WeAir

安装Headscale及Tailscale

Tailscale是一款基于WireGuard的组网工具,Headscale是一款Tailscale控制服务器的开源实现。

下载Headscale

1
2
wget https://github.com/juanfont/headscale/releases/download/v0.23.0/headscale_0.23.0_linux_amd64 -O /usr/bin/headscale
chmod +x /usr/bin/headscale

创建Headscale用户及运行目录

1
2
3
4
groupadd headscale
useradd -M -s `which nologin` -g headscale headscale
mkdir -p /etc/headscale /var/lib/headscale
chown -R headscale:headscale /var/lib/headscale

下载并配置Headscale配置文件

1
wget https://raw.githubusercontent.com/juanfont/headscale/v0.23.0/config-example.yaml -O /etc/headscale/config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
# 修改server_url地址
server_url: https://domain.name
listen_addr: 127.0.0.1:8080
...
# 关闭IPv6地址
prefixes:
  # v6: fd7a:115c:a1e0::/48
  v4: 100.64.0.0/10
...
# 关闭MagicDNS
dns:
  # magic_dns: true
...

配置Nginx反代

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
map $http_upgrade $connection_upgrade {
    default      upgrade;
    ''           close;
}

server {
    listen 80;
    listen [::]:80;

    listen 443      ssl http2;
    listen [::]:443 ssl http2;

    server_name domain.name;

    ssl_certificate path/cert.crt;
    ssl_certificate_key /path/cert.key;
    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $server_name;
        proxy_redirect http:// https://;
        proxy_buffering off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    }
}

测试配置

1
headscale configtest

创建Systemd服务

1
wget https://headscale.net/packaging/headscale.systemd.service -O /etc/systemd/system/headscale.service

启动Headscale服务

1
2
systemctl daemon-reload
systemctl enable --now headscale.service

下载安装Tailscale

1
2
3
4
5
6
7
wget https://pkgs.tailscale.com/stable/tailscale_1.76.6_amd64.tgz -O /tmp/tailscale_1.76.6_amd64.tgz
tar -zxvf /tmp/tailscale_1.76.6_amd64.tgz -C /tmp
\mv /tmp/tailscale_1.76.6_amd64/systemd/tailscaled.service /etc/systemd/system/tailscale.service
\mv /tmp/tailscale_1.76.6_amd64/systemd/tailscaled.defaults /etc/default/tailscaled
\mv /tmp/tailscale_1.76.6_amd64/tailscaled /usr/sbin/tailscaled
\mv /tmp/tailscale_1.76.6_amd64/tailscale /usr/bin/tailscale
rm -rf /tmp/tailscale_1.76.6_amd64*

启动Tailscale

1
2
systemctl daemon-reload
systemctl enable --now tailscale.service

Headscale添加新用户

1
headscale user create user01

Headscale查看用户

1
headscale user list

Tailscale接入Headscale

1
2
# tailscale客户端
tailscale up --login-server=https://domain.name --accept-routes=true --accept-dns=false
1
2
# Headscale控制端
headscale nodes register --user user01 --key mkey:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Tailscale查看状态

1
tailscale status

后记

更多配置信息可查看HeadscaleTailscale文档说明。