使用自己准备的域名以及证书进行部署
域名注册以及备案过程,ssl证书申请省略
ssl证书下载
找到下载,打开选择nginx证书下载
打开压缩包,能够得到以下四个文件:
需要将带有bundler的两个证书进行重命名,将bundler关键字移除,并将以下四个文件上传到需要搭建derp的服务器中,我下方使用的目录是/app/certs/目录下,所以就上传到这个目录下:
使用docker命令进行启动
docker run -d
–name derp --privileged
–restart=always
-p 3478:3478/udp
-p 8444:8444
-v /etc/localtime:/etc/localtime:ro
-v /app/certs/:/app/certs/
-e DERP_DOMAIN=xxxxx
-e DERP_ADDR=:8444
-e DERP_CERT_MODE=manual
-e DERP_HTTP_PORT=-1
fredliang/derper:latest
镜像github地址
GitHub - fredliang44/derper-docker: tailscale‘s selfhosted derp-server docker image
参数解释
3478:udp地址,默认不允许修改
8444:监听地址,默认为443,此处我修改为8444
DERP_CERT_MODE:有manual ,letsencrypt 两种 这里切换为manual
DERP_HTTP_PORT:是否开启http端口,-1为关闭
DERP_DOMAIN:自己的域名地址
/app/certs/:证书宿主机挂载地址
env | required | description | default value |
---|---|---|---|
DERP_DOMAIN | true | derper server hostname | your-hostname.com |
DERP_CERT_DIR | false | directory to store LetsEncrypt certs(if addr’s port is :443) | /app/certs |
DERP_CERT_MODE | false | mode for getting a cert. possible options: manual, letsencrypt | letsencrypt |
DERP_ADDR | false | listening server address | :443 |
DERP_STUN | false | also run a STUN server | true |
DERP_STUN_PORT | false | The UDP port on which to serve STUN. | 3478 |
DERP_HTTP_PORT | false | The port on which to serve HTTP. Set to -1 to disable | 80 |
DERP_VERIFY_CLIENTS | false | verify clients to this DERP server through a local tailscaled instance | false |
修改配置
进入 https://login.tailscale.com/admin/acls/file 打开 Access_controls修改配置
// Example/default ACLs for unrestricted connections.
{
// Declare static groups of users beyond those in the identity service.
"Groups": {
"group:example": ["user1@example.com", "user2@example.com"],
},
// Declare convenient hostname aliases to use in place of IP addresses.
"Hosts": {
"example-host-1": "100.100.100.100",
},
"ACLs": [
// Match absolutely everything. Comment out this section if you want
// to define specific ACL restrictions.
{"Action": "accept", "Users": ["*"], "Ports": ["*:*"]},
],
"derpMap": {
"OmitDefaultRegions": true,
"Regions": {"900": {
"RegionID": 900,
"RegionCode": "myderp",
"Nodes": [{
"Name": "1",
"RegionID": 900,
"HostName": "xxxxx",
"DERPPort": 8444,
}],
}},
},
}
重点关注derpMap中的值
使用命令进行校验
tailscale netcheck
tailscale status
tailscale ping xxx
其他命令可以使用tailscale --help 进行查看,如果无效可以针对节点进行重启后查看。