Can you use portless with Tailscale?

is there a way to use portless with tailscale?

Yes, you can use portless with Tailscale, though it requires a small manual step because of how .localhost domains are resolved.

###How it works with Tailscale

By default, portless listens on all network interfaces (port 1355). This means the proxy is already accessible to any device on your Tailscale network if they know your machine's Tailscale IP.

However, portless uses the Host header to route requests to the correct app (e.g., myapp.localhost). Since .localhost domains normally only resolve to 127.0.0.1 (your own machine), you need a way to tell other devices on your Tailscale network that myapp.localhost lives on your server's Tailscale IP.

###The easiest way: /etc/hosts

On the client machine (the one you want to access the app from):

1. Get the Tailscale IP of the machine running portless (e.g., 100.64.0.5).
2. Add an entry to your /etc/hosts file (or C:\Windows\System32\drivers\etc\hosts on Windows):

   100.64.0.5  myapp.localhost
   

3. Now you can visit http://myapp.localhost:1355 in your browser on the client machine.

###Using Tailscale Serve (Advanced)

If you don't want to edit hosts files, you can use Tailscale Serve to proxy a specific Tailscale hostname to the portless proxy. However, portless currently enforces the .localhost suffix for its routes, so you would still need to ensure the Host header is set correctly.

Currently, the most reliable method for a "multi-machine" setup is the /etc/hosts approach mentioned above, or using a local DNS server like dnsmasq to resolve *.localhost to your primary dev machine's Tailscale IP.

###Summary of Compatibility

• Proxy Listening: Listens on 0.0.0.0:1355 by default (accessible via Tailscale).
• Routing: Strict about the Host header (expects *.localhost).
• HTTPS: Works with --https, but you'll need to install the portless CA on the client machine as well for the certificate to be trusted.