Tailscale Private Access
Use this when you want to access Paperclip over Tailscale (or a private LAN/VPN) instead of only localhost.
1. Start Paperclip in private authenticated mode
Section titled “1. Start Paperclip in private authenticated mode”pnpm dev --tailscale-authThis configures:
PAPERCLIP_DEPLOYMENT_MODE=authenticatedPAPERCLIP_DEPLOYMENT_EXPOSURE=privatePAPERCLIP_AUTH_BASE_URL_MODE=autoHOST=0.0.0.0(bind on all interfaces)
Equivalent flag:
pnpm dev --authenticated-private2. Find your reachable Tailscale address
Section titled “2. Find your reachable Tailscale address”From the machine running Paperclip:
tailscale ip -4You can also use your Tailscale MagicDNS hostname (for example my-macbook.tailnet.ts.net).
3. Open Paperclip from another device
Section titled “3. Open Paperclip from another device”Use the Tailscale IP or MagicDNS host with the Paperclip port:
http://<tailscale-host-or-ip>:3100Example:
http://my-macbook.tailnet.ts.net:31004. Allow custom private hostnames when needed
Section titled “4. Allow custom private hostnames when needed”If you access Paperclip with a custom private hostname, add it to the allowlist:
pnpm paperclipai allowed-hostname my-macbook.tailnet.ts.net5. Verify the server is reachable
Section titled “5. Verify the server is reachable”From a remote Tailscale-connected device:
curl http://<tailscale-host-or-ip>:3100/api/healthExpected result:
{"status":"ok"}Troubleshooting
Section titled “Troubleshooting”- Login or redirect errors on a private hostname: add it with
paperclipai allowed-hostname. - App only works on
localhost: make sure you started with--tailscale-auth(or setHOST=0.0.0.0in private mode). - Can connect locally but not remotely: verify both devices are on the same Tailscale network and port
3100is reachable.