I've spent years messing around with reverse proxies, but I invariably end up breaking something. If you run a bunch of Docker services, you'd have experienced this. Setting up a reverse proxy isn't the most complicated thing, but one thing leads to another, and you are managing subdomains, certificates, forwarding rules that seemingly get more complicated all the time. Reverse proxies can work well enough, but when they fall apart, you're probably going to spend a few hours trying to figure out why the service refuses to load or why it's misbehaving. That was certainly the case for my setup. However, a few weeks back, I came across DockTail.

If you've used Tailscale before, you're going to love DockTail. Usually, you'd have to run a separate Tailscale sidecar container for each Docker service you want to connect to. But DockTail automates all of that. It watches your containers and tells Tailscale which ones should be available to the devices on your tailnet. Since everything happens within a private network, there is no need for routing rules. You only need a simple way to announce the service, and that's what DockTail does.

DockTail is a better fit for home users than a reverse proxy

DockTail and Tailscale make more sense than public routing

Reverse proxies assume you want to put something on the internet. They are designed around routing outside traffic, rewriting requests, and handling encryption for anyone arriving through your domain. If you need that, a reverse proxy makes a lot of sense. For most home servers, though, almost everything is for your own personal use. You want access from your phone, your laptop, maybe from work, or while traveling. You don't need the whole world to reach your media server or internal dashboard.

Tailscale is designed to work perfectly within that use case. Your devices join the same virtual network and communicate directly with each other. DockTail follows that same approach. It connects your containers to the Tailscale mesh without making you jump through the hoops that a traditional reverse proxy does. You focus on the actual service running in the container, give it a label, and DockTail makes sure that it's reachable on your tailnet.

In practice, the experience is surprisingly simple. I can pick the container I want to expose, redeploy it with the right information and labels, and DockTail will immediately add it to the network. There are no routing rules to maintain, and it keeps a certain level of segregation of your container from the rest of the stack so that one misconfigured utility doesn't bring the rest of the stack down.

DockTail changes the way you run new apps

What happens when you finally ditch the reverse proxy stack

Bigger differences arise when you begin migrating services over to DockTail. To test things out, I started with a utility container and watched it show up immediately. As easy as that was, I continued on by moving my media server. Then a dashboard, then my note-taking tool, and then Navidrome. Every single service behaved the same way and immediately showed up in DockTail. Tailscale was recognized, and I was able to connect to it with no issues. I didn't have to touch a DNS record or open a port.

De-linking from a reverse proxy stack is fantastic as it frees up a lot of maintenance headroom. Moreover, I could get rid of a lot of configurations that I invariably ran into issues with as a novice network enthusiast. I could also get rid of configuration files that I'd lost track of and close parts on my router that no longer needed to exist. Honestly, my server hasn't felt this clean and well-maintained in a while. When you eliminate unnecessary layers and complexity, the entire setup becomes that much easier to maintain and trust for long-term use. Who'd have thought? Plus, there's the added benefit that if something breaks, you know exactly where to look.

Moreover, it's changed how I work with and add new services. Earlier on, I'd hesitate to add new interesting containers because it would also mean setting up the remote proxy. Now I spin up whatever I like, and all I have to do is add a couple of labels to the container, and it's ready to be visible on my tailnet. Removing it is just as easy, of course. It's incredibly flexible and makes running a home server much easier and, dare I say, fun.

DockTail made my setup simpler than I thought possible

When I read about DockTail, I was cautiously optimistic. I went in expecting a small but convenient tool. I certainly didn't expect to swap out an entire layer in my self-hosted stack. DockTail didn't just simplify my network. Instead, it fully transformed how I approach self-hosting. By leaning into the strengths of Tailscale and letting containers announce themselves naturally using simple labels, the service has removed a huge amount of friction from my setup. The end result is a much more streamlined set-up that is easier to maintain, easier to run, and honestly just better. No babysitting needed. I can live with that. If you want to access your Docker containers remotely, this is one self-hosted app that you absolutely must check out.