HTTPS Support

[Weldawadyathink]

HTTPS Support

https://tailscale.com/kb/1153/enabling-https/

Is it possible to add support for requesting an SSL certificate with Tailscale?

[github-actions]

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!

[franzbischoff]

There is a requirement on current version: tailscale/tailscale#2932

Fix:
create a folder at /data/tailscale
edit /etc/services.d/tailscaled/run /var/run/s6/services/tailscaled/run
change options+=(--state=/data/tailscaled.state) to options+=(--state=/data/tailscale/tailscaled.state)
copy the current /data/tailscaled.state to /data/tailscale/tailscaled.state to keep login etc.
restart service: s6-svc -r /var/run/s6/services/tailscaled

now you can run /opt/tailscale cert yourmachine.yourdomain.ts.net

[github-actions]

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!

[benley]

There is a requirement on current version: https://issueexplorer.com/issue/tailscale/tailscale/2932

I get a 404 on that link, but I think this is the issue in question: tailscale/tailscale#2932

[franzbischoff]

Just made a Gist for that.

Use at your own risk:

tailscale hack

[ananthb]

Would it make sense to add this as a config option?

[franzbischoff]

For me makes total sense. To be able to move from using an external port on my router to access HA with my phone, for example, I use HTTPS and the tailscale "domain" with the provided certificate.

[ananthb]

@frenck could you take a look at my PR? Would love to get this merged soon!

[github-actions]

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!

[benley]

not stale

[github-actions]

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!

[ananthb]

Still being worked on.

[github-actions]

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!

[benley]

still not stale

[franzbischoff]

not stale!

[martusi61]

I'm waiting too!

[github-actions]

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!

[franzbischoff]

nooooooooooot stale

[ceiphr]

not stale

[stroodle96]

Also hoping this gets added.

[Mincka]

You can have a look at this alternative addon which seems to provide https support:
https://github.com/tsujamin/hass-addons/tree/main/tailscale
https://github.com/tsujamin/hass-addons/blob/main/tailscale/DOCS.md#option-cert_domain
tsujamin/hass-addons#29

[elcajon]

I made another suggestion to set Tailscale up with https support for Home Assistant (without manually handling the certificate and key files --> so still "zero config"). Feel free to give it a try #123

[github-actions]

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!

[ceiphr]

not stale

[github-actions]

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!

[lmagyar]

It has a working implementation as a PR, so it is not stale.

Though there is a new (currently alpha) Tailscale feature called Funnel, that seems to be an even better solution:

• Tailscale provides an internet->VPN proxy, so you don't need to install a Tailscale client on your phone, laptop, etc.
• It is dual opt-in, so can be turned on by default (like exit node, subnet features)
• After I test it I will create another PR for this Funnel feature

[lmagyar]

And now this HTTPS problem has a much better solution, though no PR yet, because the Tailscale feature is still alpha.

My previous solution PR #134 (that you can try at https://github.com/lmagyar/homeassistant-addon-tailscale) downloaded a certificate and we had to use it.

---

But @elcajon notified me about a new feature, Tailscale Funnel:

• built in https proxy in tailscaled
• TCP proxy on the Tailscale servers from the internet into our VPN
• so you can access HA from a general browser, even without an installed Tailscale client

Client ⇒ Internet ⇒ Tailscale Funnel (TCP Proxy) ⇒ VPN ⇒ Tailscale Proxy (https proxy) → HA (http web-server)

---

I modified his solution into a no-config add-on version, that you can try in my other repo: https://github.com/lmagyar/homeassistant-addon-tailscale-funnel

This should replace my previous solution, but the Tailscale Funnel feature is still in alpha, so I prefer not to make a PR yet.

You need an invite to test the Funnel feature: https://login.tailscale.com/admin/feature/rWXbjRuCEc9 (first 10 people can use it, and those 10 can invite 10 x 10 other "tester"...).

But without the Funnel, the add-on starts at least the built in Proxy, and logs a warning about the missing Funnel.

[ShadowJonathan]

Tailscale funnel could indeed solve a huge part of this problem, but it would step on the toes, or basically trample, the Home Assistant Cloud offering, so i'm not confident that HA will entirely embrace something like that

[lmagyar]

I've made a PR with the built-in https proxy instead of the manual certificate download in #89 #134.

This doesn't involve the still alpha funnel feature, but at least it is a no-config solution for the https support.

[lmagyar]

FYI:

• The Tailscale Proxy feature (mentioned in the above pr Enable Tailscale's builtin inbound HTTPS proxy #137, that replaces the certificate download) is now accessible in my fork: https://github.com/lmagyar/homeassistant-addon-tailscale
• If somebody is interested in the additional Tailscale Funnel (alpha) feature, it is accessible in my other fork: https://github.com/lmagyar/homeassistant-addon-tailscale-funnel

[github-actions]

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues.
Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍
This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!

[lmagyar]

not stale

[frenck]

Closing this issue, as it is a feature request and not en issue/bug report.

../Frenck

[ananthb]

LOL

[franzbischoff]

The most requested featured I've seen, closed :-D