I run a self-hosted NextCloud instance within the home, and use Tailscale to access it while out and about. This entailed editing /var/www/nextcloud/config/config.php to add trusted_domains:
'trusted_domains' => array ( 0 => 'localhost', 1 => 'nextcloud.tails-scales.ts.net', ),
As using the default self-signed certificate is annoying, I installed a Tailscale certificate instead. A script run from crontab each week automatically renews the certificate:
#/bin/bash
out=$(tailscale cert --cert-file /etc/ssl/certs/tailscale.crt \
--key-file /etc/ssl/private/tailscale.key \
nextcloud.tails-scales.ts.net)
if [ $? -ne 0 ]; then
echo tailscale cert failed
exit 1
fi
# No new certificate needed, just quietly exit
if echo ${out} | grep -q unchanged ; then
exit 0
fi
echo tailscale cert updated, reloading apache
systemctl reload apache2