Yes. Claude Desktop saves all conversation history locally on your machine. You can access past sessions from the left sidebar — they persist between app restarts.
The files are stored at:
C:\Users\<you>\AppData\Roaming\Claude\
One caveat: very long conversations get automatically compressed as they approach the model's context limit. The gist is preserved but exact wording of earlier messages may be summarised. This is normal and doesn't affect the saved session — it just means Claude's working memory of the conversation is condensed, not deleted.
Yes — Tailscale Funnel automatically provisions a TLS certificate for your *.ts.net subdomain (e.g. nbg3pc.taileeca1e.ts.net). It uses Let's Encrypt under the hood.
You never see the certificate file, never run Certbot, and never think about renewal. Tailscale handles all of it silently. That is the point — it is a managed abstraction.
This is also why it is not a good learning tool for the underlying mechanics.
No — and that is by design.
Tailscale Funnel is excellent because it hides DNS, certificate provisioning, certificate renewal, and TLS configuration entirely. You get a working HTTPS URL without understanding any of those layers. For a toy project, that is a feature. For learning, it is a dead end.
Here is what each layer actually involves, and where Tailscale Funnel sits relative to each:
| Concept | What You Actually Do in Production | What Tailscale Funnel Does |
|---|---|---|
| DNS | Create A/CNAME records in Cloudflare pointing your domain to your server IP | Auto-creates a *.ts.net subdomain — you never touch DNS |
| TLS Certificate | Run Certbot, prove domain ownership via HTTP or DNS challenge, get a .pem file |
Auto-provisions via Let's Encrypt, certificate files hidden from you |
| Certificate Renewal | Certbot cron job renews every 90 days; you monitor it | Fully automatic, invisible |
| TLS Termination | nginx reads your .pem files, handles the HTTPS handshake |
Tailscale daemon handles it |
| Custom Domain | Point myapp.com to your server via DNS A record |
Not possible — locked to *.ts.net |
Because Tailscale manages all of this, using it teaches you nothing about the stack beneath it.
If you want to genuinely understand DNS, TLS, and Cloudflare, the best path is to go through the real setup once, hands-on. Each step is a concept.
.xyz for ~$1/year on Namecheap or Cloudflare Registrar)nslookup myapp.com 8.8.8.8What you learn: What an A record is, what nameservers do, what DNS propagation means, what TTL controls.
On a Linux VPS (DigitalOcean/Hetzner has $4/month options):
sudo certbot certonly --standalone -d myapp.com
Look at the files it creates:
/etc/letsencrypt/live/myapp.com/fullchain.pem # your certificate
/etc/letsencrypt/live/myapp.com/privkey.pem # your private key
Then configure nginx to use them manually (don't use --nginx auto mode yet).
What you learn: What a certificate file actually is, what the private key is for, what the chain of trust means (your cert → Let's Encrypt intermediate → root CA), how HTTP-01 domain ownership verification works.
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/myapp.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myapp.com/privkey.pem;
...
}
Try visiting the site. Open the certificate in your browser (the padlock icon). Trace it back to the root CA.
What you learn: How nginx loads certificates, what the browser checks, what "untrusted certificate" errors mean.
CF-Connecting-IP header to see the real client IPWhat you learn: What a reverse proxy at the CDN level does, what IP masking means, the difference between the Cloudflare→browser TLS and the Cloudflare→server TLS, why Full Strict requires a valid cert on your origin.
Once you understand the layers above, try Cloudflare Tunnel — but now you will understand exactly what it is abstracting and why each piece exists.
cloudflared tunnel create myapp
cloudflared tunnel route dns myapp myapp.com
cloudflared tunnel run --url http://localhost:3000 myapp
What you learn: How tunnels replace the need for a public IP, how Cloudflare authenticates your tunnel, how this compares to the manual stack you built.