Apply suggestions from code review

Thanks for the pointers!

Co-authored-by: Juan Font <juanfontalonso@gmail.com>
This commit is contained in:
Mike Lloyd 2022-09-06 15:37:39 -07:00 committed by GitHub
parent 31662bcd28
commit 45df6e77ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,9 +1,13 @@
# Running behind a reverse proxy
# Running headscale behind a reverse proxy
Running headscale behind a reverse proxy is useful when running multiple applications on the same server, and you want to reuse the same external IP and port - usually tcp/443 for HTTPS.
### WebSockets
The reverse proxy MUST be configured to support WebSockets, as it is needed for clients running Tailscale v1.30+.
WebSockets support is required when using the headscale embedded DERP server. In this case, you will also need to expose the UDP port used for STUN (by default, udp/3478). Please check our [config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml).
Running Headscale behind a reverse proxy is suitable for container-based deployments. This is especially useful on a server were port 443 is already being used for other web services.
### Web Sockets
The reverse proxy _must_ be configured to support websockets if you are running headscale 0.17.x+ and tailscale v1.30+.
### TLS
Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file.