Lighttpd with Tailscale setup?

Hi, I’m aware this isn’t really a specific dietpi question, but thought I could ask anyway.

I use zotero (reference manager), which can be set up with webdav.

I set up Lighttpd with webdav locally (dietpi as a homesever), and at the moment use the Lan 192.168…/webdav address to access for zotero and it works fine.

But I’d also like to make the webdav accessible externally (when I’m away). Rather than needing a paid domain & exposing ports, I think tailscale could be used to access the homeserver webdav?

I read this tailscale doc, which suggests that if you enable https on tailscale (using letsencrypt) with magicdns, you can use the tailscale machine-name to access via https or http. (I used the tailscale cert domain command to generate certificates on my dietpi server).

Though I’m not sure what to do next. I assume I’d need to edit the lighttpd.conf config file for Lighttpd. Confused about using certificates and ssl for Lighttpd.

Sorry, I know this off-topic. Though if anyone can help, that’ll be appreciated.


I don’t know how https should work without a domain, but If you already use a encrypted VPN connection to access the server, why do you want then SSL? It’s already encrypted and nobody can even trying to abusing it since it’s not exposed to the public.

You could also just use wireguard (available via dietpi-software) to connect to your server, so you are not dependent on the 3rd party tailscale service.
Since this would not involving SSL, you don’t need to change your lightly config, I think.

Thanks for the reply.

At the moment I don’t use any VPN to access my dietpi homeserver. It’s entirely local and not exposed to the internet.

Though I did set up tailscale and I can access server externally. I just thought it might be easier, then setting up a vpn to access my webdav.

Depends :sweat_smile:

Setting up Wireguard is not that complex. But all data stay with you and not accessible for others.

As well Tailscale require some configuration and of course you need to register at a 3rd party service.

Actually, it was dumb newbie error, I hadn’t properly installed tailscale on the client, which prevented access. Once that was sorted, and using the tailscale ip address for
$HTTP["host"] ==
lightttpd.conf file, it works nicely.

In principal I try not to use 3rd party services (why I use use dietpi/debian as a homeserver), but sometimes make an exception if they have a good rep, easy & secure.

Thanks for your input.