Headscale组网教程

Headscale组网教程

　　Tailscale 基础教程：Headscale 的部署方法和使用教程

　　GitHub - gurucomputing/headscale-ui: A web frontend for the headscale Tailscale-compatible coordination server

　　GitHub - juanfont/headscale: An open source, self-hosted implementation of the Tailscale control server

客户端安装

　　Tailscale

常用命令

# 1. 创建命名空间
docker exec -it headscale headscale namespaces create xxx

# 2. 查看命名空间
docker exec -it headscale headscale namespaces list

# linux Tailscale 接入 Headscale
# 将  换成你的 Headscale 公网 IP 或域名
# 推荐将 DNS 功能关闭，因为它会覆盖系统的默认 DNS。如果你对 DNS 有需求，需要研究官方文档 , --force-reauth 表示强制重新鉴权, 有时怎么都登录不上, 可以添加这个
tailscale up --login-server=https://headscale.xxx.cn --accept-routes=true --accept-dns=false --force-reauth
	# 要求到服务器去鉴权:
		docker exec -it headscale headscale -u xxx nodes register --key nodekey:ac56f9922fbc5a09670f5c5972f52b3e509de6b235a48046664f27102702ad1a

# 生成用户的prev auth key  -- 创建一个可重用的, 过期时间未365天的preauthkeys 
docker exec -it headscale headscale preauthkeys -u leiax00 create -e 365d --reusable
tailscale up --login-server=https://headscale.xxx.cn --accept-routes=true --accept-dns=false --auth-key 22b5b5b8af372bb7df55a4618d41da8f1274289c64157870

# 节点查看
docker exec -it headscale headscale nodes list

# 生成API key
docker exec -it headscale headscale apikeys create
docker exec -it headscale headscale apikeys list
		1QgzdVxekQ.EPWro_YG-q8JLG4cUbybTapwLzjmdlc0bO82-lluM_M

配置修改

config.yaml修改项

server_url: https://headscale.xxx.cn
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 0.0.0.0:9090
grpc_listen_addr: 0.0.0.0:50443
ip_prefixes:
#  - fd7a:115c:a1e0::/48
  - 10.0.0.0/16
derp:
	urls:
#  - 
paths:
  - /etc/headscale/derp.yaml

# SQLite config
db_type: sqlite3

# For production:
# db_path: /var/lib/headscale/db.sqlite
db_path: /var/lib/headscale/db.sqlite
# # Postgres config
# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
#db_type: postgres
#db_host: 10.1.0.3
#db_port: 5432
#db_name: headscale
#db_user: postgres
#db_pass: lax4832.

randomize_client_port: true

derp.yaml

　　derp.yaml与config.yaml放置在同目录下

# /etc/headscale/derp.yaml
regions:
  900:
    regionid: 900
    regioncode: lt
    regionname: lax-tencent
    nodes:
      - name: 900a
        regionid: 900
        hostname: derp.xxx.cn
        ipv4: ''
        stunport: 50002
        stunonly: false
        derpport: 443

docker-compose.yaml

version: '3'

services:
  headscale:
    container_name: headscale
    hostname: headscale
    image: headscale/headscale:0.21.0
    restart: unless-stopped
    environment:
      TZ: Asia/Shanghai
    ports:
      - "58080:8080"
      - "59090:9090"
      - "50443:50443"
    volumes:
      - ./conf:/etc/headscale
      - /repo_dev/devData/headscale:/var/lib/headscale
    command: headscale serve
  headscale-ui:
    image: ghcr.io/gurucomputing/headscale-ui:latest
    restart: unless-stopped
    container_name: headscale-ui
    ports:
      - "50080:80"
  derp:
    image: ghcr.io/yangchuansheng/derper
    restart: always
    container_name: derp
    hostname: derp
    environment:
      - DERP_DOMAIN=derp.xxx.cn
      - DERP_ADDR=:12345
      - DERP_VERIFY_CLIENTS=true
    volumes:
      - /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock  # 避免derp被人白嫖, 本地需要安装taiscale
    ports:
      - "50001:12345"
      - "50002:3478/udp"

　　‍

　　‍