[kevinmgranger]

I've been meaning to try something similar for Kubernetes/OpenShift-- you can set up authentication (technically an identity provider) through a configurable HTTP header. My idea was having the reverse proxy only listen on the tailscale IP, but this is even cooler.

[xena]

If you get this working, please do email me at xe at tailscale dot com. I'd love to document this so that other people can benefit from it.