Headscale failes to acknowledge Peers (Docker)

[bharathmsd7]

Descriptions

Trying to build a docker contianer using the binary from release v0.3.3. But the peer got hanged while connecting to headscale using tailscale up -login-server HEADSCALE_URL --authkey AUTHKEY. Headscale accepts the connection request and list the connected nodes while running headscale -n namespace nodes list, In peer running tailscale status shows logged out.

NOTE : Running headscale in the host machine works fine, only problem is while running it as a container.

Configurations

Using Ubuntu 18.04 as base image, private.key and drep.yaml remains unchanged.
Binary https://github.com/juanfont/headscale/releases/download/v0.3.3/headscale_0.3.3_linux_amd64 used for building this image.

Dockerfile

FROM ubuntu:18.04

COPY private.key    /etc/headscale/private.key
COPY config.json    /etc/headscale/config.json
COPY derp.yaml      /etc/headscale/derp.yaml
COPY entrypoint.sh  /etc/headscale/entrypoint.sh	

COPY headscale   /usr/bin/headscale

ENV TZ UTC
EXPOSE 8000/tcp

WORKDIR /etc/headscale/

ENTRYPOINT ["./entrypoint.sh"]

Config.json

{
    "server_url": "http://127.0.0.1:8000",
    "listen_addr": "0.0.0.0:8000",
    "private_key_path": "private.key",
    "derp_map_path": "derp.yaml",
    "ephemeral_node_inactivity_timeout": "30m",
    "db_type": "postgres",
    "db_host": "headscale-db",
    "db_port": 5432,
    "db_name": "headscale",
    "db_user": "foo",
    "db_pass": "bar",
    "tls_letsencrypt_hostname": "",
    "tls_letsencrypt_listen": ":http",
    "tls_letsencrypt_cache_dir": ".cache",
    "tls_letsencrypt_challenge_type": "HTTP-01",
    "tls_cert_path": "",
    "tls_key_path": "",
    "acl_policy_path": ""
}

Entrypoint.sh

#!/bin/sh

headscale namespaces create namespace
headscale -n namespace preauthkeys create --reusable > /etc/headscale/external/authkey.txt
headscale serve

docker-compose.yaml

version: "3.3"

networks:
  headscale-network:

volumes:
  headscale-db:
  headscale-auth:

services:
  PostgresDB:
    image: postgres:latest
    ports:
      - 5432:5432
    environment:
      - POSTGRES_DB=headscale
      - POSTGRES_USER=foo
      - POSTGRES_PASSWORD=bar
    volumes:
      - headscale-db:/var/lib/postgresql/data
    networks:
      headscale-network:
        aliases:
          - headscale-db

  Headscale-Server:
    image: headscale:ubuntu18.04
    ports:
      - 8000:8000
    volumes:
      - headscale-auth:/etc/headscale/external
    depends_on:
      - PostgresDB
    networks:
      headscale-network:
        aliases:
          - headscale-server

[juanfont]

Can you check changing the ports in Headscale-Server to 0.0.0.0:8000:8000 ?

[bharathmsd7]

Changing the server_url in config.json works for me

"server_url": "http://127.0.0.1:8000" to "server_url": "http://0.0.0.0:8000"

After sometime it again fails.

[bharathmsd7]

Is there is any way to find more detailed logs,
becoz in headscale serve it shows just like Successfully authenticated via AuthKey
But in peer tailscale up -login-server HEADSCALE_URL --authkey AUTHKEY got hanged.