Skip to content

Tailscale Private Access (Disabled)

Tailscale support is disabled (2026-06-15). AImetier no longer detects or depends on the tailscale binary, the --bind tailnet preset is rejected, and the deploy fronts traffic with an ALB (url_mode=alb) rather than a Tailscale Funnel sidecar. For private-network access, use a LAN bind instead.

Private-network access (the supported path)

Section titled “Private-network access (the supported path)”

Start AImetier bound to all interfaces so other devices on your LAN/VPN can reach it:

Terminal window
pnpm dev --bind lan

This sets:

  • AIMETIER_DEPLOYMENT_MODE=authenticated
  • AIMETIER_DEPLOYMENT_EXPOSURE=private
  • AIMETIER_BIND=lan

Then open AImetier from another device on the same network using the host’s LAN IP or hostname:

http://<host-lan-ip-or-hostname>:3100

If you access AImetier with a custom private hostname, add it to the allowlist:

Terminal window
pnpm aimetier allowed-hostname my-host.example.lan

Verify reachability from a remote device:

Terminal window
curl http://<host-lan-ip-or-hostname>:3100/api/health
{"status":"ok"}

The tailnet bind preset itself is disabled — pnpm aimetier onboard --bind tailnet is rejected, and the server/CLI no longer shell out to tailscale ip -4 to auto-detect an address. If you still manage a tailnet yourself and want to bind to a specific address, set it explicitly:

Terminal window
AIMETIER_TAILNET_BIND_HOST=100.x.y.z pnpm dev

This is the only Tailscale-adjacent path still honored, and it requires you to supply the address — AImetier never discovers it.

  • App only works on localhost: start with --bind lan instead of plain pnpm dev.
  • Login or redirect errors on a private hostname: add it with aimetier allowed-hostname.
  • Can connect locally but not remotely: verify both devices are on the same network and port 3100 is reachable.