Caddy certificates on Tailscale
Caddy is a web server that makes HTTPS easy. Starting with the beta release of
Caddy 2.5, Caddy supports Tailscale. When Caddy gets an HTTPS request for a
site, it gets the HTTPS certificate from the machine’s local Tailscale daemon. There’s no
configuration required for the certificate. For example, you can use a Caddyfile for a
static file server, and it automatically enables HTTPS:
machine-name.domain-alias.ts.net root * /var/www file_server
If Caddy is running as a non-root user, such as when it runs on Debian as
caddy, you need to
/etc/default/tailscaled to grant the user access to fetch the certificate.
/etc/default/tailscaled, set the
TS_PERMIT_CERT_UID environment variable to the name or ID
of the non-root user:
For more information about Caddy, see Get started with Caddy.