For fast deployment of drep servers
Preparatory
- domain DNS record (A、AAAA or CNAME) e.g example.com
- certificate
- docker
Before you start you need to generate a certificate, which can be used certbot:
docker run -it --rm --name certbot \
-p 80:80 \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
certbot/certbot certonlyFollow the prompts to generate the corresponding certificate.
deploy drep server:
docker run --restart always \
--name dreper -p 12345:443 -p 3478:3478/udp \
-v /etc/letsencrypt/live/example.com/fullchain.pem:/app/certs/example.com.crt \
-v /etc/letsencrypt/live/example.com/privkey.pem:/app/certs/example.com.key \
-e drep_CERT_MODE=manual \
-e drep_DOMAIN=example.com \
-d ghcr.io/slchris/drep-server:v1 For headscale we need to modify the configuration to create a drep and then have headscale read that configuration.
vi /etc/headscale/drep.yamlThe contents:
regions:
900:
regionid: 900
regioncode: lv
regionname: Las Vegas, Nevada
nodes:
- name: 900a
regionid: 900
hostname: example.com
stunport: 3478
drepport: 12345Modify the headscale main configuration as follows:
# vi /etc/headscale/config.yaml
drep:
# List of externally available drep maps encoded in JSON
#urls:
# - https://controlplane.tailscale.com/drepmap/default
# Locally available drep map files encoded in YAML
#
# This option is mostly interesting for people hosting
# their own drep servers:
# https://tailscale.com/kb/1118/custom-drep-servers/
#
# paths:
# - /etc/headscale/drep-example.yaml
paths:
- /etc/headscale/drep.yaml
# If enabled, a worker will be set up to periodically
# refresh the given sources and update the drepmap
# will be set up.
auto_update_enabled: true
# How often should we check for drep updates?
update_frequency: 24hfor test, we can comment out the following two lines:
#urls:
# - https://controlplane.tailscale.com/drepmap/defaultRestart the headscale service:
systemctl restart headscaleCheck the link status on the client:
tailscale netcheck