Honestly this is so cool I kind of wish I had a reason to want to host that instead of Tailscale… but Tailscale’s chill 😂
2026-07-03 16:33:24
0
GamerBoy1290 :
What is the website?
2026-07-03 21:11:21
0
Necarus :
netbird >>>
2026-07-03 15:05:15
4
melomakarouno :
headscale devs reported that security is not their top priority. use that as you will
2026-07-03 06:11:58
21
yenavoksam :
And use WG easy with wireguard
2026-07-03 04:07:23
1
ckelley.eth :
Honestly I’ve used headscale + headplane as the UI + self hosted derp relay. It works, but it doesn’t have feature parity with tailscale. It also imo can be brittle and it’s finicky to maintain imo and not prod worthy imo. Honestly I just use tailscale for my business stuff so multiple cloud pve nodes and azure resources lock most of the management behind tailscale to a ACL group. Then for both cloud nodes for pve sdn i have a LXC container acting as a subnet router advertising the sdn subnet to a acl group. That and using technitium dns for ad blocking for all tailnet clients. It also is great for crowdsec, wazuh agent, grafana/loki/syslog-ng stack comms between local and cloud nodes. 7 node pve cluster, 2 cloud bare metal hosted servers locking management gui & ssh behind tailscale. All talk to my observability stack over tailscale and for proxmox backup server remote jobs. Only the needed ports allowed. I also have clients using tailscale in place of vpn and it works great and easier to maintain. It’s like 8$ a user and I pay 18$ a user for my internal infra for extra shit. I have 200+ devices in tailscale and heavy acl usage. I wouldn’t make it a flat private network either. Follow zero trust and follow principle of least privilege imo with access. I usually make heavy use of ACL groups. If 2 remote docker hosts need socket proxy comms or a certain port I only allow that port in the ACLs not just leaving it for wide open between clients. Docker group can be limited by port. Management group allows 22, 8006. Backup group allows 8007 etc. Wide open tailnet where everything can just talk to each other fully is an accident waiting to happen. If you have a need to self host the control pane I’d check out netbird and self host that instead. They got some similarities and it’s less of a maintainence headache. More production worthy self hosted option. it uses quic and websockets in place of derp. I think netbird > headscale for self hosting. Then I have wireguard as a site to site fallback between home and 2 pve sdn subnets. My firewall just has a static route pointing to a WG vm pulling in WG subnet to lan and my firewall limits access to my device only.
2026-07-03 13:19:05
1
Sndrdrx024 :
Yes but when you can’t do port forwarding then having a cloud solution is the only solution 🤷♂️
2026-07-03 07:06:21
6
dexter44562 :
Thx for the info
2026-07-03 13:07:56
2
l3v1n :
At that point use wireguard…
2026-07-03 20:44:33
0
Alex Nord :
I used to use this religiously. Then bought a new router. A UniFi cloud gateway ultra. Who support UniFi endpoint, teleport vpn and wireguard oh and site to site so I replaced headscale
2026-07-03 20:33:03
0
:
magnific content idea
2026-07-03 12:03:02
0
A.W. :
why not build your own version, run your own zero trust system. I run my own
2026-07-03 06:57:29
3
jetomit.bio :
i use public ip. and i use cloudflare to domain managemant. and if i want sum private i just set passwords. and set a ip, that can access it
2026-07-03 20:08:43
0
To see more videos from user @hostedbyyouchannel, please go to the Tikwm
homepage.