Answer

Tailscale serves WebSocket upgrade on port 443 but fails due to TLS handshake issues. Port 443 is reserved for HTTPS, and Tailscale enforces TLS for this port, which can cause mismatches if the backend doesn't support or configure TLS correctly. WebSocket over TLS (wss) requires a valid TLS handshake and proper certificate setup. On custom ports like 8443, Tailscale may not enforce TLS, allowing WebSocket upgrade to proceed without handshake errors. Ensure your backend supports TLS and has valid certificates for port 443.

27948018-5805-4cd3-b003-92eee35a0511

Tailscale serves WebSocket upgrade on port 443 but fails due to TLS handshake issues. Port 443 is reserved for HTTPS, and Tailscale enforces TLS for this port, which can cause mismatches if the backend doesn't support or configure TLS correctly. WebSocket over TLS (wss) requires a valid TLS handshake and proper certificate setup. On custom ports like 8443, Tailscale may not enforce TLS, allowing WebSocket upgrade to proceed without handshake errors. Ensure your backend supports TLS and has valid certificates for port 443.