Headscale部署
Contents
本篇文章记录一下如何在Gentoo Linux上配置Headscale
在Gentoo上配置Headscale
介绍
安装headscale
现在仓库里面已经有了headscale可以直接安装:
emerge -av headscale
配置headscale
编辑/etc/headscale/config.yaml
文件内容如下:
unix_socket: /run/headscale/headscale.sock
ip_prefixes:
- 10.1.0.0/16 # 这里定义headscale的网络
启动服务:
systemctl start headscale
查看服务的运行状态:
systemctl status headscale
加入到开机启动
systemctl enable headscale
查看节点:
headscale node list
创建租户:
headscale user create homelab
客户端加入节点
Linux下面可以使用:
tailscale up --login-server=http://ip:8080 --accept-routes=true --accept-dns=false
打开网页之后看到对应的命令:
headscale nodes register --user homelab --key nodekey:df596243a3e117f45dbdcc7bba8741297e68efd731798c252b65586cacddf756
查看在线节点:
headscale node list
配置headscale DERP
derp服务可以和headscale不一样而且可以有多个,derp的部署可以用我这里打好的镜像,源码位于:https://github.com/slchris/derp-servery
部署derp服务需要准备如下:
- vps (至少有公网ip,如果是NAT机器需要设置对应的映射规则)
- 域名(A、AAA或CNAME解析到服务器对应的公网ip)
- 证书
先要生成证书:
docker run -it --rm --name certbot \
-p 80:80 \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
certbot/certbot certonly
运行服务:
docker run --restart always \
--name derper -p 12345:443 -p 3478:3478/udp \
-v /etc/letsencrypt/live/example.com/fullchain.pem:/app/certs/example.com.crt \
-v /etc/letsencrypt/live/example.com/privkey.pem:/app/certs/example.com.key \
-e DERP_CERT_MODE=manual \
-e DERP_DOMAIN=example.com \
-d ghcr.io/slchris/derp-server:v1
创建derp的配置(Headscale服务端):
vi /etc/headscale/derp.yaml
内容如下:
regions:
800:
regionid: 800
regioncode: hangzhou
regionname: Hangzhou, China
nodes:
- name: hz
regionid: 800
hostname: hz.plz.ac
stunport: 3478
derpport: 12345
修改主配置引用derp的配置:
vi /etc/headscale/config.yaml
修改内容如下:
derp:
# List of externally available DERP maps encoded in JSON
#urls:
# - https://controlplane.tailscale.com/derpmap/default
# Locally available DERP map files encoded in YAML
#
# This option is mostly interesting for people hosting
# their own DERP servers:
# https://tailscale.com/kb/1118/custom-derp-servers/
#
# paths:
# - /etc/headscale/derp-example.yaml
paths:
- /etc/headscale/derp.yaml
# If enabled, a worker will be set up to periodically
# refresh the given sources and update the derpmap
# will be set up.
auto_update_enabled: true
# How often should we check for DERP updates?
update_frequency: 24h
重启服务:
systemctl restart headscale
在客户端节点上需要重启,在重启后查看网络连接的情况:
systemctl restart tailscaled
tailscale netcheck