Turn a locally running web app into a repeatable Tailscale HTTPS endpoint.
Inputs to gather
port: the local port the app listens on (e.g.3000).path:/(root) or a subpath like/myapp.- Scope: tailnet-only (default). Only suggest public access if the user explicitly asks.
If any are missing, ask concise clarifying questions.
Procedure
-
Confirm Tailscale is running and logged in:
tailscale status
-
Confirm the app is reachable locally:
curl -fsS http://127.0.0.1:<port>/(adjust path if needed)
-
Configure Tailscale Serve (tailnet-only HTTPS):
- Root mount:
sudo tailscale serve https / http://127.0.0.1:<port>
- Subpath mount:
sudo tailscale serve https /<path> http://127.0.0.1:<port>
- Root mount:
-
Show what’s exposed:
tailscale serve status
-
Provide the URL to share using MagicDNS:
https://<machine-name>.<tailnet>.ts.net/(root)https://<machine-name>.<tailnet>.ts.net/<path>(subpath)
-
Cleanup (when asked):
sudo tailscale serve reset
Guardrails / gotchas
tailscale servechanges often requiresudo.- If mounting at a subpath, frameworks may need a base path setting.
- Do not enable public exposure (
tailscale funnel) unless explicitly requested; if requested, ask what auth/protection they want first.