Roy的小派

使用Docker + Traefik + Derper 自建 Tailscale 中继服务器

Roy -

依赖服务

  • docker
  • docker compose
  • 一个域名

配置服务

traefik/docker-compose.yml

volumes:
  letsencryptVolume: {}

services:
  traefik:
    image: traefik:latest # The official v3 Traefik docker image
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - letsencryptVolume:/letsencrypt/

derper/docker-compose.yml

networks:
  traefik_default:
    external: true
  default:
    internal: true
services:
    derper:
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.derper.rule=Host(`${HOST_NAME}`)"
            - "traefik.http.routers.derper.tls.certresolver=myresolver"
            - "traefik.http.services.derper.loadbalancer.server.port=8443"
        environment:
            - DERP_DOMAIN=${HOST_NAME}
            - DERP_ADDR=:8443
            - DERP_HTTP_PORT=-1
        ports:
            - 3478:3478/udp
        image: fredliang/derper
        networks:
            - traefik_default
            - default

然后先后启动traefikderper服务

访问 https://${HOST_NAME} 应该就可以看到如下页面

配置 tailescale 访问控制,添加中继节点

打开 talescale 访问管理页面
然后在json里面添加如下配置

{
	"derpMap": {
        // 禁用自带的中继节点
    	// "OmitDefaultRegions": true,
		"Regions": {
			"900": {
				"RegionID":   900,
				"RegionCode": "myderp",
				"Nodes": [
					{
						"Name":     "1",
						"RegionID": 900,
						"HostName": "${HOST_NAME}",
						// IPv4 and IPv6 are optional, but recommended, to reduce
						// potential DERP connectivity issues if DNS is unavailable
						// or having issues. Addresses must be publicly routable
						// and not in private IP ranges.
						"IPv4":      "${IPV4}",
						"IPV6":      "${IPV6}",
						"CanPort80": false,
						"DERPPort":  443,
					},
				],
			},
		},
	},
}

重新连接tailescale服务应该就可以了

参考