sudo tailscale serve: Tells Tailscale to listen for incoming web traffic.- **
--bg: The task run in the background and will be restarted upon reboot. --https=443: Switches on encryption and uses the standard web port for HTTPS.8080: Directs that traffic to your local code-server instance.
3. Verify the Status#
To make sure the proxy is active and pointing to the right place, check the status:
tailscale serve statusYou should see an output similar to this:
[https://codeserver.snares-stairs.ts.net](https://codeserver.snares-stairs.ts.net) (tailnet only)
|-- / proxy [http://127.0.0.1:8080](http://127.0.0.1:8080)Key Advantages of this Setup:
- Security: Your code-server is now only accessible via your private Tailnet.
- Encryption: Traffic is fully encrypted, protecting your password and code.
- No Port Mess: You no longer need to type
:8080at the end of the URL; just use the domain name.