Tailscale

Normally we don’t have to use SSL when we connect to the services via Tailscale as all connections are end-to-end encrypted and only allowed users could access your network. But there are always exceptions like you want put your tailscale domain behind a public domain or you have to use SSL for internal connections. For example, horader on ios requires the SSL and it won’t work when we host hoarder using docker even we enable HTTPS on tailscale DNS and add cert to the NAS. When I access hoarder via the tailscale of the NAS, it always returns insecure connection. I tried created the SSL cert using tailscale cert and make it the default cert of my Synology, it still fails as tailscale cert only cover the port 443 so the services running at other ports are not covered. ...

Simply put, Tailscale is a private VPN built on the WireGuard protocol, designed to support a Zero Trust architecture for managing devices within a subnet. As a mesh network, Tailscale enhances connectivity when accessing NAS services remotely. Compared to traditional VPNs and firewalls, WireGuard and Zero Trust offer significantly better security since every device requires authentication to communicate with others. This granular access control minimizes risk—even if an attacker compromises one device, they won’t automatically gain access to the entire private network. Unlike conventional firewalls, which often have a hardened exterior but a vulnerable core, Tailscale ensures both outer and inner security. ...