I run a self-hosted NextCloud instance within the home, and use Tailscale to access it while out and about. This entailed editing /var/www/nextcloud/config/config.php to add trusted_domains:
'trusted_domains' => array ( 0 => 'localhost', 1 => 'nextcloud.tails-scales.ts.net', ),
As using the default self-signed certificate is annoying, I installed a Tailscale certificate instead. A script run from crontab each week automatically renews the certificate:
#/bin/bash out=$(tailscale cert --cert-file /etc/ssl/certs/tailscale.crt \ --key-file /etc/ssl/private/tailscale.key \ nextcloud.tails-scales.ts.net) if [ $? -ne 0 ]; then echo tailscale cert failed exit 1 fi # No new certificate needed, just quietly exit if echo ${out} | grep -q unchanged ; then exit 0 fi echo tailscale cert updated, reloading apache systemctl reload apache2