as an alternative to tailscale, you can set up a Cloudflare Zero Trust Tunnel and create user identities for your friends so they log in using their email (one-time PIN), Google, etc. It’s what I use to access my home lab from anywhere.
If there is a web service running on this server (e.g. at localhost:8080), I don’t think your friends will need to install anything. You’ll then create a zero trust application that maps this localhost port to a subdomain (e.g. files.example.com), make sure the application requires authentication.
In the server, you can run a web UI file sharing, like SFTPGo, exposed to that port 8080:
docker run --name some-sftpgo -p 8080:8080 -p 2022:2022 -d “docker.io/drakkan/sftpgo:latest”
Then try accessing your files.example.com by logging in.