From e1ec50bd96d4ce3c3b444b77847842e7cfeb96a5 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Sat, 2 Nov 2024 20:22:50 +0800
Subject: [PATCH] update

---
 tailscale/docker-compose_headscale.yml | 81 +++++++++-----------------
 1 file changed, 28 insertions(+), 53 deletions(-)

diff --git a/tailscale/docker-compose_headscale.yml b/tailscale/docker-compose_headscale.yml
index 5edb380..03550a1 100644
--- a/tailscale/docker-compose_headscale.yml
+++ b/tailscale/docker-compose_headscale.yml
@@ -1,52 +1,6 @@
 version: '3.5'
 
 services:
-  headscale:
-    image: headscale/headscale:v0.23-debug
-    container_name: headscale
-    volumes:
-      - ./config:/etc/headscale  # Headscale 的配置目录
-      - ./data:/var/lib/headscale  # 数据存储目录
-      - ./run:/var/run/headscale
-      - ./logs:/var/log/headscale
-    network_mode: bridge
-    ports:
-      - "127.0.0.1:8081:8080"  # 只在本地监听 API 端口
-    restart: unless-stopped
-    command: serve  # 启动 headscale 服务
-
-  headscale-ui:
-    image: ghcr.io/gurucomputing/headscale-ui:latest
-    container_name: headscale-ui
-    volumes:
-      - ./ui-config:/etc/headscale  # 为 UI 配置单独目录
-    network_mode: bridge
-    ports:
-      - "127.0.0.1:8080:8080"  # 在本地监听 UI 端口
-    restart: unless-stopped
-    environment:
-      - HTTP_PORT=8080
-      - HTTPS_PORT=8443  # 也可以通过环境变量指定端口
-
-  derper:
-    image: fredliang/derper
-    container_name: derper
-    network_mode: bridge
-    volumes:
-      - /etc/nginx/ssl/wildcard.jmsu.top/fullchain.pem:/app/certs/headscale.jmsu.top.crt  # SSL 证书映射
-      - /etc/nginx/ssl/wildcard.jmsu.top/private.key:/app/certs/headscale.jmsu.top.key  # 私钥映射
-      - shared-tailscale:/var/run/tailscale  # 共享 Tailscale 运行时目录
-    ports:
-      - "3477:3477"  # DERP 服务端口
-      - "3478:3478/udp"  # STUN 端口
-    restart: always
-    environment:
-      - DERP_CERT_MODE=manual  # 手动证书管理模式
-      - DERP_ADDR=:3477
-      - DERP_VERIFY_CLIENTS=true  # 只允许认证用户使用 DERP
-      - DERP_VERIFY_CLIENT_URL=https://headscale.jmsu.top  # 客户端认证 URL
-      - DERP_DOMAIN=headscale.jmsu.top
-
   tailscaled:
     container_name: tailscaled
     image: tailscale/tailscale:unstable-v1.77.41
@@ -61,16 +15,37 @@ services:
     volumes:
       - ./lib/:/var/lib/tailscale  # 使状态路径挂载为 tailscaled 使用的状态目录
       - /dev/net/tun:/dev/net/tun  # 访问 TUN 设备
-      - shared-tailscale:/var/run/tailscale  # 共享 Tailscale 运行时目录
       - /var/run/dbus:/var/run/dbus
+      - /var/run/tailscale:/var/run/tailscale
+      - /tmp:/tmp
     environment:
       - TS_AUTHKEY=21c768657ba8aa6c0436eba69d28fa8d626da767a44f055d  # 使用认证密钥
       - TS_STATE_DIR=/var/lib/tailscale  # 状态保存路径
       - TS_USERSPACE=false  # 使用内核的 TUN 设备
-      - TS_EXTRA_ARGS=--login-server=https://headscale.jmsu.top  # 指定 Headscale 登录服务器
+      - TS_EXTRA_ARGS=--login-server=https://headscale.jmsu.top # 指定 Headscale 登录服务器
 
-
-
-volumes:
-  shared-tailscale:
-    driver: local
\ No newline at end of file
+  derper:
+    image: 1itt1eb0y/derper:2024-10-31-08-58-23
+    container_name: derper
+    network_mode: host
+    volumes:
+      - /etc/nginx/ssl/wildcard.jmsu.top/fullchain.pem:/app/certs/headscale.jmsu.top.crt  # SSL 证书映射
+      - /etc/nginx/ssl/wildcard.jmsu.top/private.key:/app/certs/headscale.jmsu.top.key  # 私钥映射
+      - /var/run/tailscale:/var/run/tailscale
+      - /tmp:/tmp
+    restart: always
+    depends_on:
+      - tailscaled  # 等待 tailscaled 启动后再启动
+    entrypoint: [""]
+    command:
+      - /bin/bash
+      - -c
+      - |
+          /app/derper \
+          -hostname headscale.jmsu.top \
+          -certdir /app/certs \
+          -certmode manual \
+          -a :3477 \
+          -stun-port 3478 \
+          -http-port -1 \
+          -verify-clients
\ No newline at end of file