README > VPS Infra > Tailscale VPN
β Traefik DNS Challenge | Umami Analytics β
Protect sensitive environments via Tailscale VPN. Only devices connected to the Tailscale network can access protected routes.
Protected routes:
dokploy.your-domain.comβ Dokploy paneltraefik.your-domain.comβ Traefik dashboardpreview.*.your-domain.comβ Preview environmentsexperiment.*.your-domain.comβ Experiment environmentsprisma-studio.*.your-domain.comβ Prisma Studio (database access)umami.your-domain.comβ Umami analytics- and more...
Tailscale is natively integrated into Dokploy.
Follow the official guide: Dokploy - Tailscale Integration
Add DNS records for VPN-protected domains β see DNS Config β VPN.
VPN-protected domains are not publicly accessible, so Let's Encrypt cannot validate certificates via HTTP. Make sure you switched to DNS Challenge β see Traefik DNS Challenge.
- Connect Tailscale on your device
- Access protected URLs normally in your browser
| Layer | Protection |
|---|---|
| Network | VPN Tailscale (WireGuard) |
| Application | Basic Auth Traefik (Prisma Studio) |
| Transport | HTTPS (Let's Encrypt DNS Challenge) |