I am on a shared network. I’d like to self host services and access them from all my devices but I do not want these exposed to other people in my network. I’ve noticed that I can just change the port mapping in Docker to <Tailscale IP>:<port>:<port>
from <port>:<port>
and it just works. Works as in the service is accessible from my Tailnet, inaccessible from the local network or the internet. Is it really this easy or am I missing something? Just sounds too good to be true so I am suspicious it might somehow be insecure.
That’s correct. You’re telling docker to bind to that specific network interface. The default is 0.0.0.0 which listens on all interfaces.
And it is safe to host HTTP services this way, say something like Immich or NextCloud?
Yes