依赖服务
- docker
- docker compose
- 一个域名
配置服务
traefik/docker-compose.yml
volumes:
letsencryptVolume: {}
services:
traefik:
image: traefik:latest # The official v3 Traefik docker image
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- letsencryptVolume:/letsencrypt/
derper/docker-compose.yml
networks:
traefik_default:
external: true
default:
internal: true
services:
derper:
labels:
- "traefik.enable=true"
- "traefik.http.routers.derper.rule=Host(`${HOST_NAME}`)"
- "traefik.http.routers.derper.tls.certresolver=myresolver"
- "traefik.http.services.derper.loadbalancer.server.port=8443"
environment:
- DERP_DOMAIN=${HOST_NAME}
- DERP_ADDR=:8443
- DERP_HTTP_PORT=-1
ports:
- 3478:3478/udp
image: fredliang/derper
networks:
- traefik_default
- default
然后先后启动traefik和derper服务
访问 https://${HOST_NAME} 应该就可以看到如下页面
配置 tailescale 访问控制,添加中继节点
打开 talescale 访问管理页面
然后在json里面添加如下配置
{
"derpMap": {
// 禁用自带的中继节点
// "OmitDefaultRegions": true,
"Regions": {
"900": {
"RegionID": 900,
"RegionCode": "myderp",
"Nodes": [
{
"Name": "1",
"RegionID": 900,
"HostName": "${HOST_NAME}",
// IPv4 and IPv6 are optional, but recommended, to reduce
// potential DERP connectivity issues if DNS is unavailable
// or having issues. Addresses must be publicly routable
// and not in private IP ranges.
"IPv4": "${IPV4}",
"IPV6": "${IPV6}",
"CanPort80": false,
"DERPPort": 443,
},
],
},
},
},
}
重新连接tailescale服务应该就可以了
