Tailscale funnel is the most useful and underrated Tailscale feature

Tailscale has a ton of features that I never knew about when I started using it, and while I love them all, Tailscale Funnel is my favorite. It fixes a very real annoyance I have with my home lab, although it's definitely a 'me' issue rather than anything else. I dislike dealing with networking, as it seems that every time I get something working, it stops functioning the next time I try using it again. And that's a problem when I'm testing out new containerized services, because I have to manually enter an IP address and remember which port to use.

I know, minor issues that I should have figured out by now, but that's where Tailscale Funnel comes in. I can spin up the new service, open a Terminal window, and create a Funnel in seconds, with a MagicDNS address on my tailnet, where I know it's secure and safe. Those URLs are added to a Google Doc and renamed according to the service I'm using them for, allowing me to click on them with one click instead of typing out IP addresses. It might not be the best workflow, but it works for me, and that saves me plenty of headaches.

What are Tailscale Funnels, and why would you use them?

If you're familiar with Tailscale, you know it's a way of making peer-to-peer VPN connections without complicated setup processes. That works between your devices on which Tailscale is installed, which could be anything from phones to laptops or servers. Well, a Tailscale Funnel is almost the same, except the peer-to-peer VPN connection is between a self-hosted service running on a port and a URL on your tailnet.

These connections are fully encrypted from end-to-end, and you can make them even more secure by enabling authentication on whatever service you're self-hosting. It's perfect for getting family members to use the services you've painstakingly set up to reduce cloud subscription fees, as it only takes clicking on a link to access. However, it's just as powerful in the home lab for testing, and unless you change the port your service is listening on, the Funnel will continue to work.

MagicDNS and a clickable link are all you need

The primary advantage of next-gen VPN solutions like Tailscale is that they're significantly simpler to set up compared to traditional VPN services. The extra layers of functionality also help, and many of the new VPNs are free for a certain number of devices. Tailscale Funnels are technically in beta, as the company is still adding things to the feature, but they're stable enough for everyday use.

They're also simple to set up, as they don't require any installation. One line in the terminal is all you need:

tailscale funnel [port]

The terminal window will show the new URL to connect to that service from, and any data transmitted between a browser using that URL and the service on your server is fully encrypted end-to-end, keeping you safe. It grabs HTTPS certificates for you, handles DNS records with name servers, and the whole thing takes seconds. You're left with a simple, usable URL to share with trusted friends and family, and they can use it from anywhere in the world.

If you prefer that traffic stays on your tailnet, you can use Tailscale Serve, which does the same, linking a service's port number to a URL, except the link will only work if the person clicking on it is on your tailnet, so you have more control of security and who has access. Either way, you're able to reduce what used to be a complex transaction to no more trouble than tapping the share button on your phone.

They're even easier than Cloudflare Tunnels

I've also used Cloudflare Tunnels, which are almost the same thing, except Cloudflare requires you to jump through a couple more hoops to get things running. You will need a domain name, which incurs an additional cost, and there are a few more steps in the dashboard to complete to get a Tunnel open. Admittedly, that's not many extra steps, and anyone who might want to use them probably already has a few domain names, but Tailscale does make it easier overall.

Tailscale Funnel was the missing piece to my home lab experiments

I've used dozens of methods to access self-hosted services from outside my home network over the last few months, but none were as simple to set up as Tailscale's solution. Setting up a Funnel took less time than signing into my Tailscale account, and it handled all the DNS and encryption certificates for me. They're an amazing part of Tailscale and I can't wait to see what extra functionality they get down the line. Perhaps we can set up a reverse proxy for multiple services with just one line of code, without needing to specify anything beyond the ports to add. That would really make my brain happy, so I can focus on figuring out which services I want to keep instead of constantly fighting with DNS.