Secure Webhook Delivery for Your Tailscale Network
Securely deliver webhooks to any private service on your tailnet. Get public endpoints, automatic HTTPS, and zero-config setup, all built on Tailscale.
Med provisioning
Authorize to live endpoint
Request success
Trailing 30-day deliveries
Secure deliveries
Payloads tunneled safely
Tailnets
Preview teams onboarded
How Tailgator works
Authorize once and Tailgator keeps the tunnel open between the public edge and your private services.
Authorize Tailgator
Log in with Tailscale and authorize Tailgator to join your tailnet as a managed device.
Lightweight runtime attaches
Tailgator launches a minimal forwarding runtime—no shell, no full OS—and registers it as a Tailscale device under your account.
Traffic routes inside your tailnet
Internet requests land on Tailgator’s public edge and tunnel through the Tailgator node directly to the private service you select.
Under the hood
It’s not magic—just a lean Tailscale-native relay that keeps your private services invisible to the internet while giving external tools a secure ingress point.
Runtime only
Tailgator runs a purpose-built forwarding runtime with no general-purpose OS, package manager, or shell access.
Nothing persists
No local disk means payloads and configs stream in-memory. Only key material lives long enough to keep tunnels online.
Your ACLs stay in charge
Manage Tailgator exactly like any other device: allowlist destinations with Tailscale ACLs and revoke access any time.
Why choose Tailgator
We remove the maintenance overhead while keeping your tailnet in full control.
Secure by Default
Harnesses Tailscale's zero-trust network while adding Tailgator hardening
Zero Configuration
No port forwarding, no firewall rules, no complex setup required
Public Endpoints
Get a public, stable URL for each webhook endpoint without exposing your network.
Data handling & usage policy
We keep payloads ephemeral, expect fair use, and reserve the right to stop abuse.
No payload retention
Webhook bodies stream through encrypted tunnels in-memory. We never persist or index payload data.
Fair-use commitment
Tailgator stays free while in preview. Heavy or abusive usage may be throttled so everyone gets a fast path.
Abuse protections
We monitor for suspicious activity and reserve the right to rate-limit or disable nodes that break policy.
Tailgator remains free during the webhook preview. We expect fair use and may take action against misuse to keep the service reliable for everyone.
Tailscale is a registered trademark of Tailscale Inc. Tailgator is an independent project and is not affiliated with or endorsed by Tailscale Inc.
Popular use cases
Tailgator connects the public internet to your private services, one webhook at a time.
Connect Third-Party Services
Integrate your private services with third-party APIs and webhooks that require a public callback URL.
Develop and Test Webhooks Locally
Expose a local development server to receive and test webhooks from third-party services without deploying.
Receive Webhooks from your CMS
Update your statically-generated site by triggering builds with webhooks from your headless CMS.
Automate your Homelab
Trigger automations in Home Assistant or other self-hosted services via webhooks.
Frequently asked questions
Everything you need to know about managing Tailgator inside your tailnet.
How is this different from Tailscale Funnel? Comparison Hide answer
Tailscale Funnel publishes a service that you host yourself, so your device must stay online and you accept best-effort, shaped egress. Tailgator runs a managed node on our infrastructure with reserved capacity for webhook fan-in, keeps your public endpoint available even when your upstream is paused, and gives you features Funnel lacks today, like dashboard-managed routing and future custom domains.
Where is the Tailgator node physically located? Latency Hide answer
We run the managed node on our own global edge and place it on the closest available point of presence to your tailnet. Our worldwide footprint keeps latency low no matter where you authorize the tunnel.
Are custom DERPs supported? Networking Hide answer
Yes. Tailgator respects the DERP map defined for your tailnet, including any custom or self-hosted regions, so traffic egresses through the relays you specify.
How can you offer Tailgator for free right now? Pricing Hide answer
The node runs on serverless infrastructure, so we only pay for the CPU and bandwidth we actually use. We can even idle or resume Tailgator nodes on demand, which keeps costs low enough to offer a free preview while we scale out.
Do I need to expose any ports for my webhooks? Zero-config Hide answer
No. Tailgator gives you a public URL that tunnels webhooks to your private services over Tailscale, with no inbound ports to open.