[chris12321]

You can also set up DNS records pointing to your home server's VPN IP, which, with Tailscale, I've found to be pretty static and then a reverse proxy on your home server. So I have my home network apps running on app1.my-domiain.com app2.my-domain.com, app3.my-domain.com etc, which only work when I'm connected to the VPN.

The downsides are that I need to be connected to the VPN at home to use the domain and I currently don't have SSL set up on the domains, so browsers complain when I connect to them. The second problem I could fix, but I'm not sure if there's a solution for the first.

[sebws]

You can fix them both in one. In your local network you host a local DNS, in my case I’m using pihole. It has records which point to the local IP of a reverse proxy. With this setup you can have SSL for your domain names on your local network.

To make it then work outside your local network, in tailscale settings you use “split dns” to set your DNS to be the IP of your pihole in the tailnet for your domain. Now when you try hit your local domains you should receive the same local IPs that you do at home. Then in the tailscale route settings of your machine hosting the reverse proxy you make it advertise the subnet of those local IPs. Now when you receive the local IPs your devices using the tailscale VPN should go to your home server with SSL and no external DNS.

Hope that’s somewhat clear enough

[mynegation]

There is a solution for the first. I have setup my home server torun Tailscale _and_ be a router to 192.168.2.x network (you can set this up in the Tailscale UI). I have server.mydomain.com to resolve to 192.168.2.x address and this way I can access it from the outside via Tailscale and from inside without the need to turn on Tailscale. I have https setup via DNS-01 challenge as well and updated automatically.