Видео

Be very careful when doing this. I followed this video step by step and right when I activated my tailnet lock command, all my tailscale accounts lost access to the internet. I didnt realize this was the case so I restarted my computer thinking that the issue was something else and I had saved my key on password manager. This was not the case since I didn't have access to internet during password manager and I lost my keys.

i love this software

my bother and i have our own tailscale accounts is this how we link the 2

Nothing about this is what is?

Any chance you can show this using traefik instead of caddy? I've been banging my head trying to set it in up the last few days.

But this configuration requires a oaid subscription, no? With the free version only 3 devices are possible. So the exit node would have to be a device that's always on?

Can you change the device name on the Mac app? Like you can on the iOS app. I know you can on the admin console but just missing it on the actual machine

I've made sure I have HTTPS enabled in my TailScale account DNS settings, but the add-on still crashes when I enable the proxy - works fine otherwise. No certificate has been issued to the machine according to the machines tab in TailScale. Just get an exit code, usually 1, and the add-on stops.

whyy does it have to be that complicated jeez

Is this a one way traffic only? I have a biometrics and i cant ping back to the router subnet.

Do I get to have many tailnet name(DNS) since I host not only but many different apps? each name give access to a hosted app?

Newbie here. Just following the steps you mentioned here. After I run "docker compose up -d", I can't access "banana" in browser on host machine like you did. Am I missing a step?

I still struggle to access my plex via tailscale on my Android. Synology firewall and custom server address in plex both don't help. I haven't found a helpful guide yet, neither on tailscale forum, reddit, not YT. For a video, I'd be super happy, but if someone has a my guidance, that would also be very appreciated!

The most amazing fact about this video is how good it is prepared, how nice it is formulated and it delivers the message without wasting time. I cheers you for your great knowledge. The one whom understands well, can make everyone get it. 🎉

I almost got an orgasm watching this video

Mac version of tailscale ui look good in widnows 🤡

"tailscale can't reach configured dns servers" - status output

This is one of the best products I have ever seen. This opened just SO MANY doors for many of my home projects!

will there be a docker container for TSIDP soon? I want to run it on my Unraid. or will it be a plugin for Unraid? multiple services could use TSIDP as an OpenID login method and it would be very convenient! Also, Alex, I have never thought I could learn something in such a soothing way. Your voice, your calmness, and at the same time, emotionally rich way of teaching/instructing are very effective for me. Thank you from a humble home automation enthusiast from Kyiv, Ukraine <3

What a great idea! I love it. GitHub actions can easily compile the go binaries. That will reduce friction for people who want to install. Compiling code yourself shouldn't be required.

Tailscale revolutionized the way I used networking in my life. It is so helpful for my travel, and supporting family members.

mindblown. thx

i searched for something else, and first i havent understood what u gonna do but maaaaaaan, this kinda makes me wanna use this in a lot more places! this is super cool, you all know your audience for 1000%. keep this up and similar content!! love you and love tailscale<3

Hey Alex, is there a concept of a service account user? I want to avoid using a personal account to authenticate the client.

Will the DS apps all work using this? Thanks.

Hope you've got a TV license 🤣

hi! please show how to connect from my home PC to work PC over the RDP!

Is it possible to host a docker container (a self hosted app like immich ) on macOS (mac mini) using podman desktop, and then try to access it from another mac using Taiscale. I haven't really seen a tutorial doing this, most of the tutorials seem to use Linux for the self hosted containers. I tried following some tutorials (A deep dive into using Tailscale with Docker, etc ), but they didn't work, I wasn't able to directly add tailscale to the container. Is there a tutorial that does it, using macos for hosting. My current method that works, is just using the ip of the mac host that has tailscale. But the method of using the API key doesn't work.

I love tailscale, it feels a LOT that this is really built with core being engineering team not random prod people, and still managed to deliver a so easy to use product.

Thank you for the fantastic walk-through - this is a huge time saver. I'd be interested in extending this method to additional homelab apps.

isn't this applicable beyond proxmox? why specify proxmox? can this not be applied to to anything that can use openid connect or similar?

Can I ask what is the VSCode theme used here?

When running `make install`, you may get an error that it couldn't find the `bash` patch, just simply run `pkg install bash` first and that should resolve it for you.

Well explained!

Thank you

Pretty cool! I don't use tailscale, but its a cool option for internal applications that don't need to be registered with a central Identity Provider (but does break the centralization of a central IDP)

Since you have a cluster, why wouldn’t you setup tsidp as a LXC container or VM?

I had an idea today that I’d like to share with you, regarding a feature. I should probably check the roadmap before saying it though. 😂

Are the terms Realm and Scopes known by any other names? I'm considering using this for XCP-ng (Xen-Orchestra) but their auth-oidc plugin provider mentions fields such as: Auto-Discovery URL, Client-Identifier (*), Client secret (*), Authorization URL, Callback URL, Issuer, Token URL, User Info URL, and Scopes … I understand those marked (*) are "unused" (according to your video at 10:03), what about the others? Thanks for all the help! Looking forward to giving this a try (I run both Hypervisors…) Happy Christmas Alex!

Hey Alex, pretty funny we actually do it the other way around. We use a normal HA Wireguard setup and the client will only start to allow traffic when we're logged into our Keycloak IDP :) When we login there will be an event emitted that we watch out for to add the clients IP to the appropriate NFTables set together with a timeout.

Man, I wish I can do something like this for my users logging into their SaSS applications as we all work remotely. Is that possible?

I am curious about one thing, do we need to install Tailscale to one of our Proxmox nodes?

Can i use this method on any lxc

0:55 “Hammond seems to crash a lot” 😭

This is so helpful! Thank you!

Super awesome!

really cool that you could use ts as an identity provider. i have my proxmox oidc configured with authentik but still awesome to learn about this

Overly complicated, and full of crappy information. Why don't you make a freaking user-friendly guide??

It would be great if you could investigate how possible it is to locally host an OIDC server (exposed on your Tailnet) and use that to authenticate to your Tailnet. This is sort of a chicken and egg situation, but it's one that would be really really handy for self-hosting where you don't want an external IdP to be the root of your identity.