Introducing Tailscale Funnel

Tailscale Funnel is a new feature introduced by Tailscale that allows users to expose services from their private tailnet to the public internet without needing a publicly routable IP address. This feature is designed to enable users to receive webhooks, host websites, or run services like personal blogs or Mastodon servers directly from their devices. Tailscale Funnel operates by setting up public DNS records and using Funnel ingress nodes that connect to users' Tailscale nodes via Tailscale's inter-node "peerapi" mechanism. The system ensures security by not providing packet-level access but rather offering TCP connections that the user's node can accept or reject based on its configuration. Users can either pass the TCP connection to a local webserver to handle HTTPS or have the Tailscale daemon terminate TLS and proxy the HTTP requests internally. Currently in alpha, Tailscale Funnel is being gradually rolled out to testers, with plans for broader availability in future stable releases.