Headscale部署

本篇文章记录一下如何在Gentoo Linux上配置Headscale

在Gentoo上配置Headscale

现在仓库里面已经有了headscale可以直接安装:

emerge -av headscale

编辑/etc/headscale/config.yaml 文件内容如下:

unix_socket: /run/headscale/headscale.sock
ip_prefixes:

  - 10.1.0.0/16 # 这里定义headscale的网络

启动服务:

systemctl start headscale

查看服务的运行状态:

systemctl status headscale

加入到开机启动

systemctl enable headscale

查看节点:

headscale node list

创建租户:

headscale user create homelab

Linux下面可以使用:

tailscale up --login-server=http://ip:8080 --accept-routes=true --accept-dns=false

打开网页之后看到对应的命令:

headscale nodes register --user homelab --key nodekey:df596243a3e117f45dbdcc7bba8741297e68efd731798c252b65586cacddf756

查看在线节点:

headscale node list

derp服务可以和headscale不一样而且可以有多个,derp的部署可以用我这里打好的镜像,源码位于:https://github.com/slchris/derp-servery

部署derp服务需要准备如下:

  • vps (至少有公网ip,如果是NAT机器需要设置对应的映射规则)
  • 域名(A、AAA或CNAME解析到服务器对应的公网ip)
  • 证书

先要生成证书:

docker run -it --rm --name certbot \
  -p 80:80 \
  -v "/etc/letsencrypt:/etc/letsencrypt"  \
  -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
  certbot/certbot certonly

运行服务:

docker run --restart always \
  --name derper -p 12345:443 -p 3478:3478/udp \
  -v /etc/letsencrypt/live/example.com/fullchain.pem:/app/certs/example.com.crt \
  -v /etc/letsencrypt/live/example.com/privkey.pem:/app/certs/example.com.key \  
  -e DERP_CERT_MODE=manual \
  -e DERP_DOMAIN=example.com \
  -d ghcr.io/slchris/derp-server:v1

创建derp的配置(Headscale服务端):

vi /etc/headscale/derp.yaml

内容如下:

regions:
  800:
    regionid: 800
    regioncode: hangzhou
    regionname: Hangzhou, China
    nodes:
      - name: hz
        regionid: 800
        hostname: hz.plz.ac
        stunport: 3478
        derpport: 12345

修改主配置引用derp的配置:

vi /etc/headscale/config.yaml

修改内容如下:

derp:
  # List of externally available DERP maps encoded in JSON
  #urls:
  #  - https://controlplane.tailscale.com/derpmap/default

  # Locally available DERP map files encoded in YAML
  #
  # This option is mostly interesting for people hosting
  # their own DERP servers:
  # https://tailscale.com/kb/1118/custom-derp-servers/
  #
  # paths:
  #   - /etc/headscale/derp-example.yaml
  paths:
    - /etc/headscale/derp.yaml

  # If enabled, a worker will be set up to periodically
  # refresh the given sources and update the derpmap
  # will be set up.
  auto_update_enabled: true

  # How often should we check for DERP updates?
  update_frequency: 24h

重启服务:

systemctl restart headscale

在客户端节点上需要重启,在重启后查看网络连接的情况:

systemctl restart tailscaled
tailscale netcheck