{"id":25124,"date":"2025-04-19T11:42:34","date_gmt":"2025-04-19T03:42:34","guid":{"rendered":"https:\/\/www.wsisp.com\/helps\/25124.html"},"modified":"2025-04-19T11:42:34","modified_gmt":"2025-04-19T03:42:34","slug":"%e8%87%aa%e5%ae%9a%e4%b9%89%e6%9c%8d%e5%8a%a1%e5%99%a8-headscale-headscale-ui-%e9%83%a8%e7%bd%b2-docker","status":"publish","type":"post","link":"https:\/\/www.wsisp.com\/helps\/25124.html","title":{"rendered":"\u81ea\u5b9a\u4e49\u670d\u52a1\u5668 headscale headscale-ui \u90e8\u7f72 docker"},"content":{"rendered":"

1\u3001\u65b0\u5efa\u6302\u8f7d\u76ee\u5f55,\u521b\u5efa\u6570\u636e\u5e93\u6587\u4ef6:<\/p>\n

mkdir<\/span> -p<\/span> \/xxx\/headscale\/config<\/p>\n

touch<\/span> \/xxx\/headscale\/config\/db.sqlite<\/p>\n

2\u3001\u914d\u7f6e\u6587\u4ef6<\/p>\n

\/xxx\/headscale\/config\/config.yaml \u7aef\u53e3\u6211\u6539\u4e86,\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u6765<\/p>\n


\n# headscale will look for a configuration file named `config.yaml` (or `config.json`) in the following order:<\/span>
\n#<\/span>
\n# – `\/etc\/headscale`<\/span>
\n# – `~\/.headscale`<\/span>
\n# – current working directory<\/span><\/p>\n

# The url clients will connect to.<\/span>
\n# Typically this will be a domain like:<\/span>
\n#<\/span>
\n# https:\/\/myheadscale.example.com:443<\/span>
\n#<\/span>
\nserver_url: http:\/\/<<\/span>public_ip><\/span>:8081<\/p>\n

# Address to listen to \/ bind to on the server<\/span>
\n#<\/span>
\n# For production:<\/span>
\n# listen_addr: 0.0.0.0:8080<\/span>
\nlisten_addr: 0.0<\/span>.0.0:8081<\/p>\n

# Address to listen to \/metrics, you may want<\/span>
\n# to keep this endpoint private to your internal<\/span>
\n# network<\/span>
\n#<\/span>
\nmetrics_listen_addr: 0.0<\/span>.0.0:6030<\/p>\n

# Address to listen for gRPC.<\/span>
\n# gRPC is used for controlling a headscale server<\/span>
\n# remotely with the CLI<\/span>
\n# Note: Remote access _only_ works if you have<\/span>
\n# valid certificates.<\/span>
\n#<\/span>
\n# For production:<\/span>
\n# grpc_listen_addr: 0.0.0.0:50443<\/span>
\ngrpc_listen_addr: 127.0<\/span>.0.1:50443<\/p>\n

# Allow the gRPC admin interface to run in INSECURE<\/span>
\n# mode. This is not recommended as the traffic will<\/span>
\n# be unencrypted. Only enable if you know what you<\/span>
\n# are doing.<\/span>
\ngrpc_allow_insecure: false<\/span><\/p>\n

# Private key used to encrypt the traffic between headscale<\/span>
\n# and Tailscale clients.<\/span>
\n# The private key file will be autogenerated if it's missing.<\/span>
\n#<\/span>
\nprivate_key_path: \/etc\/headscale\/private.key<\/p>\n

# The Noise section includes specific configuration for the<\/span>
\n# TS2021 Noise protocol<\/span>
\nnoise:
\n # The Noise private key is used to encrypt the<\/span>
\n # traffic between headscale and Tailscale clients when<\/span>
\n # using the new Noise-based protocol. It must be different<\/span>
\n # from the legacy private key.<\/span>
\n private_key_path: \/etc\/headscale\/noise_private.key<\/p>\n

# List of IP prefixes to allocate tailaddresses from.<\/span>
\n# Each prefix consists of either an IPv4 or IPv6 address,<\/span>
\n# and the associated prefix length, delimited by a slash.<\/span>
\n# While this looks like it can take arbitrary values, it<\/span>
\n# needs to be within IP ranges supported by the Tailscale<\/span>
\n# client.<\/span>
\n# IPv6: https:\/\/github.com\/tailscale\/tailscale\/blob\/22ebb25e833264f58d7c3f534a8b166894a89536\/net\/tsaddr\/tsaddr.go#LL81C52-L81C71<\/span>
\n# IPv4: https:\/\/github.com\/tailscale\/tailscale\/blob\/22ebb25e833264f58d7c3f534a8b166894a89536\/net\/tsaddr\/tsaddr.go#L33<\/span>
\nip_prefixes:
\n – fd7a:115c:a1e0::\/48
\n – 100.64<\/span>.0.0\/10<\/p>\n

# DERP is a relay system that Tailscale uses when a direct<\/span>
\n# connection cannot be established.<\/span>
\n# https:\/\/tailscale.com\/blog\/how-tailscale-works\/#encrypted-tcp-relays-derp<\/span>
\n#<\/span>
\n# headscale needs a list of DERP servers that can be presented<\/span>
\n# to the clients.<\/span>
\nderp:
\n server:
\n # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config<\/span>
\n # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place<\/span>
\n enabled: false<\/span><\/p>\n

# Region ID to use for the embedded DERP server.<\/span>
\n # The local DERP prevails if the region ID collides with other region ID coming from<\/span>
\n # the regular DERP config.<\/span>
\n region_id: 999<\/span><\/p>\n

# Region code and name are displayed in the Tailscale UI to identify a DERP region<\/span>
\n region_code: "headscale"<\/span>
\n region_name: "Headscale Embedded DERP"<\/span><\/p>\n

# Listens over UDP at the configured address for STUN connections – to help with NAT traversal.<\/span>
\n # When the embedded DERP server is enabled stun_listen_addr MUST be defined.<\/span>
\n #<\/span>
\n # For more details on how this works, check this great article: https:\/\/tailscale.com\/blog\/how-tailscale-works\/<\/span>
\n stun_listen_addr: "0.0.0.0:3478"<\/span><\/p>\n

# List of externally available DERP maps encoded in JSON<\/span>
\n urls:
\n – https:\/\/controlplane.tailscale.com\/derpmap\/default<\/p>\n

# Locally available DERP map files encoded in YAML<\/span>
\n #<\/span>
\n # This option is mostly interesting for people hosting<\/span>
\n # their own DERP servers:<\/span>
\n # https:\/\/tailscale.com\/kb\/1118\/custom-derp-servers\/<\/span>
\n #<\/span>
\n # paths:<\/span>
\n # – \/etc\/headscale\/derp-example.yaml<\/span>
\n paths: [<\/span>]<\/span><\/p>\n

# If enabled, a worker will be set up to periodically<\/span>
\n # refresh the given sources and update the derpmap<\/span>
\n # will be set up.<\/span>
\n auto_update_enabled: true<\/span><\/p>\n

# How often should we check for DERP updates?<\/span>
\n update_frequency: 24h<\/p>\n

# Disables the automatic check for headscale updates on startup<\/span>
\ndisable_check_updates: true<\/span><\/p>\n

# Time before an inactive ephemeral node is deleted?<\/span>
\nephemeral_node_inactivity_timeout: 30m<\/p>\n

# Period to check for node updates within the tailnet. A value too low will severely affect<\/span>
\n# CPU consumption of Headscale. A value too high (over 60s) will cause problems<\/span>
\n# for the nodes, as they won't get updates or keep alive messages frequently enough.<\/span>
\n# In case of doubts, do not touch the default 10s.<\/span>
\nnode_update_check_interval: 10s<\/p>\n

# SQLite config<\/span>
\ndb_type: sqlite3<\/p>\n

# For production:<\/span>
\ndb_path: \/etc\/headscale\/db.sqlite<\/p>\n

# # Postgres config<\/span>
\n# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.<\/span>
\n# db_type: postgres<\/span>
\n# db_host: localhost<\/span>
\n# db_port: 5432<\/span>
\n# db_name: headscale<\/span>
\n# db_user: foo<\/span>
\n# db_pass: bar<\/span><\/p>\n

# If other 'sslmode' is required instead of 'require(true)' and 'disabled(false)', set the 'sslmode' you need<\/span>
\n# in the 'db_ssl' field. Refers to https:\/\/www.postgresql.org\/docs\/current\/libpq-ssl.html Table 34.1.<\/span>
\n# db_ssl: false<\/span><\/p>\n

### TLS configuration<\/span>
\n#<\/span>
\n## Let's encrypt \/ ACME<\/span>
\n#<\/span>
\n# headscale supports automatically requesting and setting up<\/span>
\n# TLS for a domain with Let's Encrypt.<\/span>
\n#<\/span>
\n# URL to ACME directory<\/span>
\nacme_url: https:\/\/acme-v02.api.letsencrypt.org\/directory<\/p>\n

# Email to register with ACME provider<\/span>
\nacme_email: ""<\/span><\/p>\n

# Domain name to request a TLS certificate for:<\/span>
\ntls_letsencrypt_hostname: ""<\/span><\/p>\n

# Path to store certificates and metadata needed by<\/span>
\n# letsencrypt<\/span>
\n# For production:<\/span>
\ntls_letsencrypt_cache_dir: \/var\/lib\/headscale\/cache<\/p>\n

# Type of ACME challenge to use, currently supported types:<\/span>
\n# HTTP-01 or TLS-ALPN-01<\/span>
\n# See [docs\/tls.md](docs\/tls.md) for more information<\/span>
\ntls_letsencrypt_challenge_type: HTTP-01
\n# When HTTP-01 challenge is chosen, letsencrypt must set up a<\/span>
\n# verification endpoint, and it will be listening on:<\/span>
\n# :http = port 80<\/span>
\ntls_letsencrypt_listen: ":http"<\/span><\/p>\n

## Use already defined certificates:<\/span>
\ntls_cert_path: ""<\/span>
\ntls_key_path: ""<\/span><\/p>\n

log:
\n # Output formatting for logs: text or json<\/span>
\n format: text
\n level: info<\/p>\n

# Path to a file containg ACL policies.<\/span>
\n# ACLs can be defined as YAML or HUJSON.<\/span>
\n# https:\/\/tailscale.com\/kb\/1018\/acls\/<\/span>
\nacl_policy_path: ""<\/span><\/p>\n

## DNS<\/span>
\n#<\/span>
\n# headscale supports Tailscale's DNS configuration and MagicDNS.<\/span>
\n# Please have a look to their KB to better understand the concepts:<\/span>
\n#<\/span>
\n# – https:\/\/tailscale.com\/kb\/1054\/dns\/<\/span>
\n# – https:\/\/tailscale.com\/kb\/1081\/magicdns\/<\/span>
\n# – https:\/\/tailscale.com\/blog\/2021-09-private-dns-with-magicdns\/<\/span>
\n#<\/span>
\ndns_config:
\n # Whether to prefer using Headscale provided DNS or use local.<\/span>
\n override_local_dns: false<\/span><\/p>\n

# List of DNS servers to expose to clients.<\/span>
\n nameservers:
\n – 1.1<\/span>.1.1<\/p>\n

# NextDNS (see https:\/\/tailscale.com\/kb\/1218\/nextdns\/).<\/span>
\n # "abc123" is example NextDNS ID, replace with yours.<\/span>
\n #<\/span>
\n # With metadata sharing:<\/span>
\n # nameservers:<\/span>
\n # – https:\/\/dns.nextdns.io\/abc123<\/span>
\n #<\/span>
\n # Without metadata sharing:<\/span>
\n # nameservers:<\/span>
\n # – 2a07:a8c0::ab:c123<\/span>
\n # – 2a07:a8c1::ab:c123<\/span><\/p>\n

# Split DNS (see https:\/\/tailscale.com\/kb\/1054\/dns\/),<\/span>
\n # list of search domains and the DNS to query for each one.<\/span>
\n #<\/span>
\n # restricted_nameservers:<\/span>
\n # foo.bar.com:<\/span>
\n # – 1.1.1.1<\/span>
\n # darp.headscale.net:<\/span>
\n # – 1.1.1.1<\/span>
\n # – 8.8.8.8<\/span><\/p>\n

# Search domains to inject.<\/span>
\n domains: [<\/span>]<\/span><\/p>\n

# Extra DNS records<\/span>
\n # so far only A-records are supported (on the tailscale side)<\/span>
\n # See https:\/\/github.com\/juanfont\/headscale\/blob\/main\/docs\/dns-records.md#Limitations<\/span>
\n # extra_records:<\/span>
\n # – name: "grafana.myvpn.example.com"<\/span>
\n # type: "A"<\/span>
\n # value: "100.64.0.3"<\/span>
\n #<\/span>
\n # # you can also put it in one line<\/span>
\n # – { name: "prometheus.myvpn.example.com", type: "A", value: "100.64.0.3" }<\/span><\/p>\n

# Whether to use [MagicDNS](https:\/\/tailscale.com\/kb\/1081\/magicdns\/).<\/span>
\n # Only works if there is at least a nameserver defined.<\/span>
\n magic_dns: true<\/span><\/p>\n

# Defines the base domain to create the hostnames for MagicDNS.<\/span>
\n # `base_domain` must be a FQDNs, without the trailing dot.<\/span>
\n # The FQDN of the hosts will be<\/span>
\n # `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_).<\/span>
\n base_domain: example.com<\/p>\n

# Unix socket used for the CLI to connect without authentication<\/span>
\n# Note: for production you will want to set this to something like:<\/span>
\nunix_socket: \/etc\/headscale\/headscale.sock
\nunix_socket_permission: "0770"<\/span>
\n#<\/span>
\n# headscale supports experimental OpenID connect support,<\/span>
\n# it is still being tested and might have some bugs, please<\/span>
\n# help us test it.<\/span>
\n# OpenID Connect<\/span>
\n# oidc:<\/span>
\n# only_start_if_oidc_is_available: true<\/span>
\n# issuer: "https:\/\/your-oidc.issuer.com\/path"<\/span>
\n# client_id: "your-oidc-client-id"<\/span>
\n# client_secret: "your-oidc-client-secret"<\/span>
\n# # Alternatively, set `client_secret_path` to read the secret from the file.<\/span>
\n# # It resolves environment variables, making integration to systemd's<\/span>
\n# # `LoadCredential` straightforward:<\/span>
\n# client_secret_path: "${CREDENTIALS_DIRECTORY}\/oidc_client_secret"<\/span>
\n# # client_secret and client_secret_path are mutually exclusive.<\/span>
\n#<\/span>
\n# # The amount of time from a node is authenticated with OpenID until it<\/span>
\n# # expires and needs to reauthenticate.<\/span>
\n# # Setting the value to "0" will mean no expiry.<\/span>
\n# expiry: 180d<\/span>
\n#<\/span>
\n# # Use the expiry from the token received from OpenID when the user logged<\/span>
\n# # in, this will typically lead to frequent need to reauthenticate and should<\/span>
\n# # only been enabled if you know what you are doing.<\/span>
\n# # Note: enabling this will cause `oidc.expiry` to be ignored.<\/span>
\n# use_expiry_from_token: false<\/span>
\n#<\/span>
\n# # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query<\/span>
\n# # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".<\/span>
\n#<\/span>
\n# scope: ["openid", "profile", "email", "custom"]<\/span>
\n# extra_params:<\/span>
\n# domain_hint: example.com<\/span>
\n#<\/span>
\n# # List allowed principal domains and\/or users. If an authenticated user's domain is not in this list, the<\/span>
\n# # authentication request will be rejected.<\/span>
\n#<\/span>
\n# allowed_domains:<\/span>
\n# – example.com<\/span>
\n# # Note: Groups from keycloak have a leading '\/'<\/span>
\n# allowed_groups:<\/span>
\n# – \/headscale<\/span>
\n# allowed_users:<\/span>
\n# – alice@example.com<\/span>
\n#<\/span>
\n# # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.<\/span>
\n# # This will transform `first-name.last-name@example.com` to the user `first-name.last-name`<\/span>
\n# # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following<\/span>
\n# user: `first-name.last-name.example.com`<\/span>
\n#<\/span>
\n# strip_email_domain: true<\/span><\/p>\n

# Logtail configuration<\/span>
\n# Logtail is Tailscales logging and auditing infrastructure, it allows the control panel<\/span>
\n# to instruct tailscale nodes to log their activity to a remote server.<\/span>
\nlogtail:
\n # Enable logtail for this headscales clients.<\/span>
\n # As there is currently no support for overriding the log server in headscale, this is<\/span>
\n # disabled by default. Enabling this will make your clients send logs to Tailscale Inc.<\/span>
\n enabled: false<\/span><\/p>\n

# Enabling this option makes devices prefer a random port for WireGuard traffic over the<\/span>
\n# default static port 41641. This option is intended as a workaround for some buggy<\/span>
\n# firewall devices. See https:\/\/tailscale.com\/kb\/1181\/firewalls\/ for more information.<\/span>
\nrandomize_client_port: true<\/span><\/p>\n

3\u3001docker-compose \u6587\u4ef6 docker\u8fd9\u4e9b\u5b89\u88c5\u81ea\u884c\u641c\u7d22 \/xxx\/headscale\/docker-compose.yml<\/p>\n

version: '3'<\/span><\/p>\n

services:
\n headscale:
\n image: headscale\/headscale:0.22.0
\n container_name: headscale
\n command: headscale serve
\n sysctls:
\n – net.ipv4.ip_forward<\/span>=<\/span>1<\/span>
\n – net.ipv6.conf.all.forwarding<\/span>=<\/span>1<\/span>
\n restart: always
\n volumes:
\n – $PWD<\/span>\/config:\/etc\/headscale
\n ports:
\n – "21830:8081"<\/span>
\n – "21831:6030"<\/span><\/p>\n

headscale-ui:
\n image: ghcr.io\/gurucomputing\/headscale-ui:2023.01.30-beta-1
\n restart: always
\n container_name: headscale-ui
\n ports:
\n – "21832:80"<\/span><\/p>\n

4\u3001\u90e8\u7f72 docker-compose up -d 5\u3001\u521b\u5efa apikey<\/p>\n

docker<\/span> exec<\/span> headscale headscale api create<\/p>\n

6\u3001\u521b\u5efa\u79df\u6237 \u8fd9\u4e2a\u81ea\u5df1\u5b9a\u4e49 \u4f8b\u5982 defname \u5219\u4e0b\u9762\u6240\u6709\u7684\u90fd\u66ff\u6362\u6210defname<\/p>\n

docker<\/span> exec<\/span> headscale headscale user create <<\/span>USERNAME><\/span><\/p>\n

7\u3001nginx \u914d\u7f6e \u53ef\u540c\u57df\u540d,\u4e5f\u53ef\u4e0d\u540c\u57df\u540d,\u4f46\u662f\u4e0d\u80fd\u9ed8\u8ba4\u540cip\u4e0d\u540c\u7aef\u53e3,\u4f1a\u6709\u8de8\u57df\u95ee\u9898\u3002 \u5982\u679c\u662fhttps \u4f7f\u7528\u5ba2\u6237\u7aef\u8fde\u63a5\u7684\u65f6\u5019\u4e0d\u4f1a\u81ea\u52a8\u6253\u5f00\u6d4f\u89c8\u5668\u7684,\u4eb2\u6d4bhttp\u4f1a\u81ea\u52a8\u6253\u5f00\u6d4f\u89c8\u5668\u770b\u5230nodekey<\/p>\n

server {<\/span>
\n listen 21833<\/span> ssl;<\/span>
\n # Security \/ XSS Mitigation Headers<\/span>
\n server_name localhost;<\/span>
\n ssl_certificate \/usr\/share\/nginx\/8668953_xxxx.xxx.top.pem;<\/span>
\n ssl_certificate_key \/usr\/share\/nginx\/8668953_xxx.xxx-show.top.key;<\/span>
\n ssl_session_cache shared:SSL:1m;<\/span>
\n ssl_session_timeout 5m;<\/span>
\n ssl_ciphers HIGH:!<\/span>aNULL:!<\/span>MD5;<\/span>
\n ssl_prefer_server_ciphers on;<\/span><\/p>\n

add_header X-Frame-Options "SAMEORIGIN"<\/span>;<\/span>
\n add_header X-XSS-Protection "1; mode=block"<\/span>;<\/span>
\n add_header X-Content-Type-Options "nosniff"<\/span>;<\/span><\/p>\n

location \/web {<\/span>
\n proxy_redirect off;<\/span>
\n proxy_set_header Host $host<\/span>;<\/span>
\n proxy_set_header X-Real-IP $remote_addr<\/span>;<\/span>
\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for<\/span>;<\/span>
\n proxy_pass http:\/\/192.168.123.118:21832;<\/span>
\n }<\/span><\/p>\n

location \/ {<\/span>
\n #proxy_pass http:\/\/127.0.0.1:8081;<\/span>
\n proxy_pass http:\/\/192.168.123.118:21830;<\/span>
\n proxy_http_version 1.1<\/span>;<\/span>
\n proxy_set_header Upgrade $http_upgrade<\/span>;<\/span>
\n proxy_set_header Connection "upgrade"<\/span>;<\/span>
\n proxy_set_header Host $host<\/span>;<\/span>
\n proxy_redirect http:\/\/ https:\/\/;<\/span>
\n proxy_buffering off;<\/span>
\n proxy_set_header X-Real-IP $remote_addr<\/span>;<\/span>
\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for<\/span>;<\/span>
\n proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto<\/span>;<\/span>
\n add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"<\/span> always;<\/span>
\n }<\/span>
\n}<\/span><\/p>\n

8\u3001\u6309\u63d0\u793a\u5728\u7f51\u9875\u914d\u7f6e\u57df\u540d\u548capikey \"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\"<\/p>\n

9\u3001\u5ba2\u6237\u7aef\u5b89\u88c5 9.1\u3001windows:tailscaled \u5b98\u65b9\u4e0b\u8f7d<\/p>\n

\u5b89\u88c5\u540e\u6267\u884c\u547d\u4ee4: <\/p>\n

#\u5982\u679c\u662f\u7b2c\u4e00\u6b21\u767b\u5f55,\u6ce8\u518c,192.168.0.0\/24\u6539\u4e3a\u4f60\u5c40\u57df\u7f51ip\u6bb5<\/span>
\ntailscale login –login-server http:\/\/\u670d\u52a1\u5668ip:21833<\/p>\n

#\u91cd\u65b0\u767b\u5f55,ailscale \u5ba2\u6237\u7aef\u8282\u70b9\u505a\u7f51\u5173\u5ba2\u6237\u7aef\u591a\u4e2a\u5b50\u7f51\u8fdb\u884c\u66b4\u9732 \u4fee\u6539\u5b50\u7f51\u8def\u7531 \u591a\u4e2a\u5b50\u7f51\u4f7f\u7528\u9017\u53f7\u5206\u9694 \u4f8b\u5982<\/span>
\ntailscale up –login-server http:\/\/ip\u6216\u8005\u57df\u540d:21833 –advertise-exit-node –accept-dns=<\/span>false –advertise-routes=<\/span>192.168<\/span>.0.0\/24,192.168.123.0\/24 –reset<\/span><\/p>\n

9.2\u3001linux: docker \u5b89\u88c5:<\/p>\n

docker<\/span> run -d<\/span> –name<\/span> tailscaled \\\\<\/span>
\n –restart<\/span> always \\\\<\/span>
\n -v<\/span> \/var\/lib:\/var\/lib \\\\<\/span>
\n -v<\/span> \/dev\/net\/tun:\/dev\/net\/tun \\\\<\/span>
\n -v<\/span> \/lib\/modules:\/lib\/modules \\\\<\/span>
\n –network<\/span>=<\/span>host –privileged<\/span>=<\/span>true \\\\<\/span>
\n tailscale\/tailscale tailscaled<\/p>\n

docker<\/span> exec<\/span> -it<\/span> tailscaled tailscale login –login-server http:\/\/<<\/span>public_ip><\/span>:8081<\/p>\n

\u8f6c\u53d1\u914d\u7f6e:<\/p>\n

echo<\/span> 'net.ipv4.ip_forward = 1'<\/span> |<\/span> tee<\/span> \/etc\/sysctl.d\/ipforwarding.conf
\necho<\/span> 'net.ipv6.conf.all.forwarding = 1'<\/span> |<\/span> tee<\/span> -a<\/span> \/etc\/sysctl.d\/ipforwarding.conf
\nsysctl<\/span> -p<\/span><\/p>\n

9.3 linux \u672c\u5730\u5b89\u88c5 \u5b98\u7f51:https:\/\/tailscale.com\/download\/linux\/static \"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\"<\/p>\n

curl<\/span> -fsSL<\/span> https:\/\/tailscale.com\/install.sh |<\/span> sh<\/span><\/p>\n

#\u5982\u679c\u662f\u7b2c\u4e00\u6b21\u767b\u5f55,\u6ce8\u518c,192.168.0.0\/24\u6539\u4e3a\u4f60\u5c40\u57df\u7f51ip\u6bb5<\/span>
\ntailscale login –login-server http:\/\/\u670d\u52a1\u5668ip:21833<\/p>\n

#\u91cd\u65b0\u767b\u5f55,ailscale \u5ba2\u6237\u7aef\u8282\u70b9\u505a\u7f51\u5173\u5ba2\u6237\u7aef\u591a\u4e2a\u5b50\u7f51\u8fdb\u884c\u66b4\u9732 \u4fee\u6539\u5b50\u7f51\u8def\u7531 \u591a\u4e2a\u5b50\u7f51\u4f7f\u7528\u9017\u53f7\u5206\u9694 \u4f8b\u5982<\/span>
\ntailscale up –login-server http:\/\/ip\u6216\u8005\u57df\u540d:21833 –advertise-exit-node –accept-dns=<\/span>false –advertise-routes=<\/span>192.168<\/span>.0.0\/24,192.168.123.0\/24 –reset<\/span><\/p>\n

\u6267\u884c\u5b8c\u6210\u540e\u53bb\u770bheadscale\u5bb9\u5668\u65e5\u5fd7\u6216\u8005\u5f53\u524d\u7a97\u53e3\u65e5\u5fd7<\/p>\n

\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\"<\/p>\n

\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \u590d\u5236\u51fa nodekey:8edc7b8a44b42e70cf52101772ad86d7479f487043b52d8df5f8db04c45bfb37 \u7136\u540e\u5728headscale\u5bb9\u5668\u91cc\u9762\u6267\u884c \u4e0b\u9762\u7684\u547d\u4ee4\u628alinux\u5ba2\u6237\u7aef\u6dfb\u52a0\u5230headscale ,\u9700\u8981\u4fee\u6539\u6210\u81ea\u5df1\u7684\u7528\u6237\u4f8b\u5982\u4e0a\u9762\u7684defname<\/p>\n

docker<\/span> exec<\/span> -it<\/span> headscale headscale nodes register –user<\/span> <<\/span>USERNAME><\/span> –key<\/span> nodekey:a54fcc7eaf88db89d20de099a31e7bcdefeb31e04855fcb75d62d582fd917804<\/p>\n

10.\u5b89\u5353app tailscale.apk \"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \u7136\u540e\u586b\u5165headscale\u670d\u52a1\u5668\u5730\u5740 :\u548c\u7b2c8\u6b65\u4e00\u6837,\u8f93\u5165https:\/\/ip\u6216\u8005\u57df\u540d:21833 \u8f93\u5165\u5b8c\u6210\u540e\u53bb \u6267\u884c\u5b8c\u6210\u540e\u53bb\u770bheadscale\u5bb9\u5668\u65e5\u5fd7 \"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \u590d\u5236\u51fa nodekey:8edc7b8a44b42e70cf52101772ad86d7479f487043b52d8df5f8db04c45bfb37 \u7136\u540e\u5728headscale\u5bb9\u5668\u91cc\u9762\u6267\u884c \u4e0b\u9762\u7684\u547d\u4ee4\u628alinux\u5ba2\u6237\u7aef\u6dfb\u52a0\u5230headscale ,\u9700\u8981\u4fee\u6539\u6210\u81ea\u5df1\u7684\u7528\u6237\u4f8b\u5982\u4e0a\u9762\u7684defname<\/p>\n

docker<\/span> exec<\/span> -it<\/span> headscale headscale nodes register –user<\/span> <<\/span>USERNAME><\/span> –key<\/span> nodekey:a54fcc7eaf88db89d20de099a31e7bcdefeb31e04855fcb75d62d582fd917804<\/p>\n

\u603b\u7ed3, \u4e0d\u7ba1\u4ec0\u4e48\u5ba2\u6237\u7aef\u8fde\u63a5,\u90fd\u9700\u8981\u53bbheadscale\u5bb9\u5668\u770b\u4e00\u4e0b\u8fde\u63a5\u751f\u6210\u7684nodekey,\u7136\u540e\u6267\u884c\u547d\u4ee4\u6dfb\u52a0\u5ba2\u6237\u7aef<\/p>\n

docker<\/span> exec<\/span> -it<\/span> headscale headscale nodes register –user<\/span> <<\/span>USERNAME><\/span> –key<\/span> nodekey:a54fcc7eaf88db89d20de099a31e7bcdefeb31e04855fcb75d62d582fd917804<\/p>\n

11.macOS macOS \u6709 3 \u79cd\u5b89\u88c5\u65b9\u6cd5:<\/p>\n

\u76f4\u63a5\u901a\u8fc7\u5e94\u7528\u5546\u5e97\u5b89\u88c5,\u5730\u5740:https:\/\/apps.apple.com\/ca\/app\/tailscale\/id1475387142\u3002\u524d\u63d0\u662f\u4f60\u9700\u8981\u4e00\u4e2a\u7f8e\u533a ID\u3002\u3002\u3002 \u4e0b\u8f7d\u5b89\u88c5\u5305\u76f4\u63a5\u5b89\u88c5,\u7ed5\u8fc7\u5e94\u7528\u5546\u5e97\u3002 \u5b89\u88c5\u5f00\u6e90\u7684\u547d\u4ee4\u884c\u5de5\u5177 tailscale \u548c tailscaled\u3002\u76f8\u5173\u94fe\u63a5:https:\/\/github.com\/tailscale\/tailscale\/wiki\/Tailscaled-on-macOS\u3002 \u8fd9\u4e09\u79cd\u5b89\u88c5\u5305\u7684\u6838\u5fc3\u6570\u636e\u5305\u5904\u7406\u4ee3\u7801\u662f\u76f8\u540c\u7684,\u552f\u4e00\u7684\u533a\u522b\u5728\u4e8e\u5728\u4e8e\u6253\u5305\u65b9\u5f0f\u4ee5\u53ca\u4e0e\u7cfb\u7edf\u7684\u4ea4\u4e92\u65b9\u5f0f\u3002<\/p>\n

\u5e94\u7528\u5546\u5e97\u91cc\u7684\u5e94\u7528\u8fd0\u884c\u5728\u4e00\u4e2a\u5e94\u7528\u6c99\u7bb1\u4e2d,\u4e0e\u7cfb\u7edf\u7684\u5176\u4ed6\u90e8\u5206\u9694\u79bb\u3002\u5728\u6c99\u7bb1\u5185,\u5e94\u7528\u53ef\u4ee5\u662f\u4e00\u4e2a\u7f51\u7edc\u6269\u5c55,\u4ee5\u5b9e\u73b0 VPN \u6216\u8005\u7c7b VPN \u7684\u529f\u80fd\u3002\u7f51\u7edc\u6269\u5c55\u5b9e\u73b0\u7684\u529f\u80fd\u5bf9\u5e94\u7528\u5546\u5e97\u4e4b\u5916\u7684\u5e94\u7528\u662f\u65e0\u6cd5\u751f\u6548\u7684\u3002<\/p>\n

\u4ece macOS \u4ece 10.15 \u5f00\u59cb\u65b0\u589e\u4e86\u7cfb\u7edf\u6269\u5c55,\u8bf4\u767d\u4e86\u5c31\u662f\u8fd0\u884c\u5728\u7528\u6237\u6001\u7684\u5185\u6838\u6269\u5c55,\u5b83\u76f8\u6bd4\u4e8e\u4f20\u7edf\u7684\u7f51\u7edc\u6269\u5c55\u589e\u5f3a\u4e86\u5f88\u591a\u529f\u80fd,\u6bd4\u5982\u5185\u5bb9\u8fc7\u6ee4\u3001\u900f\u660e\u4ee3\u7406\u3001DNS \u4ee3\u7406\u7b49\u3002Tailscale \u72ec\u7acb\u4e8e\u5e94\u7528\u5546\u5e97\u7684\u5b89\u88c5\u5305\u4f7f\u7528\u7684\u5c31\u662f\u7cfb\u7edf\u6269\u5c55,\u901a\u8fc7 DMG \u6216\u8005 zip \u538b\u7f29\u5305\u8fdb\u884c\u5206\u53d1\u3002<\/p>\n

{{< alert >}} \u4e0d\u8981\u540c\u65f6\u5b89\u88c5\u5e94\u7528\u5546\u5e97\u7248\u672c\u548c\u72ec\u7acb\u5206\u53d1\u7248\u672c,\u540c\u65f6\u53ea\u80fd\u88c5\u4e00\u4e2a\u3002 {{< \/alert >}}<\/p>\n

\u800c\u547d\u4ee4\u884c\u5de5\u5177\u65e2\u6ca1\u6709\u4f7f\u7528\u7f51\u7edc\u6269\u5c55\u4e5f\u6ca1\u6709\u4f7f\u7528\u7cfb\u7edf\u6269\u5c55,\u800c\u662f\u4f7f\u7528\u7684 utun \u63a5\u53e3,\u76f8\u6bd4\u4e8e GUI \u7248\u672c\u7f3a\u5c11\u4e86\u90e8\u5206\u529f\u80fd,\u6bd4\u5982 MagicDNS \u548c Taildrop\u3002<\/p>\n

\u76f4\u63a5\u4e0b\u8f7d\u5b89\u88c5\u5305<\/p>\n

https:\/\/pkgs.tailscale.com\/stable\/<\/p>\n

\u53ef\u4ee5\u4e0b\u6765\u9009\u62e9\u5b89\u88c5\u7684\u7248\u672c \"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \u4e0d\u77e5\u9053\u4e3a\u4ec0\u4e48\u6700\u65b0\u7248\u7684\u8fde\u63a5\u4e0d\u4e0a\u81ea\u5b9a\u4e49headscale\u670d\u52a1\u5668 \u6211\u5c31\u4f7f\u7528\u4e861.46.0\u7248\u672c \"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\" \u8f93\u5165headscale\u670d\u52a1\u5668\u540e,\u53bbheadscale\u5bb9\u5668\u770bnodekey \u590d\u5236\u51fa nodekey:8edc7b8a44b42e70cf52101772ad86d7479f487043b52d8df5f8db04c45bfb37 \u7136\u540e\u5728headscale\u5bb9\u5668\u91cc\u9762\u6267\u884c \u4e0b\u9762\u7684\u547d\u4ee4\u628alinux\u5ba2\u6237\u7aef\u6dfb\u52a0\u5230headscale ,\u9700\u8981\u4fee\u6539\u6210\u81ea\u5df1\u7684\u7528\u6237\u4f8b\u5982\u4e0a\u9762\u7684defname<\/p>\n

docker<\/span> exec<\/span> -it<\/span> headscale headscale nodes register –user<\/span> <<\/span>USERNAME><\/span> –key<\/span> nodekey:a54fcc7eaf88db89d20de099a31e7bcdefeb31e04855fcb75d62d582fd917804<\/p>\n

12 \u901a\u7528 \u6700\u540e\u4e00\u4e2a\u6dfb\u52a0\u5ba2\u6237\u7aef\u5230\u670d\u52a1\u5668\u7684 \u9875\u9762\u7b80\u5355\u64cd\u4f5c\u65b9\u6cd5 \u76f4\u63a5\u590d\u5236 nodekey:a54fcc7eaf88db89d20de099a31e7bcdefeb31e04855fcb75d62d582fd917804<\/p>\n

\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\"<\/p>\n

https:\/\/www.bilibili.com\/video\/BV1Wh411A73b\/?spm_id_from=333.337.search-card.all.click&vd_source=76e331425fd26d8f803c4e03a88ddc41<\/p>\n

13\u3001\u6253\u901a\u5c40\u57df\u7f51,\u6bd4\u5982\u5bb6\u91ccWindows\u7535\u8111A,\u5b89\u88c5\u4e86tailscale\u5ba2\u6237\u7aef,\u5916\u5730\u7535\u8111B,\u4e5f\u5b89\u88c5\u4e86tailscale\u5ba2\u6237\u7aef,\u4f46\u662f\u5bb6\u91cc\u5176\u4ed6\u8bbe\u5907\u6bd4\u5982nas,\u624b\u673a\u90fd\u6ca1\u6709\u5b89\u88c5tailscale\u5ba2\u6237\u7aef\u3002\u5916\u5730\u7535\u8111B\u4e5f\u53ef\u4ee5\u50cf\u5bb6\u91cc\u7535\u8111A\u4e00\u6837\u8bbf\u95ee\u5bb6\u91cc\u5c40\u57df\u7f51\u5185\u7684\u624b\u673a,nas\u7b49\u7b49\u8bbe\u5907,\u5c31\u53ef\u4ee5\u7528Windows\u7535\u8111A\u505a\u8def\u7531\u7f51\u5173\u3002<\/p>\n

\u5c31\u662f\u5728\u5916\u4f7f\u7528\u4efb\u4f55\u7f51\u7edc,\u4e5f\u53ef\u4ee5\u50cf\u5728\u5bb6\u91cc\u4e00\u6837\u8bbf\u95ee\u5bb6\u91cc\u5c40\u57df\u7f51\u5185\u7684\u624b\u673a,\u7535\u8111,nas,\u8def\u7531\u7b49\u7b49\u3002<\/p>\n

\u53ea\u9700\u8981\u4fee\u6539\u4e00\u4e0b\u6ce8\u518c\u767b\u5f55\u547d\u4ee4\u5373\u53ef,\u540e\u9762\u670d\u52a1\u5668\u9a8c\u8bc1\u90fd\u662f\u4e00\u6837\u7684\u3002<\/p>\n

\u5bb6\u91ccWindows\u7535\u8111A:<\/p>\n

#\u5982\u679c\u662f\u7b2c\u4e00\u6b21\u767b\u5f55,\u6ce8\u518c,192.168.0.0\/24\u6539\u4e3a\u4f60\u5c40\u57df\u7f51ip\u6bb5<\/span>
\ntailscale login –login-server http:\/\/\u670d\u52a1\u5668ip:21833<\/p>\n

#\u91cd\u65b0\u767b\u5f55,ailscale \u5ba2\u6237\u7aef\u8282\u70b9\u505a\u7f51\u5173\u5ba2\u6237\u7aef\u591a\u4e2a\u5b50\u7f51\u8fdb\u884c\u66b4\u9732 \u4fee\u6539\u5b50\u7f51\u8def\u7531 \u591a\u4e2a\u5b50\u7f51\u4f7f\u7528\u9017\u53f7\u5206\u9694 \u4f8b\u5982<\/span>
\ntailscale up –login-server http:\/\/ip\u6216\u8005\u57df\u540d:21833 –advertise-exit-node –accept-dns=<\/span>false –advertise-routes=<\/span>192.168<\/span>.0.0\/24,192.168.123.0\/24 –reset<\/span><\/p>\n

\u5982\u679c\u5bb6\u91cc\u662flinux\u7535\u8111,\u6216\u8005openwrt\u7b49\u8f6f\u8def\u7531:<\/p>\n

\u4e0a\u9762\u4e5f\u662f\u4e00\u6837\u7684,\u53ea\u662f\u591a\u4e00\u4e2a\u7aef\u53e3\u8f6c\u53d1:<\/p>\n

echo<\/span> 'net.ipv4.ip_forward = 1'<\/span> |<\/span> tee<\/span> \/etc\/sysctl.d\/ipforwarding.conf
\necho<\/span> 'net.ipv6.conf.all.forwarding = 1'<\/span> |<\/span> tee<\/span> -a<\/span> \/etc\/sysctl.d\/ipforwarding.conf
\nsysctl<\/span> -p<\/span> \/etc\/sysctl.d\/ipforwarding.conf<\/p>\n

headtail\u670d\u52a1\u7aef\u6dfb\u52a0\u4e00\u4e0b\u8def\u7531\u5373\u53ef:<\/p>\n

#\u67e5\u770b\u8def\u7531\u5217\u8868,\u83b7\u53d6\u9700\u8981\u6253\u901a\u7684\u5c40\u57df\u7f51\u5e8f\u53f7<\/p>\n

headscale routes list<\/p>\n

#\u6bd4\u5982\u6253\u901a\u5e8f\u53f71\u7684\u8def\u7531<\/p>\n

headscale routes enable<\/span> -r<\/span> 1<\/span><\/p>\n

  • tailscale \u5ba2\u6237\u7aef\u8282\u70b9\u505a\u7f51\u5173\u5ba2\u6237\u7aef\u591a\u4e2a\u5b50\u7f51\u8fdb\u884c\u66b4\u9732 \u4fee\u6539\u5b50\u7f51\u8def\u7531 \u591a\u4e2a\u5b50\u7f51\u4f7f\u7528\u9017\u53f7\u5206\u9694 \u4f8b\u598210.100.70.0\/24,10.100.71.0\/24<\/li>\n

    tailscale up –login-server http:\/\/ip\u6216\u8005\u57df\u540d:21833 –advertise-exit-node –accept-dns=<\/span>false –advertise-routes=<\/span>192.168<\/span>.0.0\/24,192.168.123.0\/24 –reset<\/span><\/p>\n

    14,\u4e00\u4e9b\u8865\u5145\u529f\u80fd<\/p>\n

    14.1 \u5220\u9664\u8282\u70b9\u6216\u5b50\u7f51\u5173<\/p>\n

    headscale routes list
    \nheadscale routes enable<\/span> -r<\/span> 1<\/span> \/\/1\u4e3a routes list \u7684id
    \nheadscale routes disable -r<\/span> 1<\/span> \/\/\u7981\u7528\u8def\u7531
    \nheadscale routes delete -r<\/span> 1<\/span> \/\/\u5220\u9664\u8def\u7531<\/p>\n

    namespace<\/p>\n

    headscale namespace list # \u67e5\u770b\u6240\u6709\u7684namespace<\/span>
    \nheadscale namespace create default # \u521b\u5efanamespace<\/span>
    \nheadscale namespace destroy default # \u5220\u9664namespace<\/span>
    \nheadscale namespace rename<\/span> default myspace # \u91cd\u547d\u540dnamespace<\/span><\/p>\n

    node<\/p>\n

    headscale node<\/span> list # \u5217\u51fa\u6240\u6709\u7684\u8282\u70b9<\/span>
    \nheadscale node<\/span> ls<\/span> -t<\/span> # \u5217\u51fa\u6240\u6709\u7684\u8282\u70b9,\u540c\u65f6\u663e\u793a\u51fatag\u4fe1\u606f<\/span>
    \nheadscale -n<\/span> default node<\/span> ls<\/span> # \u53ea\u67e5\u770bnamespace\u4e3adefault\u4e0b\u7684\u8282\u70b9<\/span>
    \nheadscale node<\/span> delete -i<<\/span>ID><\/span> # \u6839\u636eid\u5220\u9664\u6307\u5b9a\u7684\u8282\u70b9,\u8fd9\u91cc\u9762\u7684id\u662fnode list\u67e5\u8be2\u51fa\u6765\u7684id<\/span>
    \n # \u53c2\u8003headscale nodes delete -i=6<\/span>
    \nheadscale node<\/span> tag -i<\/span>=<\/span>2<\/span> -t<\/span>=<\/span>tag:test # \u7ed9id\u4e3a2\u7684node\u8bbe\u7f6etag\u4e3atag:test<\/span><\/p>\n

    route<\/p>\n","protected":false},"excerpt":{"rendered":"

    \u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb4.4k\u6b21\uff0c\u70b9\u8d5e9\u6b21\uff0c\u6536\u85cf10\u6b21\u3002\u7136\u540e\u5728headscale\u5bb9\u5668\u91cc\u9762\u6267\u884c \u4e0b\u9762\u7684\u547d\u4ee4\u628alinux\u5ba2\u6237\u7aef\u6dfb\u52a0\u5230headscale \uff0c\u9700\u8981\u4fee\u6539\u6210\u81ea\u5df1\u7684\u7528\u6237\u4f8b\u5982\u4e0a\u9762\u7684defname\u3002\/xxx\/headscale\/config\/config.yaml \u7aef\u53e3\u6211\u6539\u4e86\uff0c\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u6765\u3002\u5b98\u7f51\uff1ahttps:\/\/tailscale.com\/download\/linux\/static\u30027\u3001nginx \u914d\u7f6e \u53ef\u540c\u57df\u540d\uff0c\u4e5f\u53ef\u4e0d\u540c\u57df\u540d\uff0c\u4f46\u662f\u4e0d\u80fd\u9ed8\u8ba4\u540cip\u4e0d\u540c\u7aef\u53e3\uff0c\u4f1a\u6709\u8de8\u57df\u95ee\u9898\u30023\u3001docker-compose \u6587\u4ef6 docker\u8fd9\u4e9b\u5b89\u88c5\u81ea\u884c\u641c\u7d22\u3002_headscale<\/p>\n","protected":false},"author":2,"featured_media":25114,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[27,780,43],"topic":[],"class_list":["post-25124","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server","tag-docker","tag-ui","tag-43"],"yoast_head":"\n\u81ea\u5b9a\u4e49\u670d\u52a1\u5668 headscale headscale-ui \u90e8\u7f72 docker - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wsisp.com\/helps\/25124.html\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u81ea\u5b9a\u4e49\u670d\u52a1\u5668 headscale headscale-ui \u90e8\u7f72 docker - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"og:description\" content=\"\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb4.4k\u6b21\uff0c\u70b9\u8d5e9\u6b21\uff0c\u6536\u85cf10\u6b21\u3002\u7136\u540e\u5728headscale\u5bb9\u5668\u91cc\u9762\u6267\u884c \u4e0b\u9762\u7684\u547d\u4ee4\u628alinux\u5ba2\u6237\u7aef\u6dfb\u52a0\u5230headscale \uff0c\u9700\u8981\u4fee\u6539\u6210\u81ea\u5df1\u7684\u7528\u6237\u4f8b\u5982\u4e0a\u9762\u7684defname\u3002\/xxx\/headscale\/config\/config.yaml \u7aef\u53e3\u6211\u6539\u4e86\uff0c\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u6765\u3002\u5b98\u7f51\uff1ahttps:\/\/tailscale.com\/download\/linux\/static\u30027\u3001nginx \u914d\u7f6e \u53ef\u540c\u57df\u540d\uff0c\u4e5f\u53ef\u4e0d\u540c\u57df\u540d\uff0c\u4f46\u662f\u4e0d\u80fd\u9ed8\u8ba4\u540cip\u4e0d\u540c\u7aef\u53e3\uff0c\u4f1a\u6709\u8de8\u57df\u95ee\u9898\u30023\u3001docker-compose \u6587\u4ef6 docker\u8fd9\u4e9b\u5b89\u88c5\u81ea\u884c\u641c\u7d22\u3002_headscale\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wsisp.com\/helps\/25124.html\" \/>\n<meta property=\"og:site_name\" content=\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"article:published_time\" content=\"2025-04-19T03:42:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419034227-68031ba3c1bc6.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/25124.html\",\"url\":\"https:\/\/www.wsisp.com\/helps\/25124.html\",\"name\":\"\u81ea\u5b9a\u4e49\u670d\u52a1\u5668 headscale headscale-ui \u90e8\u7f72 docker - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"isPartOf\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\"},\"datePublished\":\"2025-04-19T03:42:34+00:00\",\"dateModified\":\"2025-04-19T03:42:34+00:00\",\"author\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/25124.html#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.wsisp.com\/helps\/25124.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/25124.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.wsisp.com\/helps\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u81ea\u5b9a\u4e49\u670d\u52a1\u5668 headscale headscale-ui \u90e8\u7f72 docker\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\",\"url\":\"https:\/\/www.wsisp.com\/helps\/\",\"name\":\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"description\":\"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"contentUrl\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/wp.wsisp.com\"],\"url\":\"https:\/\/www.wsisp.com\/helps\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u81ea\u5b9a\u4e49\u670d\u52a1\u5668 headscale headscale-ui \u90e8\u7f72 docker - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wsisp.com\/helps\/25124.html","og_locale":"zh_CN","og_type":"article","og_title":"\u81ea\u5b9a\u4e49\u670d\u52a1\u5668 headscale headscale-ui \u90e8\u7f72 docker - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","og_description":"\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb4.4k\u6b21\uff0c\u70b9\u8d5e9\u6b21\uff0c\u6536\u85cf10\u6b21\u3002\u7136\u540e\u5728headscale\u5bb9\u5668\u91cc\u9762\u6267\u884c \u4e0b\u9762\u7684\u547d\u4ee4\u628alinux\u5ba2\u6237\u7aef\u6dfb\u52a0\u5230headscale \uff0c\u9700\u8981\u4fee\u6539\u6210\u81ea\u5df1\u7684\u7528\u6237\u4f8b\u5982\u4e0a\u9762\u7684defname\u3002\/xxx\/headscale\/config\/config.yaml \u7aef\u53e3\u6211\u6539\u4e86\uff0c\u6839\u636e\u81ea\u5df1\u60c5\u51b5\u6765\u3002\u5b98\u7f51\uff1ahttps:\/\/tailscale.com\/download\/linux\/static\u30027\u3001nginx \u914d\u7f6e \u53ef\u540c\u57df\u540d\uff0c\u4e5f\u53ef\u4e0d\u540c\u57df\u540d\uff0c\u4f46\u662f\u4e0d\u80fd\u9ed8\u8ba4\u540cip\u4e0d\u540c\u7aef\u53e3\uff0c\u4f1a\u6709\u8de8\u57df\u95ee\u9898\u30023\u3001docker-compose \u6587\u4ef6 docker\u8fd9\u4e9b\u5b89\u88c5\u81ea\u884c\u641c\u7d22\u3002_headscale","og_url":"https:\/\/www.wsisp.com\/helps\/25124.html","og_site_name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","article_published_time":"2025-04-19T03:42:34+00:00","og_image":[{"url":"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/04\/20250419034227-68031ba3c1bc6.png"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"admin","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"13 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wsisp.com\/helps\/25124.html","url":"https:\/\/www.wsisp.com\/helps\/25124.html","name":"\u81ea\u5b9a\u4e49\u670d\u52a1\u5668 headscale headscale-ui \u90e8\u7f72 docker - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","isPartOf":{"@id":"https:\/\/www.wsisp.com\/helps\/#website"},"datePublished":"2025-04-19T03:42:34+00:00","dateModified":"2025-04-19T03:42:34+00:00","author":{"@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41"},"breadcrumb":{"@id":"https:\/\/www.wsisp.com\/helps\/25124.html#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wsisp.com\/helps\/25124.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wsisp.com\/helps\/25124.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.wsisp.com\/helps"},{"@type":"ListItem","position":2,"name":"\u81ea\u5b9a\u4e49\u670d\u52a1\u5668 headscale headscale-ui \u90e8\u7f72 docker"}]},{"@type":"WebSite","@id":"https:\/\/www.wsisp.com\/helps\/#website","url":"https:\/\/www.wsisp.com\/helps\/","name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","description":"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41","name":"admin","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/","url":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","contentUrl":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","caption":"admin"},"sameAs":["http:\/\/wp.wsisp.com"],"url":"https:\/\/www.wsisp.com\/helps\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/25124","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/comments?post=25124"}],"version-history":[{"count":0,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/25124\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media\/25114"}],"wp:attachment":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media?parent=25124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/categories?post=25124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/tags?post=25124"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/topic?post=25124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}