How to Install Tailscale On your Homelab Server

We have previously shown you how to use Cloudflare Tunnel to connect to your homelab apps. If you are not a fan of Cloudflare, Tailscale is yet another tool you can use to connect remotely to your app. Tailscale is built on top of WireGuard, and allows you to create and manage virtual private networks (VPNs) over the internet. This makes it great for you to access your apps outside your network.

In this article, I will go through the process of installing and setting up a Tailscale network for accessing your homelab services.

Prerequisites

Before you start, make sure that you have the following ready:

  • A Linux homelab server, preferably running Debian or Ubuntu
  • A client machine running a graphical desktop environment
  • A reliable internet connection and SSH access to your homelab server

Installing Tailscale

The most common approach to install Tailscale on your homelab is via its official repository. This gives you total control over your homelab, which can be useful if you want to access your server remotely.

Run the following command to download and run the Tailscale installation script on your homelab:

curl -fsSL https://tailscale.com/install.sh | sh

Start the Tailscale daemon on your homelab machine:

sudo tailscale up

Doing this will print a link on your server’s console. Copy this link,
then open it on a web browser.

Tailscale Login Link In Terminal

It will prompt you to login (or create an account) to Tailscale.

Tailscale Google Sso Button

Once done, Tailscale will prompt you to link your homelab server to
your VPN. Click “Connect” to add it to your Tailscale network.

Install Tailscale Homelab 03 Connect Homelab Tailscale

Back in the terminal, start systemd-resolved:

sudo systemctl enable --now systemd-resolved.service

Remove your server’s “resolv.conf” file, then replace it with a symbolic
link running Systemd’s own resolve file:

sudo rm /etc/resolv.conf
sudo ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Reload both Systemd’s DNS backend and your Tailscale daemon to apply
your new settings:

sudo systemctl restart systemd-resolved.service
sudo systemctl restart NetworkManager.service
sudo systemctl restart tailscaled.service

Connecting A Client to Your Tailscale Network

With your homelab properly enrolled to your Tailscale network, you can now expand it to your other clients. To do that, start by logging in to your Tailscale admin page.

Click the Add device button on the page’s upper right corner.

A screenshot highlighting the "Add device" button on the web console's upper right corner.

This will bring up a small popup menu showing the different platforms that you can install Tailscale on. For this guide, I will install Tailscale on my Windows machine.

Note: if you’re installing it on a different OS, the menu provides an install note for each platform under the Read guide tab.

Click the Copy link tab on the popup window, then open the link on a new web browser tab.

A screenshot showing the download popup window for Tailscale.

Click Download Tailscale for Windows, then run the Tailscale executable file on your Downloads folder to install it on your client.

A screenshot highlighting the download button for Windows on Tailscale.

Select Get Started, then Sign in to your network.

A screenshot showing the Tailscale desktop client's login prompt.

Login to your Tailscale account to finish the linking process.

Exposing Homelab Services to Tailscale

At this point, you now have a working Tailscale network between your
homelab server and a client device. To access your apps through
Tailscale, you need to enable and create a “serve” proxy on your
server.

Start by checking the port number of the homelab service that you want
to expose:

docker ps --format "{{.Names}}: {{.Ports}}"
Docker Check Container Ports

For example, if I want to access my Linkwarden server’s web dashboard
through Tailscale, I would need to expose port 3000.

Run the following command to create a Tailscale server proxy. This
will generate the TLS certificates to secure your homelab service and
start the proxy on the background:

sudo tailscale serve --bg --https=443 3000
Tailscale Create Server Proxy

Note: you can also expose other services simultaneously by changing
the value of the --https flag.

You can now test it by opening the address in the console’s output on a web browser.

Tailscale Access Linkwarden Link

Alternatively, you can check the list of all your Tailscale services by clicking the Tailscale icon on your desktop’s sidebar, then selecting “Network Devices.”

A screenshot showing the list of connected machines to the Tailscale network.

Wrapping Up

Tailscale is a powerful VPN service that fundamentally changes how you connect and interact with your homelab. It’s reliable, reasonably secure, and comes with a lot of features beyond exposing individual homelab services. Personally, I use Tailscale as the bedrock of my homelab, giving me access to my network wherever I am in the world.

Image credit: Wikimedia Commons (Logo). All alterations and screenshots by Ramces Red.

Be the first to comment! Get the discussion going.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.