TIL: Tailscale makes self-hosting actually usable

2 February 2026

Tailscalenetworkingself-hosting

Before Tailscale, accessing my home lab from outside the house meant: port forwarding on the router, dynamic DNS to track my home IP, certificates for HTTPS, and constant anxiety about exposing services to the internet.

Tailscale replaced all of that with tailscale up.

What it actually does

Tailscale is a WireGuard mesh VPN. Every device you install it on gets a stable private IP (100.x.x.x range) and can reach every other device on your tailnet, regardless of what network you're on. No public IPs, no port forwarding, no NAT traversal headaches — it handles all of that.

The setup that changed things

Every LXC container and VM in my Proxmox setup runs Tailscale. So from my laptop, I can reach:

100.x.x.1 — Proxmox web UI
100.x.x.2 — my Docker host
100.x.x.3 — the FindMe backend
any new service I spin up, immediately

No firewall rules to update. No certificates to manage for internal access.

The one thing to know

Tailscale's free tier allows 100 devices. For a home lab, you'll never hit that. For a small team, it's worth paying for.

Exit nodes are the killer feature I didn't know I wanted — you can route your traffic through any device on your tailnet, which effectively gives you a personal VPN with your home IP.