diff --git a/cmd/tailscale/cli/cli.go b/cmd/tailscale/cli/cli.go
index 5563d8a1..8de129a0 100644
--- a/cmd/tailscale/cli/cli.go
+++ b/cmd/tailscale/cli/cli.go
@@ -12,6 +12,8 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"net"
+	"net/url"
 	"os"
 	"runtime"
 	"strings"
@@ -164,6 +166,19 @@ For help on subcommands, add --help after: "mirage status --help".
 	}
 
 	localClient.Socket = rootArgs.socket
+
+	/*
+		if the Socket is like http://ip:port then we try to connect plain
+		http to a remote tailscaled for debug, without authentication
+	*/
+	parsedUrl, err := url.Parse(rootArgs.socket)
+	if err == nil {
+		localClient.Dial = func(ctx context.Context, network, addr string) (net.Conn, error) {
+			var d net.Dialer
+			return d.DialContext(ctx, "tcp", parsedUrl.Host)
+		}
+	}
+
 	rootfs.Visit(func(f *flag.Flag) {
 		if f.Name == "socket" {
 			localClient.UseSocketOnly = true
diff --git a/mirageclient-win/daemon.go b/mirageclient-win/daemon.go
index 39745a82..c9323cf1 100644
--- a/mirageclient-win/daemon.go
+++ b/mirageclient-win/daemon.go
@@ -30,6 +30,7 @@ import (
 	"tailscale.com/envknob"
 	"tailscale.com/ipn/ipnlocal"
 	"tailscale.com/ipn/ipnserver"
+	"tailscale.com/ipn/localapi"
 	"tailscale.com/ipn/store"
 	"tailscale.com/logtail/backoff"
 	"tailscale.com/net/dns"
@@ -214,6 +215,13 @@ func StartDaemon(ctx context.Context, logf logger.Logf, logID string) error { //
 		if err == nil {
 			logf("got LocalBackend in %v", time.Since(t0).Round(time.Millisecond))
 			srv.SetLocalBackend(lb)
+			if debugMux != nil {
+				lah := localapi.NewHandler(lb, logf, logPubID)
+				lah.PermitWrite = true
+				lah.PermitRead = true
+
+				debugMux.Handle("/", lah)
+			}
 			return
 		}
 		lbErr.Store(err) // before the following cancel
@@ -250,13 +258,15 @@ func getLocalBackend(ctx context.Context, logf logger.Logf, logid logid.PublicID
 	if _, ok := e.(wgengine.ResolvingEngine).GetResolver(); !ok {
 		panic("internal error: exit node resolver not wired up")
 	}
-	if debugMux != nil && debugPort > 0 && debugPort < 65536 {
-		if ig, ok := e.(wgengine.InternalsGetter); ok {
-			if _, mc, _, ok := ig.GetInternals(); ok {
-				debugMux.HandleFunc("/debug/magicsock", mc.ServeHTTPDebug)
+	if debugMode {
+		if debugMux != nil && debugPort > 0 && debugPort < 65536 {
+			if ig, ok := e.(wgengine.InternalsGetter); ok {
+				if _, mc, _, ok := ig.GetInternals(); ok {
+					debugMux.HandleFunc("/debug/magicsock", mc.ServeHTTPDebug)
+				}
 			}
+			go runDebugServer(debugMux, ":"+strconv.FormatInt(debugPort, 10))
 		}
-		go runDebugServer(debugMux, ":"+strconv.FormatInt(debugPort, 10))
 	}
 
 	ns, err := newNetstack(logf, dialer, e)
diff --git a/mirageclient-win/utils.go b/mirageclient-win/utils.go
index 0e9fd559..c4c7b56a 100644
--- a/mirageclient-win/utils.go
+++ b/mirageclient-win/utils.go
@@ -19,6 +19,7 @@ const defaultServerCode = "ipv4.uk"
 const socketPath = `\\.\pipe\ProtectedPrefix\Administrators\Mirage\miraged`
 const enginePort = 0    //0 -动态端口机制
 const debugPort = 54321 // 调试信息页面端口
+const debugMode = false // 是否开启调试模式
 
 var programPath string = filepath.Join(os.Getenv("ProgramData"), serviceName)