WeAir

安装Headscale及Tailscale

Tailscale是一款基于WireGuard的组网工具,Headscale是一款Tailscale控制服务器的开源实现。

下载Headscale

1
2
wget https://github.com/juanfont/headscale/releases/download/v0.29.2/headscale_0.29.2_linux_amd64 -O /usr/bin/headscale
chmod +x /usr/bin/headscale

创建Headscale用户及运行目录

1
2
3
4
groupadd headscale
useradd -M -s `which nologin` -g headscale headscale
mkdir -p /etc/headscale /var/lib/headscale
chown -R headscale:headscale /var/lib/headscale

下载并配置Headscale配置文件

1
wget https://raw.githubusercontent.com/juanfont/headscale/v0.29.2/config-example.yaml -O /etc/headscale/config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
# 修改server_url地址
server_url: https://domain.name
listen_addr: 127.0.0.1:8080
...
# 关闭IPv6地址
prefixes:
v4: 100.64.0.0/10
# v6: fd7a:115c:a1e0::/48
...
# 关闭MagicDNS
dns:
magic_dns: false
...

配置Nginx反代

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# headscale
upstream headscale {
zone upstreams 64K;
server 127.0.0.1:8080 max_fails=1 fail_timeout=5s;
keepalive 2;
}

# websocket
map $http_upgrade $connection_upgrade {
default keep-alive;
'' close;
}

# http
server {
listen 80;
listen [::]:80;

server_name domain.name;

# Tailscale captive portal detection
location = /generate_204 {
return 204;
}

location / {
return 301 https://$server_name$request_uri;
}
}

# https
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;

server_name domain.name;

ssl_certificate /path/cert.crt;
ssl_certificate_key /path/cert.key;

location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header True-Client-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_pass http://headscale;
}
}

测试配置

1
headscale configtest

创建Systemd服务

1
wget https://raw.githubusercontent.com/juanfont/headscale/refs/heads/main/packaging/systemd/headscale.service -O /etc/systemd/system/headscale.service

启动Headscale服务

1
2
systemctl daemon-reload
systemctl enable --now headscale.service

下载安装Tailscale

1
2
3
4
5
6
7
wget https://pkgs.tailscale.com/stable/tailscale_1.98.4_amd64.tgz -O /tmp/tailscale_1.98.4_amd64.tgz
tar -zxvf /tmp/tailscale_1.98.4_amd64.tgz -C /tmp
\mv /tmp/tailscale_1.98.4_amd64/systemd/tailscaled.service /etc/systemd/system/tailscaled.service
\mv /tmp/tailscale_1.98.4_amd64/systemd/tailscaled.defaults /etc/default/tailscaled
\mv /tmp/tailscale_1.98.4_amd64/tailscaled /usr/sbin/tailscaled
\mv /tmp/tailscale_1.98.4_amd64/tailscale /usr/bin/tailscale
rm -rf /tmp/tailscale_1.98.4_amd64*

启动Tailscale

1
2
systemctl daemon-reload
systemctl enable --now tailscaled.service

Headscale添加新用户

1
headscale users create user01

Headscale查看用户

1
headscale users list

Tailscale接入Headscale

1
2
# tailscale客户端
tailscale up --login-server=https://domain.name --accept-routes=true --accept-dns=false
1
2
# Headscale控制端
headscale nodes register --user user01 --key mkey:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Tailscale查看状态

1
tailscale status

后记

更多配置信息可查看HeadscaleTailscale文档说明。