<Tailscale>搭建DERP踩坑记录

使用非443端口，需要自己提供证书，去各大云服务商申请免费证书即可

本地打包镜像

FROM golang:latest AS builder
WORKDIR /app

# https://tailscale.com/kb/1118/custom-derp-servers/
RUN go install tailscale.com/cmd/derper@main

FROM ubuntu
WORKDIR /app

ARG DEBIAN_FRONTEND=noninteractive

RUN apt-get update && \
    apt-get install -y --no-install-recommends apt-utils && \
    apt-get install -y ca-certificates && \
    mkdir /app/certs

ENV DERP_DOMAIN hostname
ENV DERP_CERT_MODE manual
ENV DERP_CERT_DIR /app/certs
ENV DERP_ADDR :443
ENV DERP_STUN true
ENV DERP_HTTP_PORT 80
ENV DERP_VERIFY_CLIENTS false

COPY --from=builder /go/bin/derper .

CMD /app/derper --hostname=$DERP_DOMAIN \
    --certmode=$DERP_CERT_MODE \
    --certdir=$DERP_CERT_DIR \
    --a=$DERP_ADDR \
    --stun=$DERP_STUN  \
    --http-port=$DERP_HTTP_PORT \
    --verify-clients=$DERP_VERIFY_CLIENTS

参考信息

https://www.v2ex.com/t/791876
https://github.com/fredliang44/derper-docker/blob/main/Dockerfile

Custom DERP Servers

Users can enable their own custom DERP relays to route traffic through.

TailscaleTailscale

tailscale 设置 Access Controls

{
  "derpMap": {
    "Regions": { 
      "900": {
        "RegionID": 900,
        "RegionCode": "region-code",
        "Nodes": [{
          "Name": "node-name",
          "RegionID": 900,
          "HostName": "your-hostname.com",
          // 可以忽略，备用
          "IPv4": "xxx.xxx.xxx.xxx"
        }]
      }
      // 可以设置多台，只需要修改ID即可，从 900-999
      "901": {
        "RegionID": 901,
        "RegionCode": "region-code",
        "Nodes": [{
          "Name": "node-name",
          "RegionID": 901,
          "HostName": "your-hostname.com",
        }]
      }
    }
  }
}

保存后，断开连接的客户端或者等待几分钟