Shameless self-plug here. I wrote a blog post to document my methodology after having some issues with publicly available examples of using Podman and traefik in a best-practices config. Hopefully this finds the one other person that was in my shoes and helps them out. Super happy for feedback if others care to share.
No worries, and I’ll accept criticism too, that’s how you improve.
Anyway, this is effectively giving you tailscale, a remote access mesh VPN solution, but with total control and ownership of the control plane server, instead of relying on the opaque tailscale owned and controlled infra. I touched on it briefly again the ‘DERP Config’ section of part 2: https://roguesecurity.dev/blog/headscale-quadlet-part2#DERP Config