Metrics exposed on non-Tailscale interface require separate web server process

To expose metrics on a non-Tailscale network interface, the 'tailscale web --readonly' command must be run with a specific listen address. This starts a separate server process that only listens on the provided IP and port, not on Tailscale addresses.

Run 'tailscale web --readonly --listen <ip>:<port>' where <ip> is a local interface IP address. Access metrics at http://<ip>:<port>/metrics. Note this creates a separate server process independent of the standard Tailscale web interface. Ensure firewall rules allow access to the specified port.