Comment on Https on tailnet?
mara@pawb.social 1 year agoNote my bias as I work for Big VPN (Tailscale), but I don’t think that teaching people to ignore security warnings is a good thing to do. The CA system is kind of a scam in general, but I think that at least in its current implementation it’s better for us to encourage people are aware of those errors and what they mean.
As the sacred texts say: self-signed certificates beget the use of curl -k
beget the use of self-signed certificates.
Fjor@lemm.ee 1 year ago
Yeah I also don’t want my folks to have to “ignore” the warnings either. So will defo have the https set up before giving them access.
Snowplow8861@lemmus.org 1 year ago
Not possible without a domain, even just “something.xyz”.
The way it works is this:
Now, to get that experience you need to meet those conditions. The machine trying to browse to your website needs to trust the certificate that’s presented. So you have a few ways as I previously described.
Note there’s no reverse proxy here. But it’s also not a toggle on a Web server.
So you don’t need a reverse proxy. Reverse proxies allow some cool things but here’s two things they solve that you may need solving:
But in this case you don’t really need to if you have lots of ips since you’re not offering publicly you’re offering over tailscale and both Web servers can be accessed directly.
Fjor@lemm.ee 1 year ago
Thanks for the detailed answer, I was able to solve my problem just with what /u/mara said suggested above :)