From c9df11e65f22effb13c8ac22884ab70c198da902 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sat, 28 Mar 2026 23:47:09 +0000
Subject: [PATCH] fix: Align Rancher tailnet hostname with live proxy

---
 README.md                                                    | 2 +-
 STABLE_BASELINE.md                                           | 2 +-
 infrastructure/addons/rancher-config/server-url-setting.yaml | 2 +-
 infrastructure/addons/rancher/rancher-tailscale-service.yaml | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 5e159c7..136ff57 100644
--- a/README.md
+++ b/README.md
@@ -241,7 +241,7 @@ Terraform/bootstrap secrets remain in Gitea Actions secrets and are not managed
 
 ### Rancher access
 
-- Rancher is private-only and exposed through Tailscale at `https://rancher.silverside-gopher.ts.net/dashboard/`.
+- Rancher is private-only and exposed through Tailscale at `https://rancher-1.silverside-gopher.ts.net/dashboard/`.
 - The public Hetzner load balancer path is not used for Rancher.
 - Rancher uses the CNPG-backed PostgreSQL cluster in `cnpg-cluster`.
 
diff --git a/STABLE_BASELINE.md b/STABLE_BASELINE.md
index ecfa1c4..a36ee50 100644
--- a/STABLE_BASELINE.md
+++ b/STABLE_BASELINE.md
@@ -9,7 +9,7 @@ This document defines the current engineering target for this repository.
 - Hetzner Load Balancer for Kubernetes API
 - private Hetzner network
 - Tailscale operator access
-- Rancher UI exposed only through Tailscale
+- Rancher UI exposed only through Tailscale (`rancher-1.silverside-gopher.ts.net`)
 
 ## In Scope
 
diff --git a/infrastructure/addons/rancher-config/server-url-setting.yaml b/infrastructure/addons/rancher-config/server-url-setting.yaml
index 3bbb09f..ff506c0 100644
--- a/infrastructure/addons/rancher-config/server-url-setting.yaml
+++ b/infrastructure/addons/rancher-config/server-url-setting.yaml
@@ -2,4 +2,4 @@ apiVersion: management.cattle.io/v3
 kind: Setting
 metadata:
   name: server-url
-value: https://rancher.silverside-gopher.ts.net
+value: https://rancher-1.silverside-gopher.ts.net
diff --git a/infrastructure/addons/rancher/rancher-tailscale-service.yaml b/infrastructure/addons/rancher/rancher-tailscale-service.yaml
index ad9cad2..d34c780 100644
--- a/infrastructure/addons/rancher/rancher-tailscale-service.yaml
+++ b/infrastructure/addons/rancher/rancher-tailscale-service.yaml
@@ -4,7 +4,7 @@ metadata:
   name: rancher-tailscale
   namespace: cattle-system
   annotations:
-    tailscale.com/hostname: rancher
+    tailscale.com/hostname: rancher-1
     tailscale.com/proxy-class: infra-stable
 spec:
   type: LoadBalancer
@@ -19,4 +19,4 @@ spec:
     - name: https
       port: 443
       protocol: TCP
-      targetPort: 444
+      targetPort: 443