How to connect to Buffaly from your phone
To use Buffaly from a phone or another device, first identify which Buffaly instance you want, then choose the safest access route for that environment. For personal local installs, trusted-device access through Tailscale is usually the best first path.
Important terms
Instance
The specific Buffaly install you are opening: local, staging, hosted, or public.
Access route
The network path from your phone to that instance, such as Tailscale, hosted URL, or same-network local URL.
Pick the access route
| Route | Use when | Verification |
|---|---|---|
| Provisioning service | A hosted or web-server setup manages reachable Buffaly instances. | Open the issued URL and confirm it is the expected instance. |
| Tailscale trusted-device access | You want a local Buffaly instance reachable from your own trusted phone or computer. | Both devices are in the tailnet and the Buffaly URL loads on the phone. |
| Hosted or staging URL | The instance is already deployed for browser access. | Sign in and verify environment labels or known sessions. |
| Same-network local access | Both devices are on the same trusted network and local firewall rules allow access. | Open the host URL from the phone and confirm pages/actions work. |
Verify you are in the right instance
- Open the Buffaly URL from the other device.
- Sign in if required.
- Load the Help page or a known session.
- Confirm you are not mixing local, staging, and public URLs.
- Validate a real action path, such as launching a guide or reading a known page.
Choose what you are trying to do and open Buffaly
Choose the route based on the goal: use trusted-device access for personal phone use, hosted/staging access for a public test environment, and same-network local access only when both devices can reach the same local host safely.
- Identify the target instance and URL before scanning or typing anything.
- Open the URL from the phone or second device.
- Complete any trusted-device approval or sign-in flow.
- Run a harmless read-only check before doing real work.
Useful prompt: “Show this install's capabilities and tell me which environment I am connected to.”
Identify the Buffaly instance and screenshots to capture later
Before trusting a phone or second device, identify the Buffaly instance by URL, environment label, signed-in account, and a harmless capability check. Local, staging, hosted, and trusted-device routes can look similar on a small screen.
Validate a real action path after login: ask for a safe read-only check such as showing current capabilities or listing available docs. Capture screenshots later for the URL bar, the instance identity/header, the trusted-device approval state, and the successful validation response.
Common issues
The URL works on the Buffaly machine but not on the phone
The server may be bound only to localhost, the firewall may block the port, or the phone may not be on the trusted network.
You see Buffaly, but it is the wrong environment
Check the hostname and environment. Do not validate local work against staging or staging work against local output.
A guide spins or fails
The web page may load while the agent service, session runtime, or integration behind the guide is not available. Ask Buffaly to check logs and service status.
The phone says the certificate is not trusted
Use the trusted route for your environment. Do not bypass certificate warnings for sensitive work unless you know exactly what instance you are opening.
Security note
Do not expose a local Buffaly install publicly as a shortcut. Use a trusted-device route, hosted deployment, or operator-guided setup that matches the risk of the work you will do from that device.