下载安装Headscale

wget https://github.com/juanfont/headscale/releases/download/v0.25.1/headscale_0.25.1_linux_amd64.deb
dpkg -i headscale_0.25.1_linux_amd64.deb

修改Headscale配置文件

sed -i "s|^server_url:.*|server_url: https://t.wzh.kim|" /etc/headscale/config.yaml
sed -i "s|^listen_addr:.*|listen_addr: 0.0.0.0:8080|" /etc/headscale/config.yaml
sed -i "s|^\( *\)v4: 100.64.0.0/10|\1v4: 192.168.100.0/24|" /etc/headscale/config.yaml
sed -i "s|^\( *\)stun_listen_addr:.*|\1#stun_listen_addr: "0.0.0.0:3478"|" /etc/headscale/config.yaml
sed -i "s|^randomize_client_port:.*|randomize_client_port: true|" /etc/headscale/config.yaml
sed -i "s|^\( *\)urls:|\1urls: []|" /etc/headscale/config.yaml
sed -i "s|^\( *\)- https://controlplane.tailscale.com/derpmap/default|\1#- https://controlplane.tailscale.com/derpmap/default|" /etc/headscale/config.yaml
sed -i "s|^  paths:.*|  paths: /etc/headscale/derp.yaml|" /etc/headscale/config.yaml
sed -i "s|^\( *\)base_domain:.*|\1base_domain: d.wzh.kim|" /etc/headscale/config.yaml

设置自建DERP节点

cat > /etc/headscale/derp.yaml << EOF
regions:
  900:
    regionid: 900
    regioncode: cni
    regionname: Nanjing
    nodes:
      - name: 900a
        regionid: 900
        hostname: t.wzh.kim
        ipv4: 146.56.203.150
        ipv6: "2402:4e00:c021:3700:4e42:9970:228:0"
        stunport: 13478
        stunonly: false
        derpport: 12345
EOF

反向代理Headscale配置文件

#PROXY-START/
location /
{
    proxy_pass http://127.0.0.1:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $server_name;
    proxy_redirect http:// https://;
    proxy_buffering off;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}
#PROXY-END/

Headscale ui配置文件

location /web
{
    alias /www/wwwroot/t.wzh.kim/web;
    try_files $uri $uri/ /index.html;
}

设置开机自启并启动

systemctl enable headscale
systemctl start headscale

生成web apikeys密钥

headscale apikeys create --expiration 365d

创建用户

headscale users create <USER>

列出现有用户

headscale users list

删除用户

headscale users destroy -n <USER>

正常的交互式登录

tailscale up --login-server <YOUR_HEADSCALE_URL>

在 Headscale 服务器上批准并注册节点

headscale nodes register --user <USER> --key <YOUR_MACHINE_KEY>

使用 preauthkey。密钥的有效期为 365天，并且可以重复使用

headscale preauthkeys create --user <USER> --expiration 365d --reusable

该命令在成功时返回 preauthkey，该密钥用于通过命令将节点连接到 headscale 实例：

tailscale up --login-server <YOUR_HEADSCALE_URL> --auth-key <YOUR_AUTH_KEY>

注册节点并使其将自身公布为出口节点,通告路由网段

tailscale up --login-server <YOUR_HEADSCALE_URL> --auth-key <YOUR_AUTH_KEY> --advertise-exit-node --advertise-routes=

检查当前主机的路由表

tailscale netcheck

查看网络状态

tailscale status

查看路由状态

headscale routes list

启用路由

-r 参数是 headscale routes list列出的路由 id

headscale route disable -r 1
headscale route disable -r 2
headscale route enable -r 1
headscale route enable -r 2

启动服务

systemctl start headscale

关闭服务

systemctl stop headscale

开机自启

systemctl enable headscale

查看状态

systemctl status headscale