Skip to content

Tailscale Quick Reference#

What is Tailnet / Why Tailnet#

Tailnet: private network connecting your devices; VPN-like for your devices
Use: remote access, internal service exposure, avoid NAT, encrypted machine-to-machine

Tailscale basics#

tailscale up                # connect machine to Tailnet
tailscale status            # list connected devices and IPs
tailscale ip -4            # show IPv4 in Tailnet
tailscale ip -6            # show IPv6 in Tailnet
tailscale ping <device>     # test connectivity to another Tailnet device
tailscale logout           # disconnect from Tailnet

Serve & funnel commands#

tailscale serve            # expose local server within Tailnet
tailscale funnel           # expose local server to the public internet
tailscale serve status
sudo tailscale serve reset
tailscale funnel status
tailscale funnel reset

Serve example#

sudo tailscale serve http://localhost:8000

Funnel example#

sudo tailscale funnel --bg 8000
sudo tailscale funnel https+insecure://localhost:8443
tailscale funnel --bg --https=443 localhost:8000  #only 443, 8443, or 10000 can be exposed so use caddy,ngnix to reverse proxy bro

Port & networking considerations#

Tailnet serve/funnel binds to host port
Conflicts if host port already used (Docker, other service)
Bind Docker to 0.0.0.0:<port> for Tailnet/public access
Check ports: sudo ss -ltnp | grep <port>

Common Tailscale commands#

| Task                              | Command                                                 |
| --------------------------------- | ------------------------------------------------------- |
| View connected devices            | `tailscale status`                                      |
| Show machine IP                   | `tailscale ip -4` / `tailscale ip -6`                   |
| Test connection to another device | `tailscale ping <device>`                               |
| Serve internal (Tailnet only)     | `sudo tailscale serve http://localhost:<port>`          |
| Serve public (funnel)             | `sudo tailscale funnel --bg <port>`                     |
| Reset serve/funnel                | `sudo tailscale serve reset` / `tailscale funnel reset` |
| Remove funnel                     | `tailscale funnel clear`                                |
| Get funnel config                 | `tailscale funnel get-config`                           |
| Advertise service                 | `tailscale funnel advertise <service>`                  |

make funnel auto after crash or restart#

Using systemd

/etc/systemd/system/tailscale-funnel.service#

[Unit]
Description=Tailscale Funnel for my app
After=tailscaled.service network.target
Requires=tailscaled.service

[Service]
ExecStart=/usr/bin/tailscale funnel --bg --https=443 localhost:8080
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl enable tailscale-funnel
sudo systemctl start tailscale-funnel
sudo systemctl status tailscale-funnel