环境准备
- 控制服务器 有公网IPv4 Debian 11
- Debian 12 客户端节点
- Windows 11 客户端节点
控制服务器
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
mkdir -p /home/headscale/config
touch /home/headscale/config/db.sqlite
cd /home/headscale
wget -O /home/headscale/config/config.yaml https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml
curl https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml -o /home/headscale/config/config.yaml
vim config/config.yaml
vim docker-compose.yaml
docker-compose pull
docker-compose up -d
docker logs --follow headscale
docker ps
curl http://127.0.0.1:9090/metrics
|
config.yaml配置文件内容如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
| ---
server_url: https://{域名}
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 0.0.0.0:9090
grpc_listen_addr: 0.0.0.0:50443
grpc_allow_insecure: false
noise:
private_key_path: /var/lib/headscale/noise_private.key
prefixes:
v6: fd7a:115c:a1e0::/48
v4: 100.64.0.0/16
derp:
server:
enabled: false
region_id: 999
region_code: "headscale"
region_name: "Headscale Embedded DERP"
stun_listen_addr: "0.0.0.0:3478"
private_key_path: /var/lib/headscale/derp_server_private.key
automatically_add_embedded_derp_region: true
ipv4: 1.2.3.4
ipv6: 2001:db8::1
urls:
- https://controlplane.tailscale.com/derpmap/default
paths: []
auto_update_enabled: true
update_frequency: 24h
disable_check_updates: false
ephemeral_node_inactivity_timeout: 30m
node_update_check_interval: 10s
database:
type: sqlite
sqlite:
path: /var/lib/headscale/db.sqlite
acme_url: https://acme-v02.api.letsencrypt.org/directory
acme_email: ""
tls_letsencrypt_hostname: ""
tls_letsencrypt_cache_dir: /var/lib/headscale/cache
tls_letsencrypt_challenge_type: HTTP-01
tls_letsencrypt_listen: ":http"
tls_cert_path: ""
tls_key_path: ""
log:
format: text
level: info
acl_policy_path: ""
dns_config:
override_local_dns: true
nameservers:
- 223.5.5.5
- 1.1.1.1
domains: []
magic_dns: true
base_domain: agedcat.work
unix_socket: /var/run/headscale/headscale.sock
unix_socket_permission: "0770"
logtail:
enabled: false
randomize_client_port: false
|
docker-compose.yaml内容如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
| version: '3.5'
services:
headscale:
image: headscale/headscale:0.23.0-alpha5
container_name: headscale
volumes:
- /home/headscale/config:/etc/headscale/
- /home/headscale/data:/var/lib/headscale
ports:
- 8080:8080
- 9090:9090
command: serve
restart: unless-stopped
|
1
2
3
4
5
6
7
8
9
10
11
12
|
apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
apt update
apt install caddy
vim /etc/caddy/Caddyfile
systemctl restart caddy
|
/etc/caddy/Caddyfile结尾添加下述内容:
1
2
3
4
5
6
7
8
| :443, {域名}
tls {邮箱}
route {
reverse_proxy http://127.0.0.1:8080 {
header_up Host {upstream_hostport}
header_up X-Forwarded-Host {host}
}
}
|
1
2
|
docker-compose exec headscale headscale users create {用户名}
|
客户端连接节点方法
preauthkeys连接
1
2
3
4
5
|
docker-compose exec headscale headscale preauthkeys create -e 48h -u {用户名}
tailscale up --login-server https://{设置的域名} --authkey {密钥}
|
登录注册
1
2
3
4
5
6
7
|
sudo tailscale up --login-server https://{设置的域名}
docker-compose exec headscale headscale nodes register --user {用户} --key mkey:{生成的key}
|
Debian客户端节点
1
2
3
4
5
6
7
8
9
10
|
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up --login-server https://{设置的域名}
docker-compose exec headscale headscale nodes register --user mydevops --key mkey:{生成的key}
|
Windows客户端节点
1
2
3
4
5
|
docker-compose exec headscale headscale preauthkeys create -e 48h -u {用户名}
tailscale up --login-server https://{设置的域名} --authkey {预共享密钥}
|
参考资料
