commit 80e348f5c520070f436d99b67044471079762626 Author: admins Date: Sat Dec 13 23:17:21 2025 +0800 添加 tailscale/tailscale-install.md diff --git a/tailscale/tailscale-install.md b/tailscale/tailscale-install.md new file mode 100644 index 0000000..c637708 --- /dev/null +++ b/tailscale/tailscale-install.md @@ -0,0 +1,142 @@ +``` +https://github.com/juanfont/headscale/releases/download/v0.27.1/headscale_0.27.1_linux_amd64 +https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml +mkdir /var/lib/headscale +chown -R headscale:headscale /var/lib/headscale/ +touch /var/lib/headscale/db.sqlite + +headscale_0.27.1_linux_amd64 /usr/local/bin/headscale +chmod +x /usr/local/bin/headscale +mkdir /etc/headscale/ +cp config-example.yaml /etc/headscale/ + +``` +``` +修改配置文件,将 server_url 改为公网 IP 或域名。如果是国内服务器,域名必须要备案。我的域名无法备案,所以我就直接用公网 IP 了。 +如果暂时用不到 DNS 功能,可以先将 magic_dns 设为 false。 +server_url 设置为 http://:8080,将 替换为公网 IP 或者域名。 +建议打开随机端口,将 randomize_client_port 设为 true。 +可自定义私有网段,也可同时开启 IPv4 和 IPv6: + +ip_prefixes: + # - fd7a:115c:a1e0::/48 + - 100.64.0.0/16 +``` +vim /etc/systemd/system/headscale.service +[Unit] +Description=headscale controller +After=syslog.target +After=network.target + +[Service] +Type=simple +User=headscale +Group=headscale +ExecStart=/usr/local/bin/headscale serve +Restart=always +RestartSec=5 + +# Optional security enhancements +NoNewPrivileges=yes +PrivateTmp=yes +ProtectSystem=strict +ProtectHome=yes +ReadWritePaths=/var/lib/headscale /var/run/headscale +AmbientCapabilities=CAP_NET_BIND_SERVICE +RuntimeDirectory=headscale + +[Install] +WantedBy=multi-user.target + +``` +### 启动 +``` +systemctl daemon-reload +systemctl enable --now headscale +systemctl status headscale.service +``` + +#### 配置你的config.YAML +``` + +#egrep -v "#|^$" /etc/headscale/config.yaml +--- +server_url: http://47.106.140.17:8080 +listen_addr: 0.0.0.0:8080 +metrics_listen_addr: 127.0.0.1:9090 +grpc_listen_addr: 0.0.0.0:50443 +grpc_allow_insecure: false +noise: + private_key_path: /var/lib/headscale/noise_private.key +prefixes: + v4: 100.64.0.0/10 + v6: fd7a:115c:a1e0::/48 + allocation: sequential +derp: + server: + enabled: false + region_id: 999 + region_code: "headscale" + region_name: "Headscale Embedded DERP" + verify_clients: true + stun_listen_addr: "0.0.0.0:3478" + private_key_path: /var/lib/headscale/derp_server_private.key + automatically_add_embedded_derp_region: true + ipv4: 198.51.100.1 + ip_allocation: "sequential" + acl: + - action: "accept" + urls: + - https://controlplane.tailscale.com/derpmap/default + paths: [] + auto_update_enabled: true + update_frequency: 3h +disable_check_updates: false +ephemeral_node_inactivity_timeout: 30m +database: + type: sqlite + debug: false + gorm: + prepare_stmt: true + parameterized_queries: true + skip_err_record_not_found: true + slow_threshold: 1000 + sqlite: + path: /var/lib/headscale/db.sqlite + write_ahead_log: true + wal_autocheckpoint: 1000 +acme_url: https://acme-v02.api.letsencrypt.org/directory +acme_email: "" +tls_letsencrypt_hostname: "" +tls_letsencrypt_cache_dir: /var/lib/headscale/cache +tls_letsencrypt_challenge_type: HTTP-01 +tls_letsencrypt_listen: ":http" +tls_cert_path: "" +tls_key_path: "" +log: + level: info + format: text +policy: + mode: file + path: "" +dns: + magic_dns: false + base_domain: rapha.top + override_local_dns: true + nameservers: + global: + - 114.114.114.114 + - 233.5.5.5 + - 1.1.1.1 + - 8.8.8.8 + split: + {} + search_domains: [] + extra_records: [] +unix_socket: /var/run/headscale/headscale.sock +unix_socket_permission: "0770" +logtail: + enabled: false +randomize_client_port: false + + ```` \ No newline at end of file