Skip to main content

Overview

This category includes 11 networking and security services that help you build secure, private infrastructure. From DNS servers and ad blockers to reverse proxies and VPN exit nodes, these services form the foundation of a secure self-hosted environment.

Available Services

ServiceDescription
AdGuard HomeNetwork-wide software for blocking ads and tracking
AdGuardHome SyncA tool for syncing configuration across multiple AdGuard Home instances
CaddyCaddy is an extensible server platform that uses TLS by default
DDNS UpdaterA self-hosted solution to keep DNS A/AAAA records updated automatically
NessusA powerful vulnerability scanner with a free Essentials model for home use
NetboxNetBox is the leading solution for modeling and documenting modern networks
Pi-holeA network-level ad blocker that acts as a DNS sinkhole
Pocket IDA self-hosted decentralized identity (OIDC) solution for secure authentication
Technitium DNSAn open-source DNS server that can be used for self-hosted DNS services
TraefikA modern reverse proxy and load balancer for microservices
Tailscale Exit NodeConfigure a device to act as an exit node for your Tailscale network

Pi-hole

Popular network-level ad blocker with DNS sinkhole

AdGuard Home

Advanced ad and tracker blocking with detailed analytics

Traefik

Modern reverse proxy and load balancer

Caddy

Automatic HTTPS with built-in TLS

Quick Setup Example

Pi-hole

Pi-hole is one of the most popular network-level ad blockers. Here’s how to get started: 
services:
  pihole:
    image: pihole/pihole:latest
    network_mode: service:tailscale
    depends_on:
      - tailscale
    environment:
      TZ: 'America/New_York'
      WEBPASSWORD: 'your-secure-password'
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'

  tailscale:
    image: tailscale/tailscale:latest
    environment:
      - TS_AUTHKEY=tskey-auth-xxxxx
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/serve-config.json
    volumes:
      - ./ts-state:/var/lib/tailscale
      - ./serve-config.json:/config/serve-config.json
After deploying, access Pi-hole’s admin interface via your Tailscale network at the hostname you configured.

Traefik

Traefik is a modern reverse proxy perfect for managing multiple services: 
services:
  traefik:
    image: traefik:latest
    network_mode: service:tailscale
    depends_on:
      - tailscale
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--entrypoints.web.address=:80"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro

  tailscale:
    image: tailscale/tailscale:latest
    environment:
      - TS_AUTHKEY=tskey-auth-xxxxx
      - TS_STATE_DIR=/var/lib/tailscale
    volumes:
      - ./ts-state:/var/lib/tailscale

Use Cases

  • Network-wide ad blocking with Pi-hole or AdGuard Home
  • Reverse proxy for multiple services with Traefik or Caddy
  • DNS management with Technitium DNS or DDNS Updater
  • Authentication with Pocket ID for OIDC/SSO
  • Network documentation with Netbox
  • Security scanning with Nessus
  • Exit node for routing internet traffic through your Tailscale network
All service configurations are available in the ScaleTail GitHub repository.

Build docs developers (and LLMs) love

Get started for freeTalk to us