headscale headscale-ui 部署[亲测成功]

这个笔记剪藏自 https://blog.csdn.net/yushi000/article/details/136685563

网上的基本都不成功，根据官方重新摸了遍。

1、新建挂载目录，创建数据库文件：

mkdir -p /xxx/headscale/configtouch /xxx/headscale/config/db.sqlite

2、配置文件

/xxx/headscale/config/config.yaml 端口我改了，根据自己情况来

---server_url: http://<public_ip>:8081listen_addr: 0.0.0.0:8081metrics_listen_addr: 0.0.0.0:6030grpc_listen_addr: 127.0.0.1:50443grpc_allow_insecure: falseprivate_key_path: /etc/headscale/private.keynoise:  private_key_path: /etc/headscale/noise_private.keyip_prefixes:  - fd7a:115c:a1e0::/48  - 100.64.0.0/10derp:  server:    enabled: false    region_id: 999    region_code: "headscale"    region_name: "Headscale Embedded DERP"    stun_listen_addr: "0.0.0.0:3478"  urls:    - https://controlplane.tailscale.com/derpmap/default  paths: []  auto_update_enabled: true  update_frequency: 24hdisable_check_updates: trueephemeral_node_inactivity_timeout: 30mnode_update_check_interval: 10sdb_type: sqlite3db_path: /etc/headscale/db.sqliteacme_url: https://acme-v02.api.letsencrypt.org/directoryacme_email: ""tls_letsencrypt_hostname: ""tls_letsencrypt_cache_dir: /var/lib/headscale/cachetls_letsencrypt_challenge_type: HTTP-01tls_letsencrypt_listen: ":http"tls_cert_path: ""tls_key_path: ""log:  format: text  level: infoacl_policy_path: ""dns_config:  override_local_dns: false  nameservers:    - 1.1.1.1  domains: []  magic_dns: true  base_domain: example.comunix_socket: /etc/headscale/headscale.sockunix_socket_permission: "0770"logtail:  enabled: falserandomize_client_port: true

3、docker-compose 文件 docker这些安装自行搜索

/xxx/headscale/docker-compose.yml

version: '3'services:  headscale:    image: headscale/headscale:0.22.0    container_name: headscale    command: headscale serve    restart: unless-stopped    volumes: - /xxx/headscale/config:/etc/headscale    ports: - "8081:8081" - "6030:6030"  headscale-ui:    image: ghcr.io/gurucomputing/headscale-ui:2023.01.30-beta-1    restart: unless-stopped    container_name: headscale-ui    ports: - "8082:80"

4、部署 docker-compose up -d

5、创建 apikey

docker exec headscale headscale api create

6、创建租户

docker exec headscale headscale user create <USERNAME>

7、nginx 配置可同域名，也可不同域名，但是不能默认同ip不同端口，会有跨域问题。

server {        server_name 域名;        # Security / XSS Mitigation Headersadd_header X-Frame-Options "SAMEORIGIN";add_header X-XSS-Protection "1; mode=block";add_header X-Content-Type-Options "nosniff";location /web {            proxy_redirect off;            proxy_set_header Host $host;            proxy_set_header X-Real-IP $remote_addr;            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;            proxy_pass http://127.0.0.1:8082;        }location / {            proxy_pass http://127.0.0.1:8081;            proxy_http_version 1.1;            proxy_set_header Upgrade $http_upgrade;            proxy_set_header Connection "upgrade";            proxy_set_header Host $host;            proxy_redirect http:// https://;            proxy_buffering off;            proxy_set_header X-Real-IP $remote_addr;            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;            proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;        }}

8、按提示在网页配置域名和apikey

9、客户端安装

9.1、windows：tailscaled 官方下载

安装后执行命令：

tailscale login --login-server http://<public_ip>:8081

-- advertise-routes=xxx.xxx.xxx.xxx/xx 子网路由,按需

--accept-routes=true

--accept-dns=false

9.2、linux：

docker 安装：

docker run -d --name tailscaled \  --restart always \  -v /var/lib:/var/lib \  -v /dev/net/tun:/dev/net/tun \  -v /lib/modules:/lib/modules \  --network=host --privileged=true \  tailscale/tailscale tailscaled

docker exec -it tailscaled tailscale login --login-server http://<public_ip>:8081

转发配置：

echo 'net.ipv4.ip_forward = 1' | tee /etc/sysctl.d/ipforwarding.confecho 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.d/ipforwarding.confsysctl -p