|
|
|
|
|
|
by wtatum
1507 days ago
|
|
|
Thanks for the quick reply, that helps a lot. In the case where we're not intending to handle Internet traffic on the proxy--only Tailscale--it would still be possible to bind the Nginx listener to only the Tailscale adapter though right? I'm imagining a use-case where Tailscale + Nginx is acting kind of like an Azure App Proxy where you want to ensure that all access to the upstream service is validated against the Tailscale ACL. Maybe that's already implicitly the case since the auth_request goes to nginx-auth, so any traffic that isn't coming from a Tailscale IP is going to be denied anyways. |
|
|