LinuxCommandLibrary

tailscale-funnel

Expose local services to internet

TLDR

Expose a local service on port 8080 to the internet
$ tailscale funnel [8080]
copy
Expose a local HTTPS proxy target to the internet
$ tailscale funnel https+insecure://localhost:[8443]
copy
Expose on a specific port (443, 8443, or 10000)
$ tailscale funnel --serve-port [8443] [3000]
copy
Turn off funnel
$ tailscale funnel off
copy
Check funnel status
$ tailscale funnel status
copy
Run in background mode
$ tailscale funnel --bg [8080]
copy

SYNOPSIS

tailscale funnel [options] target

DESCRIPTION

tailscale funnel exposes local services to the public internet through your Tailscale node. Unlike tailscale serve which only makes services available within your tailnet, Funnel creates a publicly accessible HTTPS endpoint that anyone on the internet can reach.
Tailscale automatically provisions and manages TLS certificates for the endpoint, so traffic is encrypted without manual certificate setup. Services can be mapped to specific URL paths using --set-path, allowing multiple local services to be exposed under different routes. The off subcommand disables the funnel, and status shows the current configuration.

PARAMETERS

--bg

Run in background.
--serve-port port
The public-facing port (443, 8443, or 10000; default 443).
--set-path path
Mount the service at a specific URL path.
off
Disable funnel.
status
Show current funnel configuration.
reset
Reset all funnel configuration.

CAVEATS

Exposes services to the public internet -- use with caution. Funnel must be enabled in the Tailscale admin console ACL policy. Only ports 443, 8443, and 10000 are supported for public-facing endpoints.

SEE ALSO

tailscale(1), tailscale-up(1), ngrok(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard