Tailscale Services - Hacker News

Posted by xd1936 10/28/2025

Video walkthrough: https://www.youtube.com/watch?v=mELAg50ljSA

171 points | 37 commentspage 2

david_van_loon 10/29/2025|

I'm happy to see this feature added. It's a feature that I didn't quite realize I was missing, but now that I see it described, I can understand exactly how I'll put it to use. Great work as always by the Tailscale team.

EKSolutions 10/29/2025||

I wonder if that architecture screenshot's "MagicDNS" value is a nod to Pangolin, since they are currently working on a new Clients feature that should eventually replicate some of the core Tailscale functionality.

alexktz 10/29/2025|

I'm afraid it's much more sophisticated. A Pangolin has both a Tail and Scales.

paxys 10/30/2025||

I understand the usefulness of the feature, but find their examples weird. Are people really exposing their company's databases and web hosts on their tailnet?

nickdichev 10/30/2025||

Yes I host web services for my consumption, like miniflux rss aggregator, that don’t need to be on the public internet.

Similarly I’m going to host my small business’ staging database on a home server and expose that on my tail net.

theshrike79 10/30/2025||

How is that different from exposing on the company intranet in general? Or hosting them in a publicly accessible AWS endpoint?

bicepjai 10/29/2025||

I recently found Tailscale when searching to control my home lab when traveling and have been amazed by how simple it is we can create a private network.

devilbunny 10/30/2025||

Even better: while some public WiFi spots block VPN authentication, Tailscale (if already connected while on a different network) will continue to send traffic.

You can't VPN out of the guest WiFi at my work (using personal device), but Tailscale, if connected while I'm at my house or via phone hotspot, will happily let me use my home devices as exit nodes. So I just leave it on all the time and only disconnect if there are issues (rare). I can use sketchy WiFi without really worrying about snooping, and for services that require me to use a US IP address... well, my house is definitely in the US and it's not going anywhere.

SOLAR_FIELDS 10/30/2025||

I normally am one to not recommend proprietary services, especially for homelab use but their solution is just so far above all of the alternatives in terms of usability that I make an exception here.

preisschild 10/29/2025||

I just wish tailscale would allow you to use long-lived tokens for ephemeral nodes...

Short lived tokens is not always an option

DomBlack 10/29/2025||

You can use oauth tokens with the permissions of auth_key write to use long lived tokens to permission ephemeral nodes

DominoTree 10/29/2025||

I have a GitHub action that uses an OAuth token to provision a new key and store it in our secrets manager as part of the workflow that provisions systems - the new systems then pull the ephemeral key to onboard themselves as they come up

It can get especially interesting when you do things like have your GitHub runners onboard themselves to Tailscale - at that point you can pretty much fully-provision isolated systems directly from GitHub Actions if you want

Daviey 10/29/2025||

I'm curious, which situations are short-lived tokens not an option?

preisschild 10/30/2025||

I want to give every node in my kubernetes cluster a tailscale key to join the cluster via the cloud-config / userdata. But this key is enforced by tailscale to be short lived, so if the server is reset and it boots again from cloud-config it has the expired key and can't join the tailscale network again.

setheron 10/28/2025||

Is this like a more robust funnel?

rhjensen79 10/28/2025||

Fantastic. So many posibilities