52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
version: '3.6'
|
|
|
|
services:
|
|
tailscaled:
|
|
container_name: tailscaled
|
|
image: tailscale/tailscale:v1.76.1
|
|
privileged: true # 需要权限访问 TUN 设备
|
|
restart: unless-stopped
|
|
cap_add:
|
|
- net_admin
|
|
- sys_module
|
|
devices:
|
|
- /dev/net/tun:/dev/net/tun
|
|
volumes:
|
|
- ./lib/:/var/lib/tailscale # 使状态路径挂载为 tailscaled 使用的状态目录
|
|
- /dev/net/tun:/dev/net/tun # 访问 TUN 设备
|
|
- /var/run/dbus:/var/run/dbus
|
|
- /var/run/tailscale:/var/run/tailscale
|
|
- /tmp:/tmp
|
|
environment:
|
|
- TS_AUTHKEY=21c768657ba8aa6c0436eba69d28fa8d626da767a44f055d # 使用认证密钥
|
|
- TS_STATE_DIR=/var/lib/tailscale # 状态保存路径
|
|
- TS_USERSPACE=false # 使用内核的 TUN 设备
|
|
- "TS_EXTRA_ARGS=--login-server=https://headscale.jmsu.top --reset" # 指定 Headscale 登录服务器
|
|
|
|
derper:
|
|
image: 1itt1eb0y/derper:2024-10-31-08-58-23
|
|
container_name: derper
|
|
volumes:
|
|
- /vol1/1000/docker/derper/ssl/fullchain.pem:/app/certs/derper.jmsu.top.crt # SSL 证书映射
|
|
- /vol1/1000/docker/derper/ssl/privkey.pem:/app/certs/derper.jmsu.top.key # 私钥映射
|
|
- /var/run/tailscale:/var/run/tailscale
|
|
- /tmp:/tmp
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- tailscaled # 等待 tailscaled 启动后再启动
|
|
ports:
|
|
- "3478:3478/udp" # STUN 端口
|
|
- "3477:3477/tcp" # DERP 服务端口,或更改为 443
|
|
entrypoint: [""]
|
|
command:
|
|
- /bin/bash
|
|
- -c
|
|
- |
|
|
/app/derper \
|
|
-hostname derper.jmsu.top \
|
|
-certdir /app/certs \
|
|
-certmode manual \
|
|
-a :3477 \
|
|
-stun-port 3478 \
|
|
-http-port -1 \
|
|
-verify-clients |