frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Tailscale Services

https://tailscale.com/blog/services-beta
135•xd1936•1d ago
Video walkthrough: https://www.youtube.com/watch?v=mELAg50ljSA

Comments

setheron•1d ago
Is this like a more robust funnel?
defnnn•1d ago
This would be great if it supported wildcards for ingress controllers. A service foo would give you foo.tailYYYY.ts.net as well as *.foo.tailYYYY.ts.net.
rhjensen79•1d ago
Fantastic. So many posibilities
peter_d_sherman•1d ago
I did not intuitively understand what Tailscale does, so I visited the following related page:

https://tailscale.com/blog/how-tailscale-works

Ah! OK, now I get it! :-)

But, what found particularly interesting on that page was the following:

>" Some especially cruel networks block UDP entirely

, or are otherwise so strict that they simply cannot be traversed using STUN and ICE. For those situations, Tailscale provides a network of so-called DERP (Designated Encrypted Relay for Packets) servers. These fill the same role as TURN servers in the ICE standard, except they use HTTPS streams and WireGuard keys instead of the obsolete TURN recommendations."

DERP seems like one interesting solution (there may be others!) to UDP blockages...

TranquilMarmot•1d ago
Very cool, I love Tailscale. I use it to connect together a VPS, desktop computer, phone, and a few laptops. My main use case is self-hosted Immich and Forgejo so this is great.
bicepjai•1d ago
I recently found Tailscale when searching to control my home lab when traveling and have been amazed by how simple it is we can create a private network.
SOLAR_FIELDS•11m ago
I normally am one to not recommend proprietary services, especially for homelab use but their solution is just so far above all of the alternatives in terms of usability that I make an exception here.
sharts•1d ago
i like tailscale but i notice that i get more weird network blippy latency issues when using it. i used to always have my phone connected to my tailnet so i could use my dns, etc. but always occasionally something won’t load right and i have to refresh again couple of times.

It tended to happen a lot more when switching between wifi / cellular when leaving and entering buildings, etc.

Now I just don’t use it

david_van_loon•7h ago
I've found that using Tailscale on my Android phone became worlds more reliable (as far as the issues you've described) once I stopped using a custom DNS resolver on my Tailnet.
Hikikomori•7h ago
Want to use my pi-hole as DNS though.
subarctic•22h ago
This sounds great, I think it's exactly what I was looking for recently for hosting arbitrary services on my tailnet. I figured out a workaround where i created a wildcard certificate and dns cname record pointing to my raspberry pi on my tailnet but this could be potentially simpler
preisschild•19h ago
I just wish tailscale would allow you to use long-lived tokens for ephemeral nodes...

Short lived tokens is not always an option

DomBlack•16h ago
You can use oauth tokens with the permissions of auth_key write to use long lived tokens to permission ephemeral nodes
DominoTree•7h ago
I have a GitHub action that uses an OAuth token to provision a new key and store it in our secrets manager as part of the workflow that provisions systems - the new systems then pull the ephemeral key to onboard themselves as they come up

It can get especially interesting when you do things like have your GitHub runners onboard themselves to Tailscale - at that point you can pretty much fully-provision isolated systems directly from GitHub Actions if you want

Daviey•7h ago
I'm curious, which situations are short-lived tokens not an option?
EKSolutions•19h ago
I wonder if that architecture screenshot's "MagicDNS" value is a nod to Pangolin, since they are currently working on a new Clients feature that should eventually replicate some of the core Tailscale functionality.
alexktz•13h ago
I'm afraid it's much more sophisticated. A Pangolin has both a Tail and Scales.
aidos•7h ago
Does anyone use Tailscale in production as the network layer between services? Would be interested about hearing experiences.

We use it for to allow us to connect in from the outside (and user to user access etc), but not for service to service connections.

Multicomp•7h ago
Works great to connect fly.io apps that are only exposed to flycast private IPv6 addresses. And I think Tailscale services will replace these.

Performance between fly.io web servers in iad region to RDS databases in us-east-1 via subnet routers has been spotty to say the least.

SOLAR_FIELDS•5h ago
In addition, do people do so in mesh format? Seems expensive to do so for all of your machines, more often the topology I see is a relay/subnet advertisement based architecture that handles L3 and some other system handles L6/L7
david_van_loon•7h ago
I'm happy to see this feature added. It's a feature that I didn't quite realize I was missing, but now that I see it described, I can understand exactly how I'll put it to use. Great work as always by the Tailscale team.
dlisboa•7h ago
If I'm getting this right it's only highly available from a network layer perspective. However if one of your nodes is still responsive but the service that you exposed on it isn't responsive there's no way for Tailscale to know and it'll route the packet just the same? It's not doing health checks like a reverse proxy would I imagine.
SOLAR_FIELDS•5h ago
Can someone help me understand what this is vs exposing my services via MagicDNS using the tailscale Kubernetes operator? Functionally it looks like a fair amount of overlap but this solution is generic outside of Kubernetes and more baked into tailscale itself? The operator solution obviously uses kube primitives to achieve a fair amount of the features discussed here.
nickdichev•4h ago
I’m also curious about this since I’ve been exposing services via their experimental caddy plugin.
smallerize•2h ago
Was the personal plan not always free?
keeda•5h ago
Fascinating to watch Tailscale evolve from what was (at least in my mind) a consumer / home-lab / small-business client networking product into an enterprise server-networking product.
echelon•5h ago
They're morphing into a B2B centicorn, and the consumer-led tooling route was a genius path.

They provided much-needed solutions to annoying problems and did it in a way that made developers love them.

Really smart and well executed.

SOLAR_FIELDS•13m ago
I know they are good at what they do because it's dev tooling that I will actually pay for, which is as many people know, a difficult thing to convince developers to do.
paxys•4h ago
I understand the usefulness of the feature, but find their examples weird. Are people really exposing their company's databases and web hosts on their tailnet?
nickdichev•4h ago
Yes I host web services for my consumption, like miniflux rss aggregator, that don’t need to be on the public internet.

Similarly I’m going to host my small business’ staging database on a home server and expose that on my tail net.

Uv is the best thing to happen to the Python ecosystem in a decade

https://emily.space/posts/251023-uv
1348•todsacerdoti•10h ago•749 comments

Tell HN: Azure outage

691•tartieret•13h ago•653 comments

Minecraft removing obfuscation in Java Edition

https://www.minecraft.net/en-us/article/removing-obfuscation-in-java-edition
626•SteveHawk27•12h ago•222 comments

IRCd service (2024)

https://example.fi/blog/ircd.html
37•pabs3•2h ago•7 comments

How Ancient People Saw Themselves

https://worldhistory.substack.com/p/how-ancient-people-saw-themselves
27•crescit_eundo•3d ago•5 comments

China has added forest the size of Texas since 1990

https://e360.yale.edu/digest/china-new-forest-report
430•Brajeshwar•1d ago•324 comments

Raspberry Pi Pico Bit-Bangs 100 Mbit/S Ethernet

https://www.elektormagazine.com/news/rp2350-bit-bangs-100-mbit-ethernet
95•chaosprint•5h ago•27 comments

Hello-World iOS App in Assembly

https://gist.github.com/nicolas17/966a03ce49f949dd17b0123415ef2e31
25•pabs3•2h ago•4 comments

Dithering – Part 1

https://visualrambling.space/dithering-part-1/
257•Bogdanp•10h ago•58 comments

OS/2 Warp, PowerPC Edition (2011)

https://www.os2museum.com/wp/os2-history/os2-warp-powerpc-edition/
41•TMWNN•5h ago•20 comments

Kafka is Fast – I'll use Postgres

https://topicpartition.io/blog/postgres-pubsub-queue-benchmarks
334•enether•15h ago•254 comments

AOL to be sold to Bending Spoons for $1.5B

https://www.axios.com/2025/10/29/aol-bending-spoons-deal
210•jmsflknr•12h ago•183 comments

Tailscale Peer Relays

https://tailscale.com/blog/peer-relays-beta
278•seemaze•12h ago•79 comments

How the U.S. National Science Foundation Enabled Software-Defined Networking

https://cacm.acm.org/federal-funding-of-academic-research/how-the-u-s-national-science-foundation...
71•zdw•7h ago•18 comments

Board: New game console recognizes physical pieces, with an open SDK

https://board.fun/
163•nicoles•1d ago•70 comments

OpenAI’s promise to stay in California helped clear the path for its IPO

https://www.wsj.com/tech/ai/openais-promise-to-stay-in-california-helped-clear-the-path-for-its-i...
169•badprobe•11h ago•223 comments

GLP-1 therapeutics: Their emerging role in alcohol and substance use disorders

https://academic.oup.com/jes/article/9/11/bvaf141/8277723?login=false
172•PaulHoule•2d ago•77 comments

The Internet runs on free and open source software and so does the DNS

https://www.icann.org/en/blogs/details/the-internet-runs-on-free-and-open-source-softwareand-so-d...
122•ChrisArchitect•10h ago•8 comments

Keep Android Open

http://keepandroidopen.org/
2368•LorenDB•1d ago•751 comments

A century of reforestation helped keep the eastern US cool (2024)

https://news.agu.org/press-release/a-century-of-reforestation-helped-keep-the-eastern-us-cool/
102•softwaredoug•5h ago•13 comments

Crunchyroll is destroying its subtitles

https://daiz.moe/crunchyroll-is-destroying-its-subtitles-for-no-good-reason/
228•Daiz•5h ago•75 comments

More than DNS: Learnings from the 14 hour AWS outage

https://thundergolfer.com/blog/aws-us-east-1-outage-oct20
93•birdculture•2d ago•26 comments

How to Obsessively Tune WezTerm

https://rashil2000.me/blogs/tune-wezterm
84•todsacerdoti•9h ago•48 comments

Why imperfection could be key to Turing patterns in nature

https://arstechnica.com/science/2025/10/why-imperfection-could-be-key-to-turing-patterns-in-nature/
5•furcyd•2d ago•0 comments

Composer: Building a fast frontier model with RL

https://cursor.com/blog/composer
184•leerob•13h ago•137 comments

Extropic is building thermodynamic computing hardware

https://extropic.ai/
108•vyrotek•10h ago•78 comments

Eye prosthesis is the first to restore sight lost to macular degeneration

https://med.stanford.edu/news/all-news/2025/10/eye-prosthesis.html
199•gmays•1w ago•15 comments

Tailscale Services

https://tailscale.com/blog/services-beta
135•xd1936•1d ago•30 comments

Upwave (YC S12) is hiring software engineers

https://www.upwave.com/job/8228849002/
1•ckelly•12h ago

How blocks are chained in a blockchain

https://www.johndcook.com/blog/2025/10/27/blockchain/
58•tapanjk•2d ago•24 comments