I’m encountering an issue with Panels on iOS while trying to connect to my Kavita service via OPDS. My Kavita server is running in a Docker container on my raspberry, and I access it using its Tailscale IP address. The OPDS URL I’m using follows the format: http://<ip>:5000/api/opds/<key>.
However, I’m unable to establish a connection to my server. It seems like the App Transport Security (ATS) policy in the Panels app is preventing me from accessing my Kavita server by its ip. I’m looking for a solution that doesn’t involve setting up a reverse proxy.
Has anyone faced a similar issue or have any suggestions on how to resolve this ? Any help would be greatly appreciated!
the App Transport Security is mandatory since iOS 9 but we have set it up with the most permissive configuration. Which allows local network connections using an IP address.
Since iOS 17, Apple does not allow external IP connections over HTTP:
In iOS 17, iPadOS 17, and macOS 14, ATS no longer allows connections to IP addresses by default. Add individual IP addresses and classless inter-domain routing (CIDR) ranges in the NSExceptionDomains dictionary.
I’m afraid you have to setup a secure connection for your server. Otherwise iOS ATS will block it.
I believe I can answer this question since I came across the same issues. I shall explain my solution in hopes that it might work for you too. Making use of Tailscale Magic DNS and Tailscale serve.
You seen to turn on Tailscale Magic DNS which will provide a DNS for each of the machines on your tailnet. Once you have done that you can enable HTTPs and grab a certificate for the machine you run Kavita on via letsencrypt.
When you have done that you can use another feature called Tailscale serve to serve the port of Kavita to the DNS given for the tailnet machine that hosts it.
When you navigate to that DNS it should bring you to your Kavita login page. Thus allowing you to grab the OPDS link.
I must emphasize this is not exposed to the internet, only your tailnet.
However, as far as I am aware you can only do this with a single service. There are ways of combining a reverse proxy with tailscale but I have not been successful.
If you have an questions, I will do my best to answer them!