From 5cc0019df8ccdbfdb7f150d3d9a0962551146cb8 Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 29 Oct 2024 16:42:47 +0800 Subject: [PATCH] update --- tailscale/docker-compose_derper.yml | 43 +++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 tailscale/docker-compose_derper.yml diff --git a/tailscale/docker-compose_derper.yml b/tailscale/docker-compose_derper.yml new file mode 100644 index 0000000..8d8eaa7 --- /dev/null +++ b/tailscale/docker-compose_derper.yml @@ -0,0 +1,43 @@ +version: '3.5' + +services: + derper: + image: fredliang/derper + container_name: derper + network_mode: bridge + volumes: + - /etc/nginx/ssl/wildcard.jmsu.top/fullchain.pem:/app/certs/headscale.jmsu.top.crt # SSL 证书映射 + - /etc/nginx/ssl/wildcard.jmsu.top/private.key:/app/certs/headscale.jmsu.top.key # 私钥映射 + - shared-tailscale:/var/run/tailscale # 共享 Tailscale 运行时目录 + ports: + - "3477:3477" # DERP 服务端口 + - "3478:3478/udp" # STUN 端口 + restart: always + environment: + - DERP_CERT_MODE=manual # 手动证书管理模式 + - DERP_ADDR=:3477 + - DERP_VERIFY_CLIENTS=true # 只允许认证用户使用 DERP + - DERP_VERIFY_CLIENT_URL=https://headscale.jmsu.top # 客户端认证 URL + - DERP_DOMAIN=headscale.jmsu.top + + tailscaled: + container_name: tailscaled + image: tailscale/tailscale:unstable-v1.77.41 + network_mode: bridge # 使用桥接网络 + privileged: true # 需要权限访问 TUN 设备 + restart: always + cap_add: + - net_admin + - sys_module + devices: + - /dev/net/tun:/dev/net/tun + volumes: + - ./lib/:/var/lib/tailscale # 使状态路径挂载为 tailscaled 使用的状态目录 + - /dev/net/tun:/dev/net/tun # 访问 TUN 设备 + - shared-tailscale:/var/run/tailscale # 共享 Tailscale 运行时目录 + - /var/run/dbus:/var/run/dbus + environment: + - TS_AUTHKEY=21c768657ba8aa6c0436eba69d28fa8d626da767a44f055d # 使用认证密钥 + - TS_STATE_DIR=/var/lib/tailscale # 状态保存路径 + - TS_EXTRA_ARGS=--login-server=https://headscale.jmsu.top # 指定 Headscale 登录服务器 + - TS_HOSTNAME=derp_home2 # 指定主机名