mirror of
https://github.com/juanfont/headscale.git
synced 2024-11-29 18:33:05 +00:00
Fix/improve documentation formatting (#1575)
* Fix docs formatting * .prettierignore add docu --------- Co-authored-by: ohdearaugustin <ohdearaugustin@users.noreply.github.com>
This commit is contained in:
parent
74ff14eb30
commit
4d9021047f
6 changed files with 341 additions and 337 deletions
|
@ -1 +1,6 @@
|
||||||
.github/workflows/test-integration-v2*
|
.github/workflows/test-integration-v2*
|
||||||
|
docs/dns-records.md
|
||||||
|
docs/running-headscale-container.md
|
||||||
|
docs/running-headscale-linux-manual.md
|
||||||
|
docs/running-headscale-linux.md
|
||||||
|
docs/running-headscale-openbsd.md
|
||||||
|
|
|
@ -18,23 +18,25 @@ An example use case is to serve apps on the same host via a reverse proxy like N
|
||||||
|
|
||||||
1. Change the `config.yaml` to contain the desired records like so:
|
1. Change the `config.yaml` to contain the desired records like so:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
dns_config:
|
dns_config:
|
||||||
...
|
...
|
||||||
extra_records:
|
extra_records:
|
||||||
- name: "prometheus.myvpn.example.com"
|
- name: "prometheus.myvpn.example.com"
|
||||||
type: "A"
|
type: "A"
|
||||||
value: "100.64.0.3"
|
value: "100.64.0.3"
|
||||||
|
|
||||||
- name: "grafana.myvpn.example.com"
|
- name: "grafana.myvpn.example.com"
|
||||||
type: "A"
|
type: "A"
|
||||||
value: "100.64.0.3"
|
value: "100.64.0.3"
|
||||||
...
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Restart your headscale instance.
|
1. Restart your headscale instance.
|
||||||
|
|
||||||
Beware of the limitations listed later on!
|
!!! warning
|
||||||
|
|
||||||
|
Beware of the limitations listed later on!
|
||||||
|
|
||||||
### 2. Verify that the records are set
|
### 2. Verify that the records are set
|
||||||
|
|
||||||
|
|
|
@ -17,127 +17,124 @@ not work with alternatives like [Podman](https://podman.io). The Docker image ca
|
||||||
|
|
||||||
1. Prepare a directory on the host Docker node in your directory of choice, used to hold `headscale` configuration and the [SQLite](https://www.sqlite.org/) database:
|
1. Prepare a directory on the host Docker node in your directory of choice, used to hold `headscale` configuration and the [SQLite](https://www.sqlite.org/) database:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
mkdir -p ./headscale/config
|
mkdir -p ./headscale/config
|
||||||
cd ./headscale
|
cd ./headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Create an empty SQlite datebase in the headscale directory:
|
1. Create an empty SQlite datebase in the headscale directory:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
touch ./config/db.sqlite
|
touch ./config/db.sqlite
|
||||||
```
|
```
|
||||||
|
|
||||||
3. **(Strongly Recommended)** Download a copy of the [example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) from the headscale repository.
|
1. **(Strongly Recommended)** Download a copy of the [example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) from the headscale repository.
|
||||||
|
|
||||||
Using wget:
|
- Using `wget`:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
wget -O ./config/config.yaml https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml
|
wget -O ./config/config.yaml https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
Using curl:
|
- Using `curl`:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
curl https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml -o ./config/config.yaml
|
curl https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml -o ./config/config.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
**(Advanced)** If you would like to hand craft a config file **instead** of downloading the example config file, create a blank `headscale` configuration in the headscale directory to edit:
|
- **(Advanced)** If you would like to hand craft a config file **instead** of downloading the example config file, create a blank `headscale` configuration in the headscale directory to edit:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
touch ./config/config.yaml
|
touch ./config/config.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
Modify the config file to your preferences before launching Docker container.
|
Modify the config file to your preferences before launching Docker container.
|
||||||
Here are some settings that you likely want:
|
Here are some settings that you likely want:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# Change to your hostname or host IP
|
# Change to your hostname or host IP
|
||||||
server_url: http://your-host-name:8080
|
server_url: http://your-host-name:8080
|
||||||
# Listen to 0.0.0.0 so it's accessible outside the container
|
# Listen to 0.0.0.0 so it's accessible outside the container
|
||||||
metrics_listen_addr: 0.0.0.0:9090
|
metrics_listen_addr: 0.0.0.0:9090
|
||||||
# The default /var/lib/headscale path is not writable in the container
|
# The default /var/lib/headscale path is not writable in the container
|
||||||
noise:
|
noise:
|
||||||
private_key_path: /etc/headscale/noise_private.key
|
private_key_path: /etc/headscale/noise_private.key
|
||||||
# The default /var/lib/headscale path is not writable in the container
|
# The default /var/lib/headscale path is not writable in the container
|
||||||
derp:
|
derp:
|
||||||
private_key_path: /etc/headscale/private.key
|
private_key_path: /etc/headscale/private.key
|
||||||
# The default /var/run/headscale path is not writable in the container
|
# The default /var/run/headscale path is not writable in the container
|
||||||
unix_socket: /etc/headscale/headscale.sock
|
unix_socket: /etc/headscale/headscale.sock
|
||||||
# The default /var/lib/headscale path is not writable in the container
|
# The default /var/lib/headscale path is not writable in the container
|
||||||
database.type: sqlite3
|
database.type: sqlite3
|
||||||
database.sqlite.path: /etc/headscale/db.sqlite
|
database.sqlite.path: /etc/headscale/db.sqlite
|
||||||
```
|
```
|
||||||
|
|
||||||
Alternatively, you can mount `/var/lib` and `/var/run` from your host system by adding
|
Alternatively, you can mount `/var/lib` and `/var/run` from your host system by adding
|
||||||
`--volume $(pwd)/lib:/var/lib/headscale` and `--volume $(pwd)/run:/var/run/headscale`
|
`--volume $(pwd)/lib:/var/lib/headscale` and `--volume $(pwd)/run:/var/run/headscale`
|
||||||
in the next step.
|
in the next step.
|
||||||
|
|
||||||
4. Start the headscale server while working in the host headscale directory:
|
1. Start the headscale server while working in the host headscale directory:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker run \
|
docker run \
|
||||||
--name headscale \
|
--name headscale \
|
||||||
--detach \
|
--detach \
|
||||||
--volume $(pwd)/config:/etc/headscale/ \
|
--volume $(pwd)/config:/etc/headscale/ \
|
||||||
--publish 127.0.0.1:8080:8080 \
|
--publish 127.0.0.1:8080:8080 \
|
||||||
--publish 127.0.0.1:9090:9090 \
|
--publish 127.0.0.1:9090:9090 \
|
||||||
headscale/headscale:<VERSION> \
|
headscale/headscale:<VERSION> \
|
||||||
headscale serve
|
headscale serve
|
||||||
|
```
|
||||||
|
|
||||||
```
|
Note: use `0.0.0.0:8080:8080` instead of `127.0.0.1:8080:8080` if you want to expose the container externally.
|
||||||
|
|
||||||
Note: use `0.0.0.0:8080:8080` instead of `127.0.0.1:8080:8080` if you want to expose the container externally.
|
This command will mount `config/` under `/etc/headscale`, forward port 8080 out of the container so the
|
||||||
|
`headscale` instance becomes available and then detach so headscale runs in the background.
|
||||||
|
|
||||||
This command will mount `config/` under `/etc/headscale`, forward port 8080 out of the container so the
|
Example `docker-compose.yaml`
|
||||||
`headscale` instance becomes available and then detach so headscale runs in the background.
|
|
||||||
|
|
||||||
Example `docker-compose.yaml`
|
```yaml
|
||||||
|
version: "3.7"
|
||||||
|
|
||||||
|
services:
|
||||||
|
headscale:
|
||||||
|
image: headscale/headscale:0.22.3
|
||||||
|
restart: unless-stopped
|
||||||
|
container_name: headscale
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:8080:8080"
|
||||||
|
- "127.0.0.1:9090:9090"
|
||||||
|
volumes:
|
||||||
|
# pls change [config_path] to the fullpath of the config folder just created
|
||||||
|
- [config_path]:/etc/headscale
|
||||||
|
command: headscale serve
|
||||||
|
```
|
||||||
|
|
||||||
```yaml
|
1. Verify `headscale` is running:
|
||||||
version: "3.7"
|
Follow the container logs:
|
||||||
|
|
||||||
services:
|
```shell
|
||||||
headscale:
|
docker logs --follow headscale
|
||||||
image: headscale/headscale:0.22.3
|
```
|
||||||
restart: unless-stopped
|
|
||||||
container_name: headscale
|
|
||||||
ports:
|
|
||||||
- "127.0.0.1:8080:8080"
|
|
||||||
- "127.0.0.1:9090:9090"
|
|
||||||
volumes:
|
|
||||||
# pls change [config_path] to the fullpath of the config folder just created
|
|
||||||
- [config_path]:/etc/headscale
|
|
||||||
command: headscale serve
|
|
||||||
|
|
||||||
```
|
Verify running containers:
|
||||||
|
|
||||||
5. Verify `headscale` is running:
|
```shell
|
||||||
|
docker ps
|
||||||
|
```
|
||||||
|
|
||||||
Follow the container logs:
|
Verify `headscale` is available:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker logs --follow headscale
|
curl http://127.0.0.1:9090/metrics
|
||||||
```
|
```
|
||||||
|
|
||||||
Verify running containers:
|
1. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker ps
|
docker exec headscale \
|
||||||
```
|
headscale users create myfirstuser
|
||||||
|
```
|
||||||
Verify `headscale` is available:
|
|
||||||
|
|
||||||
```shell
|
|
||||||
curl http://127.0.0.1:9090/metrics
|
|
||||||
```
|
|
||||||
|
|
||||||
6. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
|
|
||||||
|
|
||||||
```shell
|
|
||||||
docker exec headscale \
|
|
||||||
headscale users create myfirstuser
|
|
||||||
```
|
|
||||||
|
|
||||||
### Register a machine (normal login)
|
### Register a machine (normal login)
|
||||||
|
|
||||||
|
|
|
@ -15,78 +15,77 @@ describing how to make `headscale` run properly in a server environment.
|
||||||
|
|
||||||
1. Download the latest [`headscale` binary from GitHub's release page](https://github.com/juanfont/headscale/releases):
|
1. Download the latest [`headscale` binary from GitHub's release page](https://github.com/juanfont/headscale/releases):
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
wget --output-document=/usr/local/bin/headscale \
|
wget --output-document=/usr/local/bin/headscale \
|
||||||
https://github.com/juanfont/headscale/releases/download/v<HEADSCALE VERSION>/headscale_<HEADSCALE VERSION>_linux_<ARCH>
|
https://github.com/juanfont/headscale/releases/download/v<HEADSCALE VERSION>/headscale_<HEADSCALE VERSION>_linux_<ARCH>
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Make `headscale` executable:
|
1. Make `headscale` executable:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
chmod +x /usr/local/bin/headscale
|
chmod +x /usr/local/bin/headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Prepare a directory to hold `headscale` configuration and the [SQLite](https://www.sqlite.org/) database:
|
1. Prepare a directory to hold `headscale` configuration and the [SQLite](https://www.sqlite.org/) database:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
# Directory for configuration
|
# Directory for configuration
|
||||||
|
|
||||||
mkdir -p /etc/headscale
|
mkdir -p /etc/headscale
|
||||||
|
|
||||||
# Directory for Database, and other variable data (like certificates)
|
# Directory for Database, and other variable data (like certificates)
|
||||||
mkdir -p /var/lib/headscale
|
mkdir -p /var/lib/headscale
|
||||||
# or if you create a headscale user:
|
# or if you create a headscale user:
|
||||||
useradd \
|
useradd \
|
||||||
--create-home \
|
--create-home \
|
||||||
--home-dir /var/lib/headscale/ \
|
--home-dir /var/lib/headscale/ \
|
||||||
--system \
|
--system \
|
||||||
--user-group \
|
--user-group \
|
||||||
--shell /usr/sbin/nologin \
|
--shell /usr/sbin/nologin \
|
||||||
headscale
|
headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Create an empty SQLite database:
|
1. Create an empty SQLite database:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
touch /var/lib/headscale/db.sqlite
|
touch /var/lib/headscale/db.sqlite
|
||||||
```
|
```
|
||||||
|
|
||||||
5. Create a `headscale` configuration:
|
1. Create a `headscale` configuration:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
touch /etc/headscale/config.yaml
|
touch /etc/headscale/config.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
**(Strongly Recommended)** Download a copy of the [example configuration][config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml) from the headscale repository.
|
**(Strongly Recommended)** Download a copy of the [example configuration][config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml) from the headscale repository.
|
||||||
|
|
||||||
6. Start the headscale server:
|
1. Start the headscale server:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
headscale serve
|
headscale serve
|
||||||
```
|
```
|
||||||
|
|
||||||
This command will start `headscale` in the current terminal session.
|
This command will start `headscale` in the current terminal session.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
To continue the tutorial, open a new terminal and let it run in the background.
|
To continue the tutorial, open a new terminal and let it run in the background.
|
||||||
Alternatively use terminal emulators like [tmux](https://github.com/tmux/tmux) or [screen](https://www.gnu.org/software/screen/).
|
Alternatively use terminal emulators like [tmux](https://github.com/tmux/tmux) or [screen](https://www.gnu.org/software/screen/).
|
||||||
|
|
||||||
To run `headscale` in the background, please follow the steps in the [SystemD section](#running-headscale-in-the-background-with-systemd) before continuing.
|
To run `headscale` in the background, please follow the steps in the [SystemD section](#running-headscale-in-the-background-with-systemd) before continuing.
|
||||||
|
|
||||||
7. Verify `headscale` is running:
|
1. Verify `headscale` is running:
|
||||||
|
Verify `headscale` is available:
|
||||||
|
|
||||||
Verify `headscale` is available:
|
```shell
|
||||||
|
curl http://127.0.0.1:9090/metrics
|
||||||
|
```
|
||||||
|
|
||||||
```shell
|
1. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
|
||||||
curl http://127.0.0.1:9090/metrics
|
|
||||||
```
|
|
||||||
|
|
||||||
8. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
|
```shell
|
||||||
|
headscale users create myfirstuser
|
||||||
```shell
|
```
|
||||||
headscale users create myfirstuser
|
|
||||||
```
|
|
||||||
|
|
||||||
### Register a machine (normal login)
|
### Register a machine (normal login)
|
||||||
|
|
||||||
|
@ -118,81 +117,81 @@ tailscale up --login-server <YOUR_HEADSCALE_URL> --authkey <YOUR_AUTH_KEY>
|
||||||
|
|
||||||
## Running `headscale` in the background with SystemD
|
## Running `headscale` in the background with SystemD
|
||||||
|
|
||||||
:warning: **Deprecated**: This part is very outdated and you should use the [pre-packaged Headscale for this](./running-headscale-linux.md
|
:warning: **Deprecated**: This part is very outdated and you should use the [pre-packaged Headscale for this](./running-headscale-linux.md)
|
||||||
|
|
||||||
This section demonstrates how to run `headscale` as a service in the background with [SystemD](https://www.freedesktop.org/wiki/Software/systemd/).
|
This section demonstrates how to run `headscale` as a service in the background with [SystemD](https://www.freedesktop.org/wiki/Software/systemd/).
|
||||||
This should work on most modern Linux distributions.
|
This should work on most modern Linux distributions.
|
||||||
|
|
||||||
1. Create a SystemD service configuration at `/etc/systemd/system/headscale.service` containing:
|
1. Create a SystemD service configuration at `/etc/systemd/system/headscale.service` containing:
|
||||||
|
|
||||||
```systemd
|
```systemd
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=headscale controller
|
Description=headscale controller
|
||||||
After=syslog.target
|
After=syslog.target
|
||||||
After=network.target
|
After=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
User=headscale
|
User=headscale
|
||||||
Group=headscale
|
Group=headscale
|
||||||
ExecStart=/usr/local/bin/headscale serve
|
ExecStart=/usr/local/bin/headscale serve
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
|
|
||||||
# Optional security enhancements
|
# Optional security enhancements
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
ProtectSystem=strict
|
ProtectSystem=strict
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
WorkingDirectory=/var/lib/headscale
|
WorkingDirectory=/var/lib/headscale
|
||||||
ReadWritePaths=/var/lib/headscale /var/run/headscale
|
ReadWritePaths=/var/lib/headscale /var/run/headscale
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
RuntimeDirectory=headscale
|
RuntimeDirectory=headscale
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
```
|
```
|
||||||
|
|
||||||
Note that when running as the headscale user ensure that, either you add your current user to the headscale group:
|
Note that when running as the headscale user ensure that, either you add your current user to the headscale group:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
usermod -a -G headscale current_user
|
usermod -a -G headscale current_user
|
||||||
```
|
```
|
||||||
|
|
||||||
or run all headscale commands as the headscale user:
|
or run all headscale commands as the headscale user:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
su - headscale
|
su - headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
2. In `/etc/headscale/config.yaml`, override the default `headscale` unix socket with path that is writable by the `headscale` user or group:
|
1. In `/etc/headscale/config.yaml`, override the default `headscale` unix socket with path that is writable by the `headscale` user or group:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
unix_socket: /var/run/headscale/headscale.sock
|
unix_socket: /var/run/headscale/headscale.sock
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Reload SystemD to load the new configuration file:
|
1. Reload SystemD to load the new configuration file:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Enable and start the new `headscale` service:
|
1. Enable and start the new `headscale` service:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
systemctl enable --now headscale
|
systemctl enable --now headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
5. Verify the headscale service:
|
1. Verify the headscale service:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
systemctl status headscale
|
systemctl status headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
Verify `headscale` is available:
|
Verify `headscale` is available:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
curl http://127.0.0.1:9090/metrics
|
curl http://127.0.0.1:9090/metrics
|
||||||
```
|
```
|
||||||
|
|
||||||
`headscale` will now run in the background and start at boot.
|
`headscale` will now run in the background and start at boot.
|
||||||
|
|
|
@ -22,40 +22,40 @@ configuration (`/etc/headscale/config.yaml`).
|
||||||
|
|
||||||
1. Download the lastest Headscale package for your platform (`.deb` for Ubuntu and Debian) from [Headscale's releases page](https://github.com/juanfont/headscale/releases):
|
1. Download the lastest Headscale package for your platform (`.deb` for Ubuntu and Debian) from [Headscale's releases page](https://github.com/juanfont/headscale/releases):
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
wget --output-document=headscale.deb \
|
wget --output-document=headscale.deb \
|
||||||
https://github.com/juanfont/headscale/releases/download/v<HEADSCALE VERSION>/headscale_<HEADSCALE VERSION>_linux_<ARCH>.deb
|
https://github.com/juanfont/headscale/releases/download/v<HEADSCALE VERSION>/headscale_<HEADSCALE VERSION>_linux_<ARCH>.deb
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Install Headscale:
|
1. Install Headscale:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
sudo dpkg --install headscale.deb
|
sudo dpkg --install headscale.deb
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Enable Headscale service, this will start Headscale at boot:
|
1. Enable Headscale service, this will start Headscale at boot:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
sudo systemctl enable headscale
|
sudo systemctl enable headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Configure Headscale by editing the configuration file:
|
1. Configure Headscale by editing the configuration file:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
nano /etc/headscale/config.yaml
|
nano /etc/headscale/config.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
5. Start Headscale:
|
1. Start Headscale:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
sudo systemctl start headscale
|
sudo systemctl start headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
6. Check that Headscale is running as intended:
|
1. Check that Headscale is running as intended:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
systemctl status headscale
|
systemctl status headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
## Using Headscale
|
## Using Headscale
|
||||||
|
|
||||||
|
|
|
@ -15,115 +15,116 @@ describing how to make `headscale` run properly in a server environment.
|
||||||
|
|
||||||
## Install `headscale`
|
## Install `headscale`
|
||||||
|
|
||||||
1. Install from ports (Not Recommend)
|
1. Install from ports (not recommended)
|
||||||
|
|
||||||
As of OpenBSD 7.2, there's a headscale in ports collection, however, it's severely outdated(v0.12.4).
|
!!! info
|
||||||
You can install it via `pkg_add headscale`.
|
|
||||||
|
|
||||||
2. Install from source on OpenBSD 7.2
|
As of OpenBSD 7.2, there's a headscale in ports collection, however, it's severely outdated(v0.12.4). You can install it via `pkg_add headscale`.
|
||||||
|
|
||||||
```shell
|
1. Install from source on OpenBSD 7.2
|
||||||
# Install prerequistes
|
|
||||||
pkg_add go
|
|
||||||
|
|
||||||
git clone https://github.com/juanfont/headscale.git
|
```shell
|
||||||
|
# Install prerequistes
|
||||||
|
pkg_add go
|
||||||
|
|
||||||
cd headscale
|
git clone https://github.com/juanfont/headscale.git
|
||||||
|
|
||||||
# optionally checkout a release
|
cd headscale
|
||||||
# option a. you can find offical relase at https://github.com/juanfont/headscale/releases/latest
|
|
||||||
# option b. get latest tag, this may be a beta release
|
|
||||||
latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
|
|
||||||
|
|
||||||
git checkout $latestTag
|
# optionally checkout a release
|
||||||
|
# option a. you can find offical relase at https://github.com/juanfont/headscale/releases/latest
|
||||||
|
# option b. get latest tag, this may be a beta release
|
||||||
|
latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||||
|
|
||||||
go build -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$latestTag" github.com/juanfont/headscale
|
git checkout $latestTag
|
||||||
|
|
||||||
# make it executable
|
go build -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$latestTag" github.com/juanfont/headscale
|
||||||
chmod a+x headscale
|
|
||||||
|
|
||||||
# copy it to /usr/local/sbin
|
# make it executable
|
||||||
cp headscale /usr/local/sbin
|
chmod a+x headscale
|
||||||
```
|
|
||||||
|
|
||||||
3. Install from source via cross compile
|
# copy it to /usr/local/sbin
|
||||||
|
cp headscale /usr/local/sbin
|
||||||
|
```
|
||||||
|
|
||||||
```shell
|
1. Install from source via cross compile
|
||||||
# Install prerequistes
|
|
||||||
# 1. go v1.20+: headscale newer than 0.21 needs go 1.20+ to compile
|
|
||||||
# 2. gmake: Makefile in the headscale repo is written in GNU make syntax
|
|
||||||
|
|
||||||
git clone https://github.com/juanfont/headscale.git
|
```shell
|
||||||
|
# Install prerequistes
|
||||||
|
# 1. go v1.20+: headscale newer than 0.21 needs go 1.20+ to compile
|
||||||
|
# 2. gmake: Makefile in the headscale repo is written in GNU make syntax
|
||||||
|
|
||||||
cd headscale
|
git clone https://github.com/juanfont/headscale.git
|
||||||
|
|
||||||
# optionally checkout a release
|
cd headscale
|
||||||
# option a. you can find offical relase at https://github.com/juanfont/headscale/releases/latest
|
|
||||||
# option b. get latest tag, this may be a beta release
|
|
||||||
latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
|
|
||||||
|
|
||||||
git checkout $latestTag
|
# optionally checkout a release
|
||||||
|
# option a. you can find offical relase at https://github.com/juanfont/headscale/releases/latest
|
||||||
|
# option b. get latest tag, this may be a beta release
|
||||||
|
latestTag=$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||||
|
|
||||||
make build GOOS=openbsd
|
git checkout $latestTag
|
||||||
|
|
||||||
# copy headscale to openbsd machine and put it in /usr/local/sbin
|
make build GOOS=openbsd
|
||||||
```
|
|
||||||
|
# copy headscale to openbsd machine and put it in /usr/local/sbin
|
||||||
|
```
|
||||||
|
|
||||||
## Configure and run `headscale`
|
## Configure and run `headscale`
|
||||||
|
|
||||||
1. Prepare a directory to hold `headscale` configuration and the [SQLite](https://www.sqlite.org/) database:
|
1. Prepare a directory to hold `headscale` configuration and the [SQLite](https://www.sqlite.org/) database:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
# Directory for configuration
|
# Directory for configuration
|
||||||
|
|
||||||
mkdir -p /etc/headscale
|
mkdir -p /etc/headscale
|
||||||
|
|
||||||
# Directory for Database, and other variable data (like certificates)
|
# Directory for Database, and other variable data (like certificates)
|
||||||
mkdir -p /var/lib/headscale
|
mkdir -p /var/lib/headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Create an empty SQLite database:
|
1. Create an empty SQLite database:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
touch /var/lib/headscale/db.sqlite
|
touch /var/lib/headscale/db.sqlite
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Create a `headscale` configuration:
|
1. Create a `headscale` configuration:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
touch /etc/headscale/config.yaml
|
touch /etc/headscale/config.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
**(Strongly Recommended)** Download a copy of the [example configuration][config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml) from the headscale repository.
|
**(Strongly Recommended)** Download a copy of the [example configuration][config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml) from the headscale repository.
|
||||||
|
|
||||||
4. Start the headscale server:
|
1. Start the headscale server:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
headscale serve
|
headscale serve
|
||||||
```
|
```
|
||||||
|
|
||||||
This command will start `headscale` in the current terminal session.
|
This command will start `headscale` in the current terminal session.
|
||||||
|
|
||||||
---
|
***
|
||||||
|
|
||||||
To continue the tutorial, open a new terminal and let it run in the background.
|
To continue the tutorial, open a new terminal and let it run in the background.
|
||||||
Alternatively use terminal emulators like [tmux](https://github.com/tmux/tmux).
|
Alternatively use terminal emulators like [tmux](https://github.com/tmux/tmux).
|
||||||
|
|
||||||
To run `headscale` in the background, please follow the steps in the [rc.d section](#running-headscale-in-the-background-with-rcd) before continuing.
|
To run `headscale` in the background, please follow the steps in the [rc.d section](#running-headscale-in-the-background-with-rcd) before continuing.
|
||||||
|
|
||||||
5. Verify `headscale` is running:
|
1. Verify `headscale` is running:
|
||||||
|
|
||||||
Verify `headscale` is available:
|
Verify `headscale` is available:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
curl http://127.0.0.1:9090/metrics
|
curl http://127.0.0.1:9090/metrics
|
||||||
```
|
```
|
||||||
|
|
||||||
6. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
|
1. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
headscale users create myfirstuser
|
headscale users create myfirstuser
|
||||||
```
|
```
|
||||||
|
|
||||||
### Register a machine (normal login)
|
### Register a machine (normal login)
|
||||||
|
|
||||||
|
@ -159,51 +160,51 @@ This section demonstrates how to run `headscale` as a service in the background
|
||||||
|
|
||||||
1. Create a rc.d service at `/etc/rc.d/headscale` containing:
|
1. Create a rc.d service at `/etc/rc.d/headscale` containing:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
#!/bin/ksh
|
#!/bin/ksh
|
||||||
|
|
||||||
daemon="/usr/local/sbin/headscale"
|
daemon="/usr/local/sbin/headscale"
|
||||||
daemon_logger="daemon.info"
|
daemon_logger="daemon.info"
|
||||||
daemon_user="root"
|
daemon_user="root"
|
||||||
daemon_flags="serve"
|
daemon_flags="serve"
|
||||||
daemon_timeout=60
|
daemon_timeout=60
|
||||||
|
|
||||||
. /etc/rc.d/rc.subr
|
. /etc/rc.d/rc.subr
|
||||||
|
|
||||||
rc_bg=YES
|
rc_bg=YES
|
||||||
rc_reload=NO
|
rc_reload=NO
|
||||||
|
|
||||||
rc_cmd $1
|
rc_cmd $1
|
||||||
```
|
```
|
||||||
|
|
||||||
2. `/etc/rc.d/headscale` needs execute permission:
|
1. `/etc/rc.d/headscale` needs execute permission:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
chmod a+x /etc/rc.d/headscale
|
chmod a+x /etc/rc.d/headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Start `headscale` service:
|
1. Start `headscale` service:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
rcctl start headscale
|
rcctl start headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Make `headscale` service start at boot:
|
1. Make `headscale` service start at boot:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
rcctl enable headscale
|
rcctl enable headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
5. Verify the headscale service:
|
1. Verify the headscale service:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
rcctl check headscale
|
rcctl check headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
Verify `headscale` is available:
|
Verify `headscale` is available:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
curl http://127.0.0.1:9090/metrics
|
curl http://127.0.0.1:9090/metrics
|
||||||
```
|
```
|
||||||
|
|
||||||
`headscale` will now run in the background and start at boot.
|
`headscale` will now run in the background and start at boot.
|
||||||
|
|
Loading…
Reference in a new issue