kolu
Docs

remote

Reach kolu anywhere.

Tailscale Serve gives kolu a private HTTPS URL. That single move lets your phone or laptop reach the workspace and also unlocks the secure-context features used by install prompts and app badges, notifications, and service workers.

  1. Install Tailscale on both devices.

    Put Tailscale on the dev box and the phone or laptop, signed into the same account. They join one private tailnet.

  2. Enable MagicDNS and HTTPS Certificates.

    In the Tailscale admin console, turn on MagicDNS, then HTTPS Certificates.

  3. Serve kolu’s port from the dev box.

    tailscale serve --bg 7681

    Tailscale prints a tailnet URL:

    https://your-box.your-tailnet.ts.net/
  4. Open the printed URL on the other device and pin it there.

    Use the full https://<machine>.<tailnet>.ts.net address.

One more honesty note: the ...ts.net hostname is visible in public Certificate Transparency logs because that is how public certificates are audited. Do not put secrets in machine names.

Which tunnel?

Tailscale Serve

For “just my devices.” Tailnet-only, real HTTPS, and the default path for a private kolu.

Cloudflare Tunnel + Access

For a public URL that still requires identity before anyone reaches kolu.

ngrok

For a throwaway public URL during a demo. No auth by default, so tear it down after.

This page is about reaching the browser app. For shell-level remote terminals over ssh, use kaval-tui --host instead.

Manage the serve

tailscale serve status
tailscale serve reset
tailscale serve off