Tailscale enable proxy crashes the add-on

Hi there. I was following this tutorial: Video: Remotely access Home Assistant via Tailscale for free for getting an https to access home assistant. However, when I arrive to the part that says “enable tailscale proxy”, I enable it, and for a reason tailscale just wont boot (it says 502 bad gateway) and here is the log:

s6-rc: info: service nginx successfully started
2024/06/30 18:42:14 dns: using *dns.directManager
2024/06/30 18:42:14 wgengine.NewUserspaceEngine(tun "userspace-networking") ...
2024/06/30 18:42:14 dns: using dns.noopManager
2024/06/30 18:42:14 link state: interfaces.State{defaultRoute=eth0 ifs={docker0:[172.17.0.1/16 llu6] eth0:[192.168.51.177/22 llu6] hassio:[172.30.32.1/23 llu6]} v4=true v6=false}
2024/06/30 18:42:14 onPortUpdate(port=36413, network=udp6)
2024/06/30 18:42:14 onPortUpdate(port=47451, network=udp4)
2024/06/30 18:42:14 magicsock: disco key = d:fbee062dd4b62b1d
2024/06/30 18:42:14 Creating WireGuard device...
2024/06/30 18:42:14 Bringing WireGuard device up...
2024/06/30 18:42:14 Bringing router up...
2024/06/30 18:42:14 Clearing router settings...
2024/06/30 18:42:14 Starting network monitor...
2024/06/30 18:42:14 Engine created.
2024/06/30 18:42:14 pm: using backend prefs for "profile-fba7": Prefs{ra=true dns=true want=true routes=[0.0.0.0/0 ::/0 192.168.48.0/22] snat=true statefulFiltering=false nf=on host="raspberrymain" update=check appconnector=advertise Persist{lm=, o=, n=[Qb03M] u="[email protected]"}}
2024/06/30 18:42:14 envknob: TS_NO_LOGS_NO_SUPPORT="true"
2024/06/30 18:42:14 logpolicy: using system state directory "/var/lib/tailscale"
2024/06/30 18:42:14 got LocalBackend in 29ms
2024/06/30 18:42:14 Start
2024/06/30 18:42:15 timeout waiting for initial portlist
2024/06/30 18:42:15 Backend: logs: be:670da9f5dc169f7c1d122d47c09def1857c116d1bc4e4179184da2684fda3db8 fe:
2024/06/30 18:42:15 control: client.Login(false, 0)
2024/06/30 18:42:15 control: doLogin(regen=false, hasUrl=false)
2024/06/30 18:42:15 web server running on: http://127.0.0.1:25899
[18:42:15] INFO: Starting NGinx...
2024/06/30 18:42:15 health("overall"): error: not in map poll
2024/06/30 18:42:16 control: control server key from https://controlplane.tailscale.com: ts2021=[fSeS+], legacy=[nlFWp]
2024/06/30 18:42:16 control: RegisterReq: onode= node=[Qb03M] fup=false nks=false
2024/06/30 18:42:16 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
2024/06/30 18:42:17 control: netmap: got new dial plan from control
2024/06/30 18:42:17 using tailnet default auto-update setting: true
2024/06/30 18:42:17 EditPrefs check error: Auto-updates are not supported on this platform.
2024/06/30 18:42:17 failed to apply tailnet-wide default for auto-updates (true): Auto-updates are not supported on this platform.
2024/06/30 18:42:17 active login: [email protected]
2024/06/30 18:42:17 Switching ipn state NoState -> Starting (WantRunning=true, nm=true)
2024/06/30 18:42:17 appc: handling domains: [] and wildcards: []
2024/06/30 18:42:17 magicsock: SetPrivateKey called (init)
2024/06/30 18:42:17 wgengine: Reconfig: configuring userspace WireGuard config (with 0/2 peers)
2024/06/30 18:42:17 wgengine: Reconfig: configuring router
2024/06/30 18:42:17 wgengine: Reconfig: configuring DNS
2024/06/30 18:42:17 dns: Set: {DefaultResolvers:[] Routes:{serengeti-chimaera.ts.net.:[] ts.net.:[199.247.155.53 2620:111:8007::53]}+65arpa SearchDomains:[serengeti-chimaera.ts.net.] Hosts:3}
2024/06/30 18:42:17 peerapi: serving on http://100.66.174.31:39982
2024/06/30 18:42:17 peerapi: serving on http://[fd7a:115c:a1e0::b901:ae1f]:39982
2024/06/30 18:42:17 health("dns"): error: getting OS base config is not supported
2024/06/30 18:42:17 monitor: gateway and self IP changed: gw=192.168.50.1 self=192.168.51.177
2024/06/30 18:42:17 health("dns-os"): error: getting OS base config is not supported
2024/06/30 18:42:17 appc: handling domains: [] and wildcards: []
2024/06/30 18:42:17 portmapper: UPnP discovery response from 192.168.48.75, but gateway IP is 192.168.50.1
2024/06/30 18:42:17 portmapper: UPnP discovery response from 192.168.48.75, but gateway IP is 192.168.50.1
2024/06/30 18:42:17 portmapper: UPnP meta changed: [{Location:http://192.168.48.75:1901/gatedesc.xml Server:Linux/2.6.36, UPnP/1.0, Portable SDK for UPnP devices/1.6.19 USN:uuid:9f0865b3-f5da-4ad5-85b7-7404637fdf37::urn:schemas-upnp-org:device:InternetGatewayDevice:1} {Location:http://192.168.50.1:42777/rootDesc.xml Server:AsusWRT/388 UPnP/1.1 MiniUPnPd/2.2.0 USN:uuid:3ddcd1d3-2380-45f5-b069-08bfb80e3cd8::urn:schemas-upnp-org:device:InternetGatewayDevice:1}]
2024/06/30 18:42:18 magicsock: home is now derp-16 (mia)
2024/06/30 18:42:18 magicsock: adding connection to derp-16 for home-keep-alive
2024/06/30 18:42:18 magicsock: 1 active derp conns: derp-16=cr0s,wr0s
2024/06/30 18:42:18 control: NetInfo: NetInfo{varies=false hairpin=false ipv6=false ipv6os=true udp=true icmpv4=false derp=#16 portmap=active-UMC link="" firewallmode=""}
2024/06/30 18:42:18 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
2024/06/30 18:42:18 derphttp.Client.Connect: connecting to derp-16 (mia)
2024/06/30 18:42:18 magicsock: endpoints changed: 192.168.0.3:47451 (portmap), 186.155.16.196:36662 (stun), 172.17.0.1:47451 (local), 172.30.32.1:47451 (local), 192.168.51.177:47451 (local)
[18:42:19] INFO: Tailscale is running
[18:42:19] NOTICE: The add-on uses userspace networking mode.
[18:42:19] NOTICE: If you need to access other clients on your tailnet from your Home Assistant instance,
[18:42:19] NOTICE: disable userspace networking mode, that will create a "tailscale0" network interface on your host.
[18:42:19] NOTICE: Please check your configuration based on the add-on's documentation under "Option: userspace_networking"
s6-rc: info: service post-tailscaled successfully started
s6-rc: info: service taildrop: starting
s6-rc: info: service serve: starting
s6-rc: info: service taildrop successfully started
s6-rc: info: service serve successfully started
s6-rc: info: service legacy-services: starting
[18:42:20] ERROR: Tailscale's HTTPS support is disabled
s6-rc: info: service legacy-services successfully started
[18:42:20] INFO: Service serve exited with code 1 (by signal 0)
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service taildrop: stopping
s6-rc: info: service serve: stopping
s6-rc: info: service nginx: stopping
s6-rc: info: service serve successfully stopped
[18:42:20] INFO: Service taildrop exited with code 256 (by signal 15)
s6-rc: info: service taildrop successfully stopped
s6-rc: info: service post-tailscaled: stopping
s6-rc: info: service post-tailscaled successfully stopped
s6-rc: info: service tailscaled: stopping
[18:42:20] INFO: Service NGINX exited with code 0 (by signal 0)
s6-rc: info: service nginx successfully stopped
s6-rc: info: service init-nginx: stopping
s6-rc: info: service web: stopping
s6-rc: info: service init-nginx successfully stopped
[18:42:20] INFO: Service tailscaled exited with code 256 (by signal 15)
s6-rc: info: service tailscaled successfully stopped
[18:42:20] INFO: Service Tailscale web exited with code 256 (by signal 15)
s6-rc: info: service web successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service base-addon-log-level: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service base-addon-log-level successfully stopped
s6-rc: info: service base-addon-banner: stopping
s6-rc: info: service base-addon-banner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Any idea why does it happens?

Config:
Raspberry pi 4 4GB
home assistant supervised
internet over the rj45 raspberry pi port

I have no idea, but I would start there.

It would be pretty weird to have a vpn that isn’t encrypted.

No that’s normal. Tailscale uses it’s own encryption over http.

I looked thru the log for the first error, that was it.
I know I use zerotier and all you do is install it, tellit what the id is for your group, and you are in. takes 2 minutes on the command line.
As an addon install the addon, tell the config the group, done.
no fuss no muss.
same on my phone.

Actually in this case it could be the reason: addon-tailscale/tailscale/DOCS.md at 27994089fc86340157e53944a7d5af0c4c88394d · hassio-addons/addon-tailscale · GitHub

It’s decided. The decision came from the comments under the official video. You just need to enable HTTPS certificates in the Tailscale control panel on the DNS tab