前提
- headscale/tailscale
- derper二进制
- 已备案域名且申请证书
构建derper
需要构建amd64架构的Linux二进制
安装go可以参考官方文档 Download and install
构建derper也比较简单
export GO111MODULE=on
export GOPROXY=https://goproxy.cn
export GOPATH="/root/go"
export GOBIN="$GOPATH/bin"
export PATH=$PATH:$GOBIN:/usr/local/go/bin
go install tailscale.com/cmd/derper@latest
mv /root/go/bin/derper /usr/local/bin/derper
同步证书
假设你的域名是 www.nodeseek.com, 需要保证证书和私钥都是www.nodeseek.com开头
mkdir -p /etc/derper/www.nodeseek.com
# 将证书copy到这个目录下/etc/derper/www.nodeseek.com
ls /etc/derper/www.nodeseek.com
www.nodeseek.com.key
www.nodeseek.com.crt
systemd
没啥好说的
# /etc/systemd/system/derper.service
[Unit]
Description=derper
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/usr/local/bin/derper -hostname www.nodeseek.com -a :7777 -verify-clients -certmode manual -http-port -1 -certdir /etc/derper/www.nodeseek.com
Restart=always
RestartSec=15
[Install]
WantedBy=multi-user.target
开机并启动
systemctl enable derper --now
配置小鸡开启映射
7777
3478
配置headscale
www.nodeseek.com 是cname到小鸡的nat出口ip的域名
# /etc/headscale/derp.yaml 新增如下
907:
regionid: 907
regioncode: dx-nat
regionname: dx-nat
nodes:
- name: dx
regionid: 907
hostname: www.nodeseek.com
stunport: 10112
stunonly: false
derpport: 10100
更新完重启headscale
测试
tailscale netcheck
* DERP latency:
- lt-nat: 39.9ms (lt-nat)
- dx-nat: 49.1ms (dx-nat)
支持技术贴
bd
感谢技术贴!