update

tailscale/docker-compose_derper.yml

@@ -0,0 +1,43 @@
+version: '3.5'
+
+services:
+  derper:
+    image: fredliang/derper
+    container_name: derper
+    network_mode: bridge
+    volumes:
+      - /etc/nginx/ssl/wildcard.jmsu.top/fullchain.pem:/app/certs/headscale.jmsu.top.crt  # SSL 证书映射
+      - /etc/nginx/ssl/wildcard.jmsu.top/private.key:/app/certs/headscale.jmsu.top.key  # 私钥映射
+      - shared-tailscale:/var/run/tailscale  # 共享 Tailscale 运行时目录
+    ports:
+      - "3477:3477"  # DERP 服务端口
+      - "3478:3478/udp"  # STUN 端口
+    restart: always
+    environment:
+      - DERP_CERT_MODE=manual  # 手动证书管理模式
+      - DERP_ADDR=:3477
+      - DERP_VERIFY_CLIENTS=true  # 只允许认证用户使用 DERP
+      - DERP_VERIFY_CLIENT_URL=https://headscale.jmsu.top  # 客户端认证 URL
+      - DERP_DOMAIN=headscale.jmsu.top
+
+  tailscaled:
+    container_name: tailscaled
+    image: tailscale/tailscale:unstable-v1.77.41
+    network_mode: bridge  # 使用桥接网络
+    privileged: true  # 需要权限访问 TUN 设备
+    restart: always
+    cap_add:
+      - net_admin
+      - sys_module
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    volumes:
+      - ./lib/:/var/lib/tailscale  # 使状态路径挂载为 tailscaled 使用的状态目录
+      - /dev/net/tun:/dev/net/tun  # 访问 TUN 设备
+      - shared-tailscale:/var/run/tailscale  # 共享 Tailscale 运行时目录
+      - /var/run/dbus:/var/run/dbus
+    environment:
+      - TS_AUTHKEY=21c768657ba8aa6c0436eba69d28fa8d626da767a44f055d  # 使用认证密钥
+      - TS_STATE_DIR=/var/lib/tailscale  # 状态保存路径
+      - TS_EXTRA_ARGS=--login-server=https://headscale.jmsu.top  # 指定 Headscale 登录服务器
+      - TS_HOSTNAME=derp_home2  # 指定主机名