Comment on Replacing Cloudflare Tunnels with Tailscale?
ck_@discuss.tchncs.de 9 months agoThat’s just not true. When you run an nginx proxy on a tailscale node, that nginx will terminate the TLS. There is no “gap” between your browser and that server.
lemmyvore@feddit.nl 9 months ago
Only if that nginx is advertising the .ts.net domain, and using the certificates for the .ts.net domain, which means you have to export and renew them manually via
tailscale cert. If you let Tailscale manage them you will have a TLS gap.ck_@discuss.tchncs.de 9 months ago
Precisely. Except there is no “Tailscale manage them for you”.
So you could summarize your answer as " Tailscale certificates work like let encrypt".