Skip to main content

Secure self-hosted services with Tailscale

Deploy 95+ pre-configured Docker Compose stacks with zero-trust networking. Connect your homelab services securely over your private Tailnet—no exposed ports, no complex firewall rules.

Get startedBrowse services
# Clone the repository
git clone https://github.com/tailscale-dev/ScaleTail.git
# Navigate to a service
cd ScaleTail/services/jellyfin
# Configure and deploy
docker compose up -d

Quick start

Get your first service running in minutes with these simple steps.

1

Get a Tailscale auth key

Sign in to the Tailscale admin console and generate an auth key. Make sure to enable the Reusable option for easier deployment across multiple services.
# Set your auth key as an environment variable
export TS_AUTHKEY=tskey-auth-xxxxxxxxxxxxx
2

Clone the repository

Clone the ScaleTail repository and navigate to a service directory. We’ll use Jellyfin as an example.
git clone https://github.com/tailscale-dev/ScaleTail.git
cd ScaleTail/services/jellyfin
3

Configure environment variables

Create a .env file with your Tailscale auth key and service configuration.
.env
TS_AUTHKEY=tskey-auth-xxxxxxxxxxxxx
TS_CERT_DOMAIN=jellyfin
SERVICE=jellyfin
IMAGE_URL=jellyfin/jellyfin:latest
SERVICEPORT=8096
4

Deploy the service

Launch the service with Docker Compose. The Tailscale sidecar will automatically connect to your Tailnet.
docker compose up -d
Access your service at https://jellyfin.your-tailnet.ts.net or via the Tailscale IP address shown in your admin console.

Explore by category

Browse 95+ pre-configured services organized by use case.

Networking & security

AdGuard Home, Pi-hole, Caddy, Traefik, and more network infrastructure services

Media & entertainment

Jellyfin, Plex, Sonarr, Radarr, and complete media server stacks

Productivity

Nextcloud, Vaultwarden, Linkding, and collaboration tools

Development tools

Portainer, Dozzle, Gitea, and self-hosted dev infrastructure

Monitoring

Uptime Kuma, Beszel, and service monitoring solutions

Utilities

Gotify, ntfy, and other helpful self-hosted utilities

Key features

Everything you need to run secure, production-ready self-hosted services.

Zero-trust security

Every service runs in a Tailscale sidecar container, ensuring encrypted, authenticated connections without exposed ports.

Template-based configs

Consistent Docker Compose patterns across all services make deployment predictable and maintainable.

Health checks built-in

Every service includes health checks and proper dependency ordering for reliable container orchestration.

Serve & Funnel support

Expose services privately to your Tailnet with Serve, or publicly to the internet with Funnel—all configured via JSON.

Ready to secure your homelab?

Start deploying self-hosted services with the security and simplicity of Tailscale in minutes.

Deploy your first service