Replies: 1 comment 2 replies
-
|
since you're using tailscale, did you try the subnet router? |
Beta Was this translation helpful? Give feedback.
-
|
I checked the docs for it just now, but I actually have my internal network firewalled for the most part as a form of hardening, which I get is a bit silly, but gives me a little more peace of mind that it's one less potential attack vector. Adding IP and port forwarding through the subnet router seems both like an increased level of complexity to my tailnet and somewhat defeats the purpose of restricting my internal network. I get that this is a bit of a niche use case, but at the same time it is also why a manual override could be beneficial as it could cover many different situations. |
Beta Was this translation helpful? Give feedback.
-
|
i think we can’t manual override on runtime. i mean we can do “allowlist” to bypass the ATS based on it’s hostname (exact hostname) and we need to maintain the list. and since the code is open source, anyone can see the hostname that maybe become another issue |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I understand the idea of restricting the use of non-HTTPS server URLs, but in my case, I'm running Navidrome in a tailnet, where all traffic from node to node is encrypted. I don't have any interest in running Tailscale Serve, as this introduces more complexity to my stack than I need, and I don't want to expose any part of my tailnet to the public internet.
Would you consider adding a manual override to the HTTP restriction so users who know what they're doing can use the app? Maybe through a secret prefix in the server URL or something?
I saw #80 but I feel that this feature request is distinct enough to have a new thread.
Beta Was this translation helpful? Give feedback.
All reactions