My weekend project: "tsdmg", a tsnet based service for managing custom domains in your Tailnet, along with libraries to enable your Tailscale nodes to manage DNS records, and retrieve public (Let's Encrypt) TLS certificates at runtime:

https://github.com/adrianosela/tsdmg

Running a tsdmg service in your Tailnet enables several use-cases not possible out-of-the-box with Tailscale:

- Custom domains for your Tailscale nodes e.g. <node>.yourdomain.com

- Allow Tailscale nodes to retrieve public (Let's Encrypt) TLS certificates for custom domains

- Allow Tailscale nodes to manage your domains/subdomains arbitrarily

How it works:

- Using Tailscale ACLs, you define which Tailscale sources (nodes, users, groups) can manage which subdomains (e.g. node "webapp" can manage "webapp.yourdomain.com")

- You provision the tsdmg service with credentials for your DNS provider (e.g. Cloudflare, Google, GoDaddy, etc...)

- Your Tailscale nodes can request domains to be created/updated/deleted against the tsdmg service via HTTP

- The tsdmg service will use incoming requests' Tailscale identity to authenticate and authorize (based on Tailscale ACLs) domain management requests.

X-posted from https://www.reddit.com/r/Tailscale/comments/1qzwl4l/tailscal...