Note: Also consider tailscale serve
. I developed perushttpd
before I've learned about serve
subcommand.
Perushttpd is a basic file server with built-in Tailscale HTTPS support.
Usage:
perushttpd <directory>
perus (colloquial Finnish): usual, normal, basic
Tailscale is perfect to safely share internal web things that are not supposed to be available on the public internet.
Behind Tailscale, any HTTP serving software is fine, because no one from the wild internet can get to it for nefarous purposes.
There is only one problem - newer Web APIs do not work outside of "secure context" (HTTPS). Tailscale has built-in support for Let's Encrypt HTTPS certificates, but they have to be renewed every 90 days. Renewing them manually every 3 months is quite error-prone. It's better for software to do it. Before making Perushttpd I've considered the alternatives:
- Use Caddy web server that claims to support Tailscale certificates.
- Run
tailscale cert
and configure common web server like Nginx.
Number 1 (Caddy) never worked for me after several attempts. It was also hard to debug.
Number 2 is more configuration and more complexity compared to less than 50 lines of Perushttpd. These lines were easy to write, based on advice from Tailscale blog post and servetls.go example.
It may work just fine, because the heavy lifting is done by battle-tested Go standard net/http
package. That said, Perushttpd hasn't been tested on public-facing web sites yet. The original purpose is to to run internal software protected by Tailscale, where potential web server bugs are not an issue. Behind Tailscale, strangers can not access your server.