remote
Reach kolu anywhere.
Tailscale Serve gives kolu a private HTTPS URL. That single move lets your phone or laptop reach the workspace and also unlocks the secure-context features used by install prompts and app badges, notifications, and service workers.
-
Install Tailscale on both devices.
Put Tailscale on the dev box and the phone or laptop, signed into the same account. They join one private tailnet.
-
Enable MagicDNS and HTTPS Certificates.
In the Tailscale admin console, turn on MagicDNS, then HTTPS Certificates.
-
Serve kolu’s port from the dev box.
tailscale serve --bg 7681Tailscale prints a tailnet URL:
https://your-box.your-tailnet.ts.net/ -
Open the printed URL on the other device and pin it there.
Use the full
https://<machine>.<tailnet>.ts.netaddress.
One more honesty note: the ...ts.net hostname is visible in public Certificate
Transparency logs because that is how public certificates are audited. Do not put
secrets in machine names.
Which tunnel?
Tailscale Serve
For “just my devices.” Tailnet-only, real HTTPS, and the default path for a private kolu.
Cloudflare Tunnel + Access
For a public URL that still requires identity before anyone reaches kolu.
ngrok
For a throwaway public URL during a demo. No auth by default, so tear it down after.
This page is about reaching the browser app. For shell-level remote terminals
over ssh, use kaval-tui --host
instead.
Manage the serve
tailscale serve status
tailscale serve reset
tailscale serve off