Looks like Tailscale doesn’t support custom subdomains per-machine yet:
You’ll either need to use a different port for each service, or route differently based on something in the URI like a sub-path (but beware, many backend apps don’t like being proxied in subfolders).
Actually, you probably could serve on any tailnet Host / domain name that you want (including a subdomain such as service.origin.tailnet-c74e.ts.net) as long as the clients do the following:
- Force the DNS to resolve to the machine of interest (
origin.tailnet-c74e.ts.netin your case I believe). This might involve running your own DNS server/resolver or hard-coding the resolution IP into clients (for example,curlhas a--resolveflag to pin a domain to an IP address manually). - Put
origin.tailnet-c74e.ts.netin the ServerName in the ClientHello. - Send the
service.origin.tailnet-c74e.ts.netsubdomain in the Host header of subsequent HTTP requests. (Caddy won’t allow this if you enable TLS client auth, just FYI.)
So, definitely not convenient… but probably doable in theory?