add derper file

2024-11-02 20:22:10 +08:00
parent 596f8c7cdc
commit afee9a94f9
1 changed files with 35 additions and 26 deletions
--- a/tailscale/docker-compose_derper.yml
+++ b/tailscale/docker-compose_derper.yml
@@ -1,31 +1,11 @@
-version: '3.5'
+version: '3.6'

 services:
-  derper:
-    image: fredliang/derper
-    container_name: derper
-    network_mode: bridge
-    volumes:
-      - /etc/nginx/ssl/wildcard.jmsu.top/fullchain.pem:/app/certs/headscale.jmsu.top.crt  # SSL 证书映射
-      - /etc/nginx/ssl/wildcard.jmsu.top/private.key:/app/certs/headscale.jmsu.top.key  # 私钥映射
-      - shared-tailscale:/var/run/tailscale  # 共享 Tailscale 运行时目录
-    ports:
-      - "3477:3477"  # DERP 服务端口
-      - "3478:3478/udp"  # STUN 端口
-    restart: always
-    environment:
-      - DERP_CERT_MODE=manual  # 手动证书管理模式
-      - DERP_ADDR=:3477
-      - DERP_VERIFY_CLIENTS=true  # 只允许认证用户使用 DERP
-      - DERP_VERIFY_CLIENT_URL=https://headscale.jmsu.top  # 客户端认证 URL
-      - DERP_DOMAIN=headscale.jmsu.top
-
  tailscaled:
    container_name: tailscaled
-    image: tailscale/tailscale:unstable-v1.77.41
-    network_mode: bridge  # 使用桥接网络
+    image: tailscale/tailscale:v1.76.1
    privileged: true  # 需要权限访问 TUN 设备
-    restart: always
+    restart: unless-stopped
    cap_add:
      - net_admin
      - sys_module
@@ -34,10 +14,39 @@ services:
    volumes:
      - ./lib/:/var/lib/tailscale  # 使状态路径挂载为 tailscaled 使用的状态目录
      - /dev/net/tun:/dev/net/tun  # 访问 TUN 设备
-      - shared-tailscale:/var/run/tailscale  # 共享 Tailscale 运行时目录
      - /var/run/dbus:/var/run/dbus
+      - /var/run/tailscale:/var/run/tailscale
+      - /tmp:/tmp
    environment:
      - TS_AUTHKEY=21c768657ba8aa6c0436eba69d28fa8d626da767a44f055d  # 使用认证密钥
      - TS_STATE_DIR=/var/lib/tailscale  # 状态保存路径
-      - TS_EXTRA_ARGS=--login-server=https://headscale.jmsu.top  # 指定 Headscale 登录服务器
-      - TS_HOSTNAME=derp_home2  # 指定主机名
+      - TS_USERSPACE=false  # 使用内核的 TUN 设备
+      - "TS_EXTRA_ARGS=--login-server=https://headscale.jmsu.top --reset" # 指定 Headscale 登录服务器
+
+  derper:
+    image: 1itt1eb0y/derper:2024-10-31-08-58-23
+    container_name: derper
+    volumes:
+      - /vol1/1000/docker/derper/ssl/fullchain.pem:/app/certs/derper.jmsu.top.crt  # SSL 证书映射
+      - /vol1/1000/docker/derper/ssl/privkey.pem:/app/certs/derper.jmsu.top.key  # 私钥映射
+      - /var/run/tailscale:/var/run/tailscale
+      - /tmp:/tmp
+    restart: unless-stopped
+    depends_on:
+      - tailscaled  # 等待 tailscaled 启动后再启动
+    ports:
+      - "3478:3478/udp"  # STUN 端口
+      - "3477:3477/tcp"  # DERP 服务端口，或更改为 443
+    entrypoint: [""]
+    command:
+      - /bin/bash
+      - -c
+      - |
+          /app/derper \
+          -hostname derper.jmsu.top \
+          -certdir /app/certs \
+          -certmode manual \
+          -a :3477 \
+          -stun-port 3478 \
+          -http-port -1 \
+          -verify-clients