Tailscale

Some of our DC-hosted services would intermittently lose the ability to reach their own public URLs. A webhook from one internal service to another would hang. A health probe would time out. The logs at both ends showed nothing useful. It was always specific source/destination pairs. The VPS was reachable from the internet fine. From other parts of our network, fine. From most laptops, fine. From this DC host to that VPS’s public IP, TCP just timed out. No RST. Silent. ...

If you self-host services behind a VPS, you’ve probably noticed the inefficiency: you set up app.example.com to point at your VPS, the VPS tunnels traffic home, everything works — but when you access it from your couch, the request still takes a round trip through a data centre to reach a server two metres away. This post covers how I set up DNS so that traffic always takes the shortest path to my home server, regardless of where the request comes from. ...