Derp是Tailscale自研的中继协议,用于在NAT打洞失败时帮助节点之间相互通信。
部署Golang环境
1
2
3
4
| wget https://go.dev/dl/go1.23.3.linux-amd64.tar.gz -O /tmp/go1.23.3.linux-amd64.tar.gz
tar -zxvf /tmp/go1.23.3.linux-amd64.tar.gz -C /usr/local
ln -sf /usr/local/go/bin/{go,gofmt} /usr/local/bin
rm -rf /tmp/go1.23.3.linux-amd64.tar.gz
|
下载并编译安装Derp
1
2
| go install tailscale.com/cmd/derper@main
\mv $HOME/go/bin/derper /usr/local/bin
|
创建配置目录并添加相关证书
1
2
3
| mkdir -p /etc/derp
touch /etc/derp/derp.conf
\mv domain.name.{crt,key} /etc/derp
|
创建Systemd服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| cat >> /etc/systemd/system/derp.service << EOF
[Unit]
Description=Tailscale Derper
After=network.target
[Service]
Type=simple
ExecStart=derper -a :12345 -c /etc/derp/derp.conf -certdir /etc/derp -certmode manual -hostname domain.name -http-port -1 -stun-port 54321
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
|
启动Derp服务
1
2
| systemctl daemon-reload
systemctl enable --now derp.service
|
下载Derp配置文件并按需修改
1
| wget https://raw.githubusercontent.com/juanfont/headscale/refs/heads/main/derp-example.yaml -O /etc/headscale/derp.yaml
|
修改Headscale配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| derp:
# server:
# enabled: false
# region_id: 999
# region_code: "headscale"
# region_name: "Headscale Embedded DERP"
# stun_listen_addr: "0.0.0.0:3478"
# private_key_path: /var/lib/headscale/derp_server_private.key
# automatically_add_embedded_derp_region: true
# ipv4: 1.2.3.4
# ipv6: 2001:db8::1
# urls:
# - https://controlplane.tailscale.com/derpmap/default
# paths: []
paths:
- /etc/headscale/derp.yaml
# auto_update_enabled: true
# update_frequency: 24h
|
重启Headscale服务载入配置
1
| systemctl restart headscale.service
|
验证Derp服务
后记
更多配置信息可查看Tailscale文档说明。