Loading... # 准备 ## 准备虚拟机 1~3个人,需要1C2G10GB的云主机。 ![2023-10-27T06:49:38.png][1] ## 加入堡垒机 ## 安装docker yum install -y docker-ce echo 'alias docker-compose="docker compose"' >> ~/.bashrc . ~/.bashrc ## 申请证书 export Ali_Key="xxx" export Ali_Secret="xxx" /root/.acme.sh/acme.sh --issue -d derp.sddts.cn --challenge-alias xxx.cn --dns dns_ali --force 证书手动申请,然后放在/opt/derp/certs路径下 ![2023-10-27T07:03:34.png][2] # 部署 ## 创建目录 mkdir -p /opt/headscale mkdir -p /opt/derp ## 准备.env文件 TAILSCALE_DERP_HOSTNAME=derp.sddts.cn TAILSCALE_DERP_VERIFY_CLIENTS=true #TAILSCALE_DERP_CERTMODE=letsencrypt TAILSCALE_DERP_CERTMODE=manual TAILSCALE_AUTH_KEY="tskey-auth-123-123" ## 准备docker-compose文件 version: '3' services: headscale: image: dockerproxy.com/juanfont/headscale:sha-b01f1f1 container_name: headscale volumes: - /opt/headscale/config:/etc/headscale - /opt/headscale/data:/var/lib/headscale environment: - "TZ=Asia/Shanghai" ports: - 51110:51110 - 51111:51111 restart: unless-stopped entrypoint: - sh - -euc - | cat <<'EOF'>/etc/headscale/config.yaml --- server_url: http://derp.sddts.cn:51110 listen_addr: 0.0.0.0:51110 metrics_listen_addr: 127.0.0.1:51111 grpc_listen_addr: 0.0.0.0:50443 grpc_allow_insecure: false private_key_path: /var/lib/headscale/private.key noise: private_key_path: /var/lib/headscale/noise_private.key ip_prefixes: #- fd7a:115c:a1e0::/48 - 100.64.0.0/10 derp: paths: - /etc/headscale/derp.yaml auto_update_enabled: true update_frequency: 24h disable_check_updates: false ephemeral_node_inactivity_timeout: 30m node_update_check_interval: 10s db_type: sqlite3 db_path: /var/lib/headscale/db.sqlite acme_url: https://acme-v02.api.letsencrypt.org/directory acme_email: "" tls_letsencrypt_hostname: "" tls_letsencrypt_cache_dir: /var/lib/headscale/cache tls_letsencrypt_challenge_type: HTTP-01 tls_letsencrypt_listen: ":http" tls_cert_path: "" tls_key_path: "" log: format: text level: info acl_policy_path: "" dns_config: override_local_dns: true nameservers: - 223.5.5.5 domains: [] magic_dns: true base_domain: example.com unix_socket: /var/run/headscale/headscale.sock unix_socket_permission: "0770" logtail: enabled: false randomize_client_port: false EOF cat <<'EOF'>/etc/headscale/derp.yaml regions: 900: regionid: 900 regioncode: thk regionname: office nodes: - name: office-A regionid: 900 hostname: derp.sddts.cn stunport: 51113 stunonly: false derpport: 51112 EOF headscale serve derp: image: dockerproxy.com/yangchuansheng/derper:latest container_name: derp restart: always init: true ports: - 80:80 - 443:443 - 51112:51112 - 51113:51113/udp cap_add: - NET_RAW - NET_ADMIN volumes: - /opt/derp/certs:/app/certs/ - /etc/localtime:/etc/localtime:ro environment: - "DERP_CERT_MODE=manual" - "DERP_ADDR=:51112" - "DERP_DOMAIN=derp.sddts.cn" - "TZ=Asia/Shanghai" # 客户端连接 # 启动客户端 ## 客户端测 tailscale up --login-server=https://derp.sddts.cn:51820 --accept-routes=true --accept-dns=false --force-reauth --advertise-routes=192.168.105.0/24 --advertise-routes=192.168.105.0/24 # 当前客户端可以通往192.168.105.0/24 ## 服务端测 dockerid=`docker ps | grep headscale | awk '{print $1}'` docker exec -it /bin/bash $dockerid headscale -n default nodes register --key xxx # 客户端常用命令 # 启动客户端tailscaled服务 注意,tailscaled和tailscale不一样。前者是后台服务,后者是可以操作服务的程序。 # 连接headscale网络 tailscale up # 断开连接 tailscale down # 查看连接状态 tailscale status # 查看接入headscale网络后分配给当前客户端的ip地址 tailscale ip # 查看当前客户端与derp中继服务的延迟信息 tailscale netcheck # 服务端常用命令 # 查看当前客户端列表 headscale nodes list # 查看当前headscale网络路由(主要是客户端通告的可达路由) headscale routes list # 允许/删除/禁用客户端通告的路由 headscale routes enable|delete|disable $routeid # 参考 https://hub.docker.com/r/sparanoid/derp https://tailscale.com/kb/manage-devices/ https://www.linshenkx.cn/archives/tailscale-derper-docker https://github.com/tijjjy/Tailscale-DERP-Docker [1]: https://www.sddts.cn/usr/uploads/2023/10/2931780304.png [2]: https://www.sddts.cn/usr/uploads/2023/10/2386462554.png 最后修改:2024 年 05 月 11 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏