{"slug":"set-up-servers","title":"Set up servers","tags":["tailscale"],"agent_summary":"Last validated: Mar 3, 2025","trigger_phrases":[],"runnable":false,"markdown":"\r\n# Set up servers\r\n\r\nLast validated: Mar 3, 2025\r\n\r\nA server in Tailscale is a device that provides resources or services to other devices in your Tailscale network (known as a tailnet). Unlike user devices which authenticate through your identity provider, servers are typically non-human devices that require different authentication methods, such as tags and auth keys. Servers can be physical machines, virtual machines, or cloud instances that run services like web applications, databases, or file shares.\r\n\r\n## [Authenticate devices and verify identity](https://tailscale.com/docs/servers\\#authenticate-devices-and-verify-identity)\r\n\r\nUnlike user devices, which authenticate through identity providers, servers need a different approach. Tailscale provides tags for server identify management and auth keys for automated authentication.\r\n\r\n[**Setting up a server on your Tailscale network** \\\\\r\n\\\\\r\nSet up a server in your tailnet, and use Tailscale SSH to manage authentication for those servers.](https://tailscale.com/docs/how-to/set-up-servers) [**Group devices with tags** \\\\\r\n\\\\\r\nUse Tailscale tags to authenticate and identify non-user devices, such as a server.](https://tailscale.com/docs/features/tags) [**Auth keys** \\\\\r\n\\\\\r\nUse Tailscale auth keys to authenticate devices, automate device provisioning, and enhance security. Create and manage auth keys for streamlined network access and control.](https://tailscale.com/docs/features/access-control/auth-keys) [**Ephemeral nodes** \\\\\r\n\\\\\r\nUse ephemeral nodes in Tailscale for managing short-lived devices like containers and CI/CD systems.](https://tailscale.com/docs/features/ephemeral-nodes)\r\n\r\n## [Secure remote access and enable TLS connections](https://tailscale.com/docs/servers\\#secure-remote-access-and-enable-tls-connections)\r\n\r\nAfter you authenticate your servers, you need secure ways to access and manage them. Tailscale provides built-in support for both SSH and HTTPS access.\r\n\r\nTailscale SSH eliminates the complexity of traditional SSH key management. It automatically handles key distribution and user authentication based on your existing identity provider permissions.\r\n\r\n[**Tailscale SSH** \\\\\r\n\\\\\r\nUse Tailscale SSH to manage the authentication and authorization of SSH connections in your tailnet.](https://tailscale.com/docs/features/tailscale-ssh)\r\n\r\nTailscale secures connections between tailnet devices with end-to-end encryption. However, some applications are not aware of that and might warn users or disable features based on the fact that HTTP URLs to your tailnet services look unencrypted because they're not using TLS certificates. You can prevent these problems by configuring your tailnet to use HTTPS.\r\n\r\n[**Enabling HTTPS** \\\\\r\n\\\\\r\nConfigure HTTPS for devices in your Tailscale network.](https://tailscale.com/docs/how-to/set-up-https-certificates)\r\n\r\n![Project Logo](https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed)\r\n\r\nAsk AI\r\n\r\nreCAPTCHA\r\n\r\nRecaptcha requires verification.\r\n\r\nprotected by **reCAPTCHA**\r\n","html":"<h1>Set up servers</h1>\n<p>Last validated: Mar 3, 2025</p>\n<p>A server in Tailscale is a device that provides resources or services to other devices in your Tailscale network (known as a tailnet). Unlike user devices which authenticate through your identity provider, servers are typically non-human devices that require different authentication methods, such as tags and auth keys. Servers can be physical machines, virtual machines, or cloud instances that run services like web applications, databases, or file shares.</p>\n<h2><a href=\"https://tailscale.com/docs/servers#authenticate-devices-and-verify-identity\">Authenticate devices and verify identity</a></h2>\n<p>Unlike user devices, which authenticate through identity providers, servers need a different approach. Tailscale provides tags for server identify management and auth keys for automated authentication.</p>\n<p><a href=\"https://tailscale.com/docs/how-to/set-up-servers\"><strong>Setting up a server on your Tailscale network</strong> \\\r\n\\\r\nSet up a server in your tailnet, and use Tailscale SSH to manage authentication for those servers.</a> <a href=\"https://tailscale.com/docs/features/tags\"><strong>Group devices with tags</strong> \\\r\n\\\r\nUse Tailscale tags to authenticate and identify non-user devices, such as a server.</a> <a href=\"https://tailscale.com/docs/features/access-control/auth-keys\"><strong>Auth keys</strong> \\\r\n\\\r\nUse Tailscale auth keys to authenticate devices, automate device provisioning, and enhance security. Create and manage auth keys for streamlined network access and control.</a> <a href=\"https://tailscale.com/docs/features/ephemeral-nodes\"><strong>Ephemeral nodes</strong> \\\r\n\\\r\nUse ephemeral nodes in Tailscale for managing short-lived devices like containers and CI/CD systems.</a></p>\n<h2><a href=\"https://tailscale.com/docs/servers#secure-remote-access-and-enable-tls-connections\">Secure remote access and enable TLS connections</a></h2>\n<p>After you authenticate your servers, you need secure ways to access and manage them. Tailscale provides built-in support for both SSH and HTTPS access.</p>\n<p>Tailscale SSH eliminates the complexity of traditional SSH key management. It automatically handles key distribution and user authentication based on your existing identity provider permissions.</p>\n<p><a href=\"https://tailscale.com/docs/features/tailscale-ssh\"><strong>Tailscale SSH</strong> \\\r\n\\\r\nUse Tailscale SSH to manage the authentication and authorization of SSH connections in your tailnet.</a></p>\n<p>Tailscale secures connections between tailnet devices with end-to-end encryption. However, some applications are not aware of that and might warn users or disable features based on the fact that HTTP URLs to your tailnet services look unencrypted because they're not using TLS certificates. You can prevent these problems by configuring your tailnet to use HTTPS.</p>\n<p><a href=\"https://tailscale.com/docs/how-to/set-up-https-certificates\"><strong>Enabling HTTPS</strong> \\\r\n\\\r\nConfigure HTTPS for devices in your Tailscale network.</a></p>\n<p><img src=\"https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed\" alt=\"Project Logo\"></p>\n<p>Ask AI</p>\n<p>reCAPTCHA</p>\n<p>Recaptcha requires verification.</p>\n<p>protected by <strong>reCAPTCHA</strong></p>\n"}