TLS cert via Tailscale

[faultables]

As mentioned in #38, flo only works with https:// unless the target is a private IP address. If you're using Tailscale, this might seem like a problem, but, the solution is actually pretty simple — even without messing with a reverse proxy.

Here, I'll share quick instructions on how to get a free HTTPS certificate for your Tailnet:

First, make sure you've enabled the HTTPS Certificate feature via the Tailscale Dashboard.

Then, on the machine where Navidrome is running, execute the following command (assuming your Navidrome server listens on its default port but If it's using a different port, just adjust the number accordingly):

tailscale serve --bg 4533

And that's it!

You can now use the generated URL in flo, and flo won't complain about the ATS thing anymore.

Also, take a look at the IP address—it's a Tailscale IP! And notice the certificate issuer: It's Let's Encrypt — one of the most trusted CAs on the internet!

Everyone is happy now!