Secure, Programmable Overlay Networking Tool built on Tailscale
ghostscale is a CLI-centric, Zig-powered toolkit for advanced Tailscale deployments. It simplifies and automates routing, DNS, reverse proxying, and public exposure of services using secure overlay networking. Ghostscale sits on top of the Tailscale stack, acting like a programmable Cloudflare Tunnel alternative — but native to your mesh.
It’s built for power users, MSPs, and self-hosters who want:
- 🔐 Tight access control
- 🛡️ Route metric automation
- 📡 Secure, auditable public exposure
- 🧠 DNS + proxy sync with zero manual touch
- Automate Tailscale route advertisement
- Set preferred routes and failover paths
- Detect and fix common route conflicts
- Define and expose Tailscale services via
ghostscale expose - Reverse proxy integration with NGINX
- Automatic cert management via DNS-01 (ACME)
- Service templates (e.g., Hudu, Portainer, UptimeKuma)
- Advanced DNS override layer
- Export Tailscale hostnames to PowerDNS, Technitium, etc.
ghostscale dns syncmaps tailnet into your real domains
- Public exposure via Tailscale’s
funnelor NGINX forward tunnels - Local QUIC/HTTP2 tunnel support in development
- Optional headscale-lite or Redis-style coordination backend
- Pluggable into
ghostmeshandghostctlecosystem - Zero-trust friendly with ACL + auth-key management
zig build -Drelease-fast
sudo install -Dm755 zig-out/bin/ghostscale /usr/local/bin/ghostscaleTailscale must be installed and running on the system. Ghostscale uses the Tailscale local API.
ghostscale expose --name portainer --port 9000 --tailscale-domain portainer.cktechx.io
ghostscale dns sync --output powerdns
ghostscale route fix --auto- Route metric sync
- DNS override layer
- Basic reverse proxy exposure
- QUIC tunnel layer (ghostfunnel)
- Web UI frontend (ghostplane)
- Zig-based DNS server (ghostdns)
MIT
Made with ⚡️ by GhostKellz for CK Technology LLC