Get started
© 2024

Caddy certificates on Tailscale

Caddy is a web server that makes HTTPS easy. Starting with the beta release of Caddy 2.5, Caddy supports Tailscale. When Caddy gets an HTTPS request for a * site, it gets the HTTPS certificate from the machine's local Tailscale daemon. There's no configuration required for the certificate. For example, you can use a Caddyfile for a static file server, and it automatically enables HTTPS:

root * /var/www

Provide non-root users with access to fetch certificate

If Caddy is running as a non-root user, such as when it runs on Debian as caddy, you need to modify /etc/default/tailscaled to grant the user access to fetch the certificate. In /etc/default/tailscaled, set the TS_PERMIT_CERT_UID environment variable to the name or ID of the non-root user:


For more information about Caddy, see Get started with Caddy.