devproje/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2024-11-30 02:43:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #115 from ohdearaugustin/topic/fix-docu

Browse source 
Topic/fix docu
This commit is contained in:
Juan Font 2021-09-21 09:19:09 +02:00 committed by GitHub
commit 9900b215cc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 76 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

136
README.md
View file

@ -26,7 +26,7 @@ Headscale implements this coordination server.
- [X] ACLs - [X] ACLs
- [X] Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10) - [X] Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10)
- [X] DNS (passing DNS servers to nodes) - [X] DNS (passing DNS servers to nodes)
- [X] Share nodes between ~~users~~ namespaces - [X] Share nodes between ~~users~~ namespaces
- [ ] MagicDNS / Smart DNS - [ ] MagicDNS / Smart DNS
@ -40,74 +40,86 @@ Suggestions/PRs welcomed!
1. Download the Headscale binary https://github.com/juanfont/headscale/releases, and place it somewhere in your PATH or use the docker container 1. Download the Headscale binary https://github.com/juanfont/headscale/releases, and place it somewhere in your PATH or use the docker container
```shell ```shell
docker pull headscale/headscale:x.x.x docker pull headscale/headscale:x.x.x
``` ```
<!-- <!--
or or
```shell ```shell
docker pull ghrc.io/juanfont/headscale:x.x.x docker pull ghrc.io/juanfont/headscale:x.x.x
``` --> ``` -->
2. (Optional, you can also use SQLite) Get yourself a PostgreSQL DB running 2. (Optional, you can also use SQLite) Get yourself a PostgreSQL DB running
```shell ```shell
docker run --name headscale -e POSTGRES_DB=headscale -e \ docker run --name headscale -e POSTGRES_DB=headscale -e \
POSTGRES_USER=foo -e POSTGRES_PASSWORD=bar -p 5432:5432 -d postgres POSTGRES_USER=foo -e POSTGRES_PASSWORD=bar -p 5432:5432 -d postgres
``` ```
3. Set some stuff up (headscale Wireguard keys & the config.json file) 3. Set some stuff up (headscale Wireguard keys & the config.json file)
```shell ```shell
wg genkey > private.key wg genkey > private.key
wg pubkey < private.key > public.key # not needed wg pubkey < private.key > public.key # not needed
# Postgres # Postgres
cp config.json.postgres.example config.json cp config.json.postgres.example config.json
# or # or
# SQLite # SQLite
cp config.json.sqlite.example config.json cp config.json.sqlite.example config.json
``` ```
4. Create a namespace (a namespace is a 'tailnet', a group of Tailscale nodes that can talk to each other) 4. Create a namespace (a namespace is a 'tailnet', a group of Tailscale nodes that can talk to each other)
```shell ```shell
headscale namespaces create myfirstnamespace headscale namespaces create myfirstnamespace
``` ```
or docker: or docker:
```shell
docker run -v ./private.key:/private.key -v ./config.json:/config.json headscale/headscale:x.x.x headscale namespaces create myfirstnamespace the db.sqlite mount is only needed if you use sqlite
``` ```shell
docker run -v $(pwd)/private.key:/private.key -v $(pwd)/config.json:/config.json -v $(pwd)/derp.yaml:/derp.yaml -v $(pwd)/db.sqlite:/db.sqlite -p 127.0.0.1:8000:8000 headscale/headscale:x.x.x headscale create myfirstnamespace
```
or if your server is already running in docker:
```shell
docker exec <container_name> headscale create myfirstnamespace
```
5. Run the server 5. Run the server
```shell ```shell
headscale serve headscale serve
``` ```
or docker: or docker:
```shell
docker run -v $(pwd)/private.key:/private.key -v $(pwd)/config.json:/config.json -v $(pwd)/derp.yaml:/derp.yaml -p 127.0.0.1:8080:8080 headscale/headscale:x.x.x headscale serve
```
6. If you used tailscale.com before in your nodes, make sure you clear the tailscaled data folder the db.sqlite mount is only needed if you use sqlite
```shell ```shell
systemctl stop tailscaled docker run -v $(pwd)/private.key:/private.key -v $(pwd)/config.json:/config.json -v $(pwd)/derp.yaml:/derp.yaml -v $(pwd)/db.sqlite:/db.sqlite -p 127.0.0.1:8000:8000 headscale/headscale:x.x.x headscale serve
rm -fr /var/lib/tailscale ```
systemctl start tailscaled
``` 6. If you used tailscale.com before in your nodes, make sure you clear the tailscald data folder
```shell
systemctl stop tailscaled
rm -fr /var/lib/tailscale
systemctl start tailscaled
```
7. Add your first machine 7. Add your first machine
```shell ```shell
tailscale up -login-server YOUR_HEADSCALE_URL tailscale up -login-server YOUR_HEADSCALE_URL
``` ```
8. Navigate to the URL you will get with `tailscale up`, where you'll find your machine key. 8. Navigate to the URL you will get with `tailscale up`, where you'll find your machine key.
9. In the server, register your machine to a namespace with the CLI 9. In the server, register your machine to a namespace with the CLI
```shell ```shell
headscale -n myfirstnamespace node register YOURMACHINEKEY headscale -n myfirstnamespace node register YOURMACHINEKEY
``` ```
or docker: or docker:
```shell ```shell
docker run -v ./private.key:/private.key -v ./config.json:/config.json headscale/headscale:x.x.x headscale -n myfirstnamespace node register YOURMACHINEKEY docker run -v $(pwd)/private.key:/private.key -v $(pwd)/config.json:/config.json -v $(pwd)/derp.yaml:/derp.yaml headscale/headscale:x.x.x headscale -n myfirstnamespace node register YOURMACHINEKEY
``` ```
or if your server is already running in docker:
```shell
docker exec <container_name> headscale -n myfistnamespace node register YOURMACHINEKEY
```
Alternatively, you can use Auth Keys to register your machines: Alternatively, you can use Auth Keys to register your machines:
@ -115,15 +127,19 @@ Alternatively, you can use Auth Keys to register your machines:
```shell ```shell
headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
``` ```
or docker: or docker:
```shell ```shell
docker run -v ./private.key:/private.key -v ./config.json:/config.json headscale/headscale:x.x.x headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h docker run -v $(pwd)/private.key:/private.key -v $(pwd)/config.json:/config.json -v$(pwd)/derp.yaml:/derp.yaml -v $(pwd)/db.sqlite:/db.sqlite headscale/headscale:x.x.x headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
``` ```
or if your server is already running in docker:
```shell
docker exec <container_name> headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
```
2. Use the authkey from your machine to register it 2. Use the authkey from your machine to register it
```shell ```shell
tailscale up -login-server YOUR_HEADSCALE_URL --authkey YOURAUTHKEY tailscale up -login-server YOUR_HEADSCALE_URL --authkey YOURAUTHKEY
``` ```
If you create an authkey with the `--ephemeral` flag, that key will create ephemeral nodes. This implies that `--reusable` is true. If you create an authkey with the `--ephemeral` flag, that key will create ephemeral nodes. This implies that `--reusable` is true.
@ -206,7 +222,7 @@ Alternatively, `tls_letsencrypt_challenge_type` can be set to `TLS-ALPN-01`. In
### Policy ACLs ### Policy ACLs
Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-hosted environment. Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-hosted environment.
For instance, instead of referring to users when defining groups you must For instance, instead of referring to users when defining groups you must
use namespaces (which are the equivalent to user/logins in Tailscale.com). use namespaces (which are the equivalent to user/logins in Tailscale.com).