How I use it
As I don’t want to reveal my home IP address, I have a VPS, which hosts public facing website and Headscale server. It also has a Tailscale Docker container, which allows the reverse proxy to connect to other servers.
My setup
There is a DNS record which points URLs of my website and Headscale server to the IPv4 address of my VPS.
On the VPS, there is Docker running following containers:
SSH
In order to access the VPS, I use SSH. I did the following changes to increase security.
Create new user:
adduser <username>
usermod -a -G sudo <username>
Changes to /etc/ssh/sshd_config:
Port <CUSTOMPORT>
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
PubkeyAuthentication yes
AuthenticationMethods publickey
Changes done using sudo systemctl edit sshd:
[Service]
#requires systemd 235+ and kernel 4.11+
IPAccounting=yes
IPAddressDeny=any
# Allow access from your Public IP
IPAddressAllow=<YOURPUBLICIP>
# Or from Tailscale subnet
IPAddressAllow=100.64.0.0/24