Accessing Octoprint using Tailscale results in warning that internet access is detected

AndreasZ · December 7, 2025, 4:32pm

What is the problem?

I do not have a direct network connection to the RaspberryPi that's running octoprint.

As I am using Tailscale for all my home server needs and avoid direct access from the internet to any of my containers or machines, I installed Tailscale on the octoprint server as well.
This works well, I can ssh into the machine and also access the web interface.
(As I'm using a Let's encrypt wildcard certificate for my domain, I placed that on the Raspberry as well and have haproxy as the https terminator.)

The problem is that I get the warning about accessing octoprint over the internet, which I assume that I'm not.

What did you already try to solve it?

I read the articles about safe remote access.

I configured the accessControl as follows:

accessControl:
  addRemoteUsers: false
  autologinAs: octo
  autologinHeadsupAcknowledged: true
  autologinLocal: true
  checkBasicAuthenticationPassword: true
  defaultReauthenticationTimeout: 5
  localNetworks:
  - 127.0.0.0/8
  - 100.64.0.0/10
  remoteUserHeader: REMOTE_USER
  trustBasicAuthentication: false
  trustRemoteUser: false
  userManager: octoprint.access.users.FilebasedUserManager

The cidr notation 100.64.0.0/10 is the shared ip address as of RFC 6598, Tailscale hands out IP-adresses in this range (as far as I can see).

The reverse proxy test has the following first lines:

Variable	Source	Client	Server
Client IP	X-Forwarded-For	-	100.120.60.71

The client IP address is as expected - it is the IP-address that Tailscale assigned to the client that I am using. So from my point of view, octoprint should see this client as part of a local network and should do autologin (according to the accessControl config) and not warn about accessing it from the internet.

(I have to admit that I not all that sure about the autologin - and that is only a first-world-problem. I'm more worried about the warning, that I am accessing octoprint through the internet, which is hopefully a false positive...)

Have you tried running in safe mode?

Does not seem to be applicable to me.

Did running in safe mode solve the problem?

Does not seem to be applicable to me.

Systeminfo Bundle

octoprint-systeminfo-20251207113551.zip (115.7 KB)

Additional information about your setup

I assume, that I have given the relevant infos. Please tell me, if you need other info.

jneilliii · December 7, 2025, 8:45pm

So I assume this is covering all of tailscale's possible networks, which translates to 100.64.0.1 - 100.127.255.254.

This IP is in that range. Are you accessing OctoPrint using the public name you have registered for your wildcard? Does it do the same if you access by ip address alone?

jneilliii · December 7, 2025, 9:08pm

I just tested with my instance and using tailscale IP to access and autologin works as expected.