lingyuzeng/dockerfile_dp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Your Name
2024-11-02 20:22:50 +08:00
parent afee9a94f9
commit e1ec50bd96
1 changed files with 28 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
tailscale/docker-compose_headscale.yml
View File

@@ -1,52 +1,6 @@
version: '3.5' version: '3.5'
services: services:
headscale:
image: headscale/headscale:v0.23-debug
container_name: headscale
volumes:
- ./config:/etc/headscale # Headscale 的配置目录
- ./data:/var/lib/headscale # 数据存储目录
- ./run:/var/run/headscale
- ./logs:/var/log/headscale
network_mode: bridge
ports:
- "127.0.0.1:8081:8080" # 只在本地监听 API 端口
restart: unless-stopped
command: serve # 启动 headscale 服务
headscale-ui:
image: ghcr.io/gurucomputing/headscale-ui:latest
container_name: headscale-ui
volumes:
- ./ui-config:/etc/headscale # 为 UI 配置单独目录
network_mode: bridge
ports:
- "127.0.0.1:8080:8080" # 在本地监听 UI 端口
restart: unless-stopped
environment:
- HTTP_PORT=8080
- HTTPS_PORT=8443 # 也可以通过环境变量指定端口
derper:
image: fredliang/derper
container_name: derper
network_mode: bridge
volumes:
- /etc/nginx/ssl/wildcard.jmsu.top/fullchain.pem:/app/certs/headscale.jmsu.top.crt # SSL 证书映射
- /etc/nginx/ssl/wildcard.jmsu.top/private.key:/app/certs/headscale.jmsu.top.key # 私钥映射
- shared-tailscale:/var/run/tailscale # 共享 Tailscale 运行时目录
ports:
- "3477:3477" # DERP 服务端口
- "3478:3478/udp" # STUN 端口
restart: always
environment:
- DERP_CERT_MODE=manual # 手动证书管理模式
- DERP_ADDR=:3477
- DERP_VERIFY_CLIENTS=true # 只允许认证用户使用 DERP
- DERP_VERIFY_CLIENT_URL=https://headscale.jmsu.top # 客户端认证 URL
- DERP_DOMAIN=headscale.jmsu.top
tailscaled: tailscaled:
container_name: tailscaled container_name: tailscaled
image: tailscale/tailscale:unstable-v1.77.41 image: tailscale/tailscale:unstable-v1.77.41
@@ -61,16 +15,37 @@ services:
volumes: volumes:
- ./lib/:/var/lib/tailscale # 使状态路径挂载为 tailscaled 使用的状态目录 - ./lib/:/var/lib/tailscale # 使状态路径挂载为 tailscaled 使用的状态目录
- /dev/net/tun:/dev/net/tun # 访问 TUN 设备 - /dev/net/tun:/dev/net/tun # 访问 TUN 设备
- shared-tailscale:/var/run/tailscale # 共享 Tailscale 运行时目录
- /var/run/dbus:/var/run/dbus - /var/run/dbus:/var/run/dbus
- /var/run/tailscale:/var/run/tailscale
- /tmp:/tmp
environment: environment:
- TS_AUTHKEY=21c768657ba8aa6c0436eba69d28fa8d626da767a44f055d # 使用认证密钥 - TS_AUTHKEY=21c768657ba8aa6c0436eba69d28fa8d626da767a44f055d # 使用认证密钥
- TS_STATE_DIR=/var/lib/tailscale # 状态保存路径 - TS_STATE_DIR=/var/lib/tailscale # 状态保存路径
- TS_USERSPACE=false # 使用内核的 TUN 设备 - TS_USERSPACE=false # 使用内核的 TUN 设备
- TS_EXTRA_ARGS=--login-server=https://headscale.jmsu.top # 指定 Headscale 登录服务器 - TS_EXTRA_ARGS=--login-server=https://headscale.jmsu.top # 指定 Headscale 登录服务器
derper:
image: 1itt1eb0y/derper:2024-10-31-08-58-23
volumes: container_name: derper
shared-tailscale: network_mode: host
driver: local volumes:
- /etc/nginx/ssl/wildcard.jmsu.top/fullchain.pem:/app/certs/headscale.jmsu.top.crt # SSL 证书映射
- /etc/nginx/ssl/wildcard.jmsu.top/private.key:/app/certs/headscale.jmsu.top.key # 私钥映射
- /var/run/tailscale:/var/run/tailscale
- /tmp:/tmp
restart: always
depends_on:
- tailscaled # 等待 tailscaled 启动后再启动
entrypoint: [""]
command:
- /bin/bash
- -c
- |
/app/derper \
-hostname headscale.jmsu.top \
-certdir /app/certs \
-certmode manual \
-a :3477 \
-stun-port 3478 \
-http-port -1 \
-verify-clients