Headscale组网教程
Tailscale 基础教程:Headscale 的部署方法和使用教程
客户端安装
常用命令
# 1. 创建命名空间
docker exec -it headscale headscale namespaces create xxx
# 2. 查看命名空间
docker exec -it headscale headscale namespaces list
# linux Tailscale 接入 Headscale
# 将 <HEADSCALE_PUB_IP> 换成你的 Headscale 公网 IP 或域名
# 推荐将 DNS 功能关闭,因为它会覆盖系统的默认 DNS。如果你对 DNS 有需求,需要研究官方文档 , --force-reauth 表示强制重新鉴权, 有时怎么都登录不上, 可以添加这个
tailscale up --login-server=https://headscale.xxx.cn --accept-routes=true --accept-dns=false --force-reauth
# 要求到服务器去鉴权:
docker exec -it headscale headscale -u xxx nodes register --key nodekey:ac56f9922fbc5a09670f5c5972f52b3e509de6b235a48046664f27102702ad1a
# 生成用户的prev auth key -- 创建一个可重用的, 过期时间未365天的preauthkeys
docker exec -it headscale headscale preauthkeys -u leiax00 create -e 365d --reusable
tailscale up --login-server=https://headscale.xxx.cn --accept-routes=true --accept-dns=false --auth-key 22b5b5b8af372bb7df55a4618d41da8f1274289c64157870
# 节点查看
docker exec -it headscale headscale nodes list
# 生成API key
docker exec -it headscale headscale apikeys create
docker exec -it headscale headscale apikeys list
1QgzdVxekQ.EPWro_YG-q8JLG4cUbybTapwLzjmdlc0bO82-lluM_M
配置修改
config.yaml修改项
server_url: https://headscale.xxx.cn
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 0.0.0.0:9090
grpc_listen_addr: 0.0.0.0:50443
ip_prefixes:
# - fd7a:115c:a1e0::/48
- 10.0.0.0/16
derp:
urls:
# - <https://controlplane.tailscale.com/derpmap/default>
paths:
- /etc/headscale/derp.yaml
# SQLite config
db_type: sqlite3
# For production:
# db_path: /var/lib/headscale/db.sqlite
db_path: /var/lib/headscale/db.sqlite
# # Postgres config
# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
#db_type: postgres
#db_host: 10.1.0.3
#db_port: 5432
#db_name: headscale
#db_user: postgres
#db_pass: lax4832.
randomize_client_port: true
derp.yaml
derp.yaml与config.yaml放置在同目录下
# /etc/headscale/derp.yaml
regions:
900:
regionid: 900
regioncode: lt
regionname: lax-tencent
nodes:
- name: 900a
regionid: 900
hostname: derp.xxx.cn
ipv4: ''
stunport: 50002
stunonly: false
derpport: 443
docker-compose.yaml
version: '3'
services:
headscale:
container_name: headscale
hostname: headscale
image: headscale/headscale:0.21.0
restart: unless-stopped
environment:
TZ: Asia/Shanghai
ports:
- "58080:8080"
- "59090:9090"
- "50443:50443"
volumes:
- ./conf:/etc/headscale
- /repo_dev/devData/headscale:/var/lib/headscale
command: headscale serve
headscale-ui:
image: ghcr.io/gurucomputing/headscale-ui:latest
restart: unless-stopped
container_name: headscale-ui
ports:
- "50080:80"
derp:
image: ghcr.io/yangchuansheng/derper
restart: always
container_name: derp
hostname: derp
environment:
- DERP_DOMAIN=derp.xxx.cn
- DERP_ADDR=:12345
- DERP_VERIFY_CLIENTS=true
volumes:
- /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock # 避免derp被人白嫖, 本地需要安装taiscale
ports:
- "50001:12345"
- "50002:3478/udp"