TLS cert via Tailscale

[faultables]

As mentioned in #38, flo only works with https:// unless the target is a private IP address. If you're using Tailscale, this might seem like a problem, but, the solution is actually pretty simple — even without messing with a reverse proxy.

Here, I'll share quick instructions on how to get a free HTTPS certificate for your Tailnet:

First, make sure you've enabled the HTTPS Certificate feature via the Tailscale Dashboard.

Then, on the machine where Navidrome is running, execute the following command (assuming your Navidrome server listens on its default port but If it's using a different port, just adjust the number accordingly):

tailscale serve --bg 4533

And that's it!

You can now use the generated URL in flo, and flo won't complain about the ATS thing anymore.

Also, take a look at the IP address—it's a Tailscale IP! And notice the certificate issuer: It's Let's Encrypt — one of the most trusted CAs on the internet!

Everyone is happy now!

[mothemane11]

Do you mean the url directly after "Available within your tailnet," or the normal tailscale ip w/ port 443 (100.88.11.13:443 for you)?

When I try the former, I get error "Login Failed: A server with the specified hostname could not be found." When I try the latter, i get error "Login Failed, An SSL error has occurred and a secure connection to the server cannot be made."

Do you think you'd be able to shine a light on my predicament? I would really love to use your app.
Thanks,
David

[mitchellbrendan]

Do you mean the url directly after "Available within your tailnet," yes that's the one and yes I received an error too initially, simply saying "an error occurred". ut no more detail than that... but I then did as follows (using the above URL as an example)

https://divine-departure.duck-map.ts.net/ is the URL returned that gets the error I then removed the "/" at the end and added the ":4533" port, so as follows
https://divine-departure.duck-map.ts.net:4533

that threw up an SSL error, I clicked OK, then typed in

https://divine-departure.duck-map.ts.net (notice no "/" )
which worked and I was logged in and able to continue

so not sure if it was simply removing the "/" in the URL that did the trick or forcing the app to display the SSL error and clicking OK to clear it

one thing that did cause an issue later was when I selected "Save login info" in the settings tab. when I retyped in my login details it booted me out of the app and I couldn't get logged back in? I deleted the entry in my iCloud password app, tried again and I was able to log in no problem (so have not tried the "Save login info" toggle again)

hope that helps