Headscale 部署私有 DERP 中继服务器(20230401版)
本文最后更新于 923 天前, 如有失效请评论区留言.
本文将会介绍如何让 Headscale 使用自定义的 DERP Servers
Derper 是什么?
可以阅读 米开朗基杨 - 中继协议简介
实操
构建derper
go install tailscale.com/cmd/derper@latest
可以参考我写的基于 Caddy2 部署私有 DERP 中继服务器(20230401版),本文与之最大区别是,derper不再使用caddy转发流量,而是直接使用443端口
启动derper
[Unit]
Description=derper
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/root/go/bin/derper -hostname <你的域名> -a ":443" -certdir /root/.cache/tailscale/derper-certs -verify-clients
Restart=always
RestartSec=15
[Install]
WantedBy=multi-user.target
启动derper
systemctl enable derper.service --now
创建定时重启derper(已废弃, 早已修复, 新版本不需要了, 仅为存档记录)
[Unit]
Description=derper timer
[Timer]
# 每小时执行一次
OnActiveSec=1h
# 错过执行, 立刻执行
Persistent=true
[Install]
WantedBy=timers.target
启动derper.timer
# 如果wantedby为timers.target, 不需要设置开机启动, 默认就是开机启动
systemctl start derper.timer
# 其他情况
systemctl enable derper.timer --now
查看生效
systemctl list-timers --no-pager
NEXT LEFT LAST PASSED UNIT ACTIVATES
Mon 2022-09-05 23:21:29 CST 59min left Mon 2022-09-05 22:15:12 CST 6min ago derper.timer derper.service
配置Headscale
可以参考
# If you plan to somehow use headscale, please deploy your own DERP infra: https://tailscale.com/kb/1118/custom-derp-servers/
regions:
900:
regionid: 900
regioncode: custom
regionname: My Region
nodes:
- name: 900a
regionid: 900
hostname: myderp.mydomain.no
ipv4: 123.123.123.123
ipv6: "2604:a880:400:d1::828:b001"
stunport: 0
stunonly: false
derpport: 0
我的参考示例
regions:
900:
regionid: 900
regioncode: dev
regionname: china
nodes:
- name: 900a
regionid: 900
hostname: <自定义域名>
stunport: 0
stunonly: false
derpport: 0
修改配置
paths:
- /etc/headscale/derp.yaml
# paths: []
重启服务
systemctl restart headscale
测试
tailscale netcheck
* Nearest DERP: bj
* DERP latency:
- bj: 32.9ms (bj)
