I’m wondering if I’m starting to outgrow Tailscale… my wife keeps having networking issues on Android due to Tailscale, the Nvidia Shield kills the Tailscale app randomly, and my parents’ TV doesn’t have a Tailscale app…
I feel like the time is approaching to publicly expose some of my services to the internet…
Any other tips?
What kinds of things are you planning to expose? What I expose I hide behind a reverse proxy with IP whitelists. Whatever I don’t need access to on the go I don’t expose.
Primarily Jellyfin and Immich.
Do all your clients have fixed IPs? I have some clients that are phones or laptops, but I would imagine those change as people drive around to different cities or connect to different coffee shop WiFi.
It depends on what service - some, like Jellyfin, are accessed only from home IPs which are static (for music through Jellyfin I use offline mode to prevent too much mobile traffic), so I can add those specific IPs in the whitelist. Otger services I need to access from elsewhere, and I can add entire subnets (i.e. for my phone carrier network or VPN servers). Those change once in a while and that is annoying. Other services I want publically available.
Jellyfin especially still has some unsecured endpoints where it would be wise to take some.extra precautions. I think the risk some people seem to think this poses is a little overblown (i.e. rights holders finding your instance and reverse mapping your entire library and suing you to oblivion), but better not risk it.