Remote Access through Tailscale

Thomas_Fritzmann · March 30, 2026, 3:54pm

Nextcloud Server version (e.g., 29.x.x):
- v2.1.28
Operating system and version (e.g., Ubuntu 24.04):
- Mac OS Tahoe 26.2
Web server and version (e.g, Apache 2.4.25):
- v32.0.5
Reverse proxy and version _(e.g. nginx 1.27.2)
- replace me
PHP version (e.g, 8.3):
- replace me
Is this the first time you’ve seen this error? (Yes / No):
- Yes.
When did this problem seem to first start?
- Upon install on a remote users computer.
Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- Bare Metal
Are you using CloudfIare, mod_security, or similar? (Yes / No)
- Yes

Summary of the issue you are facing:

When attempting to open the Nextcloud web service, permission is denied through port 9001. I am connecting all external users using Tailscale and having them access Nextcloud at the host IP with the port 9001. All external users except for one have access. I have been racking my brain trying to figure out the workaround. Worst case scenario, the external user has that port blocked and I would need to remote in to port forward. Without having to do that, what could I be missing here? Thank you for reading!

Mark8 · March 30, 2026, 5:07pm

Is this something you’re setting up now, or something that was working and suddenly broke? I’m kind of surprised if Tailscale lets you pass on port 9001 without some setting. Otherwise, all the ports on your device might be exposed on your sub network, which probably isn’t what you want.

It sounds like you’re not using Docker. It was a nightmare getting TS to work inside a docker container. But outside the container it’s pretty straightforward.

So it sounds like what you want is the Tailscale server. The command might look something like:

sudo tailscale serve --bg --https=443 --set-path=/cloud 9001

Where you set the path in case there are multiple services running on the same TailScale sub net.

Then if your TS instance is dromedary-lighthouse on computer dracula, then people accessing your instance would use a url like

https://dracula.dromedary-lighthouse.ts.net/cloud

Since I got TS to work inside a docker container, mine doesn’t need the end path and has its own subdomain (nextcloud). Something like:

https://nextcloud.dromedary-lighthouse.ts.net

Not an expert. So maybe someone with more expertise will come along. My feeling is that it is more of a TailScale question than a Nextcloud question.

Thomas_Fritzmann · March 30, 2026, 5:28pm

Hi Mark!

Thank you for your quick response!

Apologies I should included more background information. All of the users are on Mac OS Tahoe 26.2. I am running both Tailscale and Nextcloud as apps in Truenas Scale 25.04.2.3.

Not a network expert myself but I thought that if all my users had access to the local subnet through Tailscale, then accessing the host IP would work. They can all access the host IP for Truenas just fine. Once the user in question puts the port number in the nextcloud app (on macOS) it cannot connect. This is one user out of 13 that has this issue. All others connect no problem. I will post on a Tailscale forums to see if there is something that I am missing. Might need to allow traffic through that specific port for the specific user on Tailscale?

Thank you!

Mark8 · March 30, 2026, 6:10pm

Any possibility that that one user has a different firewall setting in place?

Thomas_Fritzmann · March 30, 2026, 7:55pm

Definitely a possibility. She is a contractor that works remotely. Wanted to eliminate any possibilities in office before remoting in and configuring on her end.