Our great sponsors
-
awesome-tunneling
List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
firezone
Open-source VPN server and egress firewall for Linux built on WireGuard. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.
I agree it's not ideal, but I can tell you why I'm excited about things like[0] Tailscale and Cloudflare Tunnel.
They enable you to move your selfhosted services from expensive, slow VPSes you don't control to fast devices in your own home. IMO this is strictly better than a VPS in terms of privacy and data control. It's a step in the right direction.
The reality today is that selfhosting is way too hard[1]. It shouldn't be any more complicated or less secure than running an app on your phone.
I think services like Tailscale are going to enable the first generation of selfhosting that approaches that level of simplicity. Once the market is proven, the second generation is going be designed for selfhosters and have features like end-to-end encryption, domain name integration, and simple GUI interfaces.
The other key pieces are strong sandboxing, which is now possible on all major desktop OSes through virtualization (mobile is coming[2]), and dead-simple cloud backups.
The technology for all these things exists, it just hasn't been integrated yet.
[0]: https://github.com/anderspitman/awesome-tunneling
[1]: https://moxie.org/2022/01/07/web3-first-impressions.html
[2]: https://twitter.com/kdrag0n/status/1584017653269958656?lang=...
Not everyone, we just don't talk about it much. headscale is plenty popular — that's not "everyone" already.
https://github.com/juanfont/headscale
In addition to your points, we over here also have our own reasons for self-hosting everything (for example, to protect ourselves from being cancelled at any moment for being forced into a citizenship you didn't ask for by being born at the wrong place).
Thanks, you're right yeah, I've oversimplified things a bit.
Re: macOS and the Network Entitlements shenanigans: if I understand correctly, it is possible to just run tailscaled unsigned [1] via /dev/utun instead of Apple's APIs. Would it be possible to get this into the GUI so that if you want, you can compile it from source and don't have to do the Apple dance?
[1]: https://github.com/tailscale/tailscale/wiki/Tailscaled-on-ma...
Something else interesting they're doing is their tsnet package, which lets you join your process to the tailnet and bind tcp listeners/connect to TCP services via their tailnet IP or subnet.
I'm writing some stuff using this at the moment, but I also just saw https://github.com/tailscale/golink which does the same thing: a single binary that runs a link shortener that joins itself to your tailnet.
tl;dr: don't run your service on a machine then join that to tailnet, directly bind your service to an in-memory tailnet client
Or why not the open source tool innernet? https://github.com/tonarino/innernet
As an exercise, I've implemented a basic (and very hacky) UI for tailscale(1) as an xbar [1] plugin: https://gist.github.com/notpushkin/aa36c2d34e3e7180aa66ed2a5...
[1]: https://xbarapp.com/
tailscaled isn't particularly stable on my machine though, so I guess I'll roll back to the closed source version. However, this could be a starting point for a Linux client!
I'm fine with companies making profit off of protocols, as long as their code is open source like https://github.com/firezone/firezone or https://github.com/zerotier/ZeroTierOne Tailscale seems great now, but its risky to trust their closed source for this type of service.
I'm fine with companies making profit off of protocols, as long as their code is open source like https://github.com/firezone/firezone or https://github.com/zerotier/ZeroTierOne Tailscale seems great now, but its risky to trust their closed source for this type of service.
Related posts
- Connecting several hundreds IoT (raspberry pi's) devices with a VPN
- Admin-Friendly Mesh VPN with WireGuard?
- Tips & Tricks for Productivity with Android E-Ink Devices (Obsidian, Syncthing, Weylus, RustDesk, Termux, KDE Connect, ZeroTier)
- Globally distributed Elixir over Tailscale
- The best reason for Tailscale : Map Network Drive