Localtunnels
Sometimes you need to test a webhook or allow an external system to call into a local server running on your machine.
All of our development platforms are connected to the company tailnet on Tailscale.
To expose the local server, use tailscale funnel <PORT>. For example:
$ sudo tailscale funnel 55555
Available on the internet:
https://hostname.tailcbb1.ts.net/
|-- proxy http://127.0.0.1:55555
Press Ctrl+C to exit.
Once the funnel is active, you can use the provided URL to test your webhook or allow external systems to interact with your local server.
It may take up to 1 minute for the the external URL to activate.
For example performing: http https://hostname.tailcbb1.ts.net will send a
request to the local server, it will even pass through any path segments or
headers.
One of the great things here, is that communication to your local server is encrypted via HTTPs, and then subsequently tunneled through the tailnet using wireguard protocol.
This allows one to securely expose any service on our company tailnet.
Our tailnet ACL controls permissions for the utilisation of the funnel:
"nodeAttrs": [
{
// Personal devices and developer platforms have funnel enabled
"target": ["autogroup:members", "tag:developer"],
"attr": ["funnel"],
},
],