Skip to main content

Access by VPN

Secure Remote Access with Tailscale VPN

Why connect Sparrow Home with a VPN like Tailscale?

Sparrow Home is typically hosted locally (for example, on a Raspberry Pi inside your home network). By default, this means the system is only accessible when you are connected to the same Wi-Fi. If you want to control your smart home while away (from your phone or laptop), exposing Sparrow Home directly to the public internet is not recommended. Opening router ports or using public IP addresses can significantly increase the risk of unauthorized access. That’s why Sparrow Home can be securely accessed through a private VPN network such as Tailscale.

With Tailscale, Sparrow Home becomes part of an encrypted private network, allowing you to:

  • Access your dashboard from anywhere without port forwarding

  • Keep Sparrow Home hidden from the public internet

  • Use end-to-end encrypted connections (WireGuard-based)

  • Connect only trusted devices (phone, laptop, tablet)

  • Avoid complex DNS and SSL configuration

This approach provides a secure and simple way to manage your home system remotely while maintaining strong privacy and protection.

Documentation: https://tailscale.com/kb/1017/install

https://tailscale.com/security

How to set up Sparrow Home with Tailscale

Getting started with Tailscale is straightforward and requires only a few steps:

  1. Install Tailscale on your Sparrow Home server On the machine running Sparrow Home (e.g. Raspberry Pi), install the Tailscale client and log in.

https://tailscale.com/kb/1017/install

  1. Install Tailscale on your personal devices Install the app on your phone or laptop to join the same private network.

iOS: https://tailscale.com/kb/1020/install-ios

Android: https://tailscale.com/kb/1022/install-android

  1. Access Sparrow Home via its private Tailscale IP Once connected, Sparrow Home will be reachable through a stable private address such as:
http://100.x.y.z

This works securely even outside your home Wi-Fi.

Enabling SSL

To enable SSL, activate the HTTPS option in the Tailscale admin console (under Settings). Next, set tailscaleDomain in your .env file to your exact Tailscale domain name. The Caddy web server will then automatically redirect all HTTP traffic to HTTPS and obtain a valid SSL certificate.

warning

Remember to restart Docker containers after changing the .env file.