<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Tailscale on Thyago Seugling</title><link>https://thyago.link/tags/tailscale/</link><description>Recent content in Tailscale on Thyago Seugling</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 15 Mar 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://thyago.link/tags/tailscale/index.xml" rel="self" type="application/rss+xml"/><item><title>Deploying a Zero-Trust Network with Tailscale and Nginx Proxy Manager</title><link>https://thyago.link/blog/zero-trust/</link><pubDate>Sun, 15 Mar 2026 00:00:00 +0000</pubDate><guid>https://thyago.link/blog/zero-trust/</guid><description>&lt;p&gt;For years, my home lab ran on a patchwork of port forwards, dynamic DNS, and good intentions. It worked — mostly — but every exposed port was a liability, and I knew it. This is the story of how I tore it all down and rebuilt on a &lt;strong&gt;zero-trust foundation&lt;/strong&gt;.&lt;/p&gt;
&lt;h2 id="why-zero-trust"&gt;Why Zero Trust?&lt;/h2&gt;
&lt;p&gt;The traditional model assumes that anything inside your network is safe. Zero trust flips that entirely: &lt;em&gt;verify everything, trust nothing&lt;/em&gt;. Every request is authenticated, every connection is encrypted, and no service is reachable unless explicitly permitted.&lt;/p&gt;</description></item></channel></rss>