Just giving them hostnames is easier.

In homelab space you can also make wildcard DNS pretty easily in dnsmasq, assuming you also "own" your router. If not, hosts file works well enough.

There is also option of using mdns for same reason but more setup

"Because all of my services share the same IP address"

DNS. SNI. RLY?

One cool trick is having (public) subdomains pointing to the tailscale IP.

or just use the same password for everything. ;)

Could also use Cloudflare tunnels. That way:

1. your 1password gets a different entry each time for <service>.<yourdomain>.<tld>

2. you get https for free

3. Remote access without Tailscale.

4. Put Cloudflare Access in front of the tunnel, now you have a proper auth via Google or Github.

This is always annoying me with 1Password, before that I just always added subdomains but now I'm usually hosting everything behind Tailscale which makes this problem even worse as the differentiation is only the port.

Ah nice! Didn’t know that. I’ll try that out next time.

Setup AdGuard-Home for both blocking ads and internal/split DNS, plus Caddy or another reverse proxy and buy (or recycle/reuse) a domain name so you can get SSL certificates through LetsEncrypt.

You don't need to have any real/public DNS records on that domain, just own the domain so LetsEncrypt can verify and give you SSL certificate(s).

You setup local DNS rewrites in AdGuard - and point all the services/subdomains to your home servers IP, Caddy (or similar) on that server points it to the correct port/container.

With TailScale or similar - you can also configure that all TailScale clients use your AdGuard as DNS - so this can work even outside your home.

Thats how I have e.g.: https://portainer.myhome.top https://jellyfin.myhome.top ...etc...

I wonder why each service doesn’t have a different subdomain.