UI-TARS Desktop is a serious local computer-use agent — if you lock down the setup
ByteDance’s UI-TARS Desktop is one of the most interesting open-source computer-use agents right now: it sees your screen,...
LinkLoot AI review
My take: For self-hosted tools, the approach is practical: the checked smoke fixture uses a Tailscale sidecar, no published host ports, and an auth key from the environment instead of inside the compose text. The boundary is real use in your own Tailnet, where the auth key, DNS, Serve/Funnel, and each individual app template still need careful checks.
Helps you reach Docker web apps privately through your Tailnet without exposing the router or individual containers publicly.
Do not copy-paste blindly: keep the auth key short-lived, disable reuse, and confirm Tailnet join with a test service.
Automated AI review. Decision aid, not a safety guarantee. · 2026-06-08 17:20:27 UTC
ScaleTail is a collection of ready-to-run Docker Compose stacks that attach common self-hosted apps to a Tailscale tailnet through a sidecar container. The useful idea is simple: make private tools reachable from your own devices without turning every dashboard, password vault, document archive, or admin panel into a public web service.
Use this when you run services such as Vaultwarden, Paperless-ngx, Jellyfin, Immich, Pi-hole, AdGuard Home, Home Assistant, Open WebUI, Portainer, or Uptime Kuma and want remote access without a new router port, reverse-proxy rule, or public DNS entry for every app.
network_mode: service: pattern.| Need | Use ScaleTail? | Caveat |
|---|---|---|
| Private remote access to homelab apps | Yes | Requires Tailscale and Docker Compose |
| Public webhook endpoint | Maybe | Funnel can be public; harden it carefully |
| Full site publishing | No | Use a normal deployment and security model |
| Multi-service homelab on one host | Yes | Still plan backups, updates, and separation |
The Tarnkappe article explains the privacy angle, the Serve/Funnel distinction, and why ScaleTail fits self-hosted Docker services that should not be exposed publicly by default. The ScaleTail GitHub repository confirms that the project provides Docker Compose sidecar configurations for connecting self-hosted apps to a Tailnet. Tailscale's own Docker documentation provides the official baseline for running Tailscale with containers.
Docker's latest agent-isolation guidance points developers to Docker Sandboxes, SBX, and Sandbox Kits for running coding…
Docker is retiring Docker Content Trust and the notary.docker.io Notary v1 service, with brownouts before the December 8…
The Show HN launch frames SwarmWright as a self-hosted multi-agent workbench where markdown agents operate inside an exp…
Sign in to join the discussion and vote on comments.
Sign in