Use Caddy to manage Tailscale HTTPS certificates

Caddy is an open-source web server that simplifies managing HTTPS certificates for web applications on a Tailscale network, addressing the issue of browser security warnings when accessing internal web apps over HTTP. While Tailscale provides end-to-end encryption through WireGuard, browsers still require valid TLS certificates to recognize secure connections. Tailscale allows provisioning of HTTPS certificates from Let’s Encrypt for internal applications, and with Caddy's capabilities, these certificates can be automatically obtained and renewed for public web servers on a tailnet. The beta release of Caddy 2.5 enhances this functionality by automatically recognizing and utilizing Tailscale network certificates for domains, simplifying the setup process. To integrate Caddy with Tailscale, users must ensure HTTPS certificates are enabled on their tailnet and either run Caddy as root or configure permissions to access Tailscale’s socket, allowing Caddy to seamlessly manage the certificates without additional configuration.