new | ask | show | jobs
dewey 2 days ago  [ - ]

This is always annoying me with 1Password, before that I just always added subdomains but now I'm usually hosting everything behind Tailscale which makes this problem even worse as the differentiation is only the port.

domh 2 days ago  [ - ]

You can use tailscale services to do this now:

https://tailscale.com/docs/features/tailscale-services

Then you can access stuff on your tailnet by going to http://service instead of http://ip:port

It works well! Only thing missing now is TLS

avtar 2 days ago  [ - ]

This would be perfect with TLS. The docs don't make this clear...

> tailscale serve --service=svc:web-server --https=443 127.0.0.1:8080

> http://web-server.<tailnet-name>.ts.net:443/ > |-- proxy http://127.0.0.1:8080

> When you use the tailscale serve command with the HTTPS protocol, Tailscale automatically provisions a TLS certificate for your unique tailnet DNS name.

So is the certificate not valid? The 'Limitations' section doesn't mention anything about TLS either:

https://tailscale.com/docs/features/tailscale-services#limit...

domh a day ago  [ - ]

I think maybe TLS would work if you were to go to https://service.yourts.net domain, but I've not tried that.

nickdichev a day ago  [ - ]

It works, I’m using tailscale services with https

avtar a day ago  [ - ]

Thanks for clarifying :) I'll try it out this weekend.

altano a day ago  [ - ]

In the 1Password entry go to the "website" item. To right right there's an "autofill behavior" button. Change it to "Only fill on this exact host" and it will no longer show up unless the full host matches exactly

oarsinsync a day ago  [ - ]

Is this a per-item behaviour or can this be set as a global default?

I'm guessing this is 1Password 8 only, as I can't see this option in 1Password 7.

vladvasiliu a day ago  [ - ]

I've looked in the settings on 1p8, and didn't find a setting for a global default.

jorvi a day ago  [ - ]

Not entirely true. It can't seem to distinguish between ports..

mhurron a day ago  [ - ]

because ports don't indicate a different host.

karlshea a day ago  [ - ]

Omg thank you, I had no idea they added this feature!

miloschwartz 2 days ago  [ - ]

Pangolin handles this nicely. You can define alias addresses for internal resources and keep the fully private and off the public internet. Also based on WireGuard like Tailscale.

wrxd 2 days ago  [ - ]

You can still have subdomains with Tailscale. Point them at the tailscale IP address and run a reverse proxy in front of your services

dewey 2 days ago  [ - ]

Good point, but for simplicity i'd still like 1Password to use the full hostname + port a the primary key and not the hostname.

zackify 2 days ago  [ - ]

tailscale serve 4000 --BG

Problem solved ;)