Nexmoe

Nexmoe

一个开发者。关于勇敢与热爱,互联网/创造/赛博朋克
twitter
github

Caddy, Docker Simple Self-hosted Tailscale DERP

As a service with end-to-end encryption and the ability to establish peer-to-peer connections, Tailscale now supports connecting up to 100 devices for free, which is more than enough for individual users. Almost all of my local network devices are connected using Tailscale. In a recent article titled "Managing Servers with VS Code, I Have a Unique Server Management Method" (https://zhuanlan.zhihu.com/p/659427990), I mentioned that I really like using Remote SSH and often use Tailscale to create an internal network for remote development using Remote SSH.

However, Tailscale has a problem in the network environment in mainland China, where there are often high latency or connection issues. Fortunately, the official allows users to set up their own DERP servers to act as relays and solve this problem. No longer do you have to worry about the connection being lost halfway through writing code, and the excellent network experience also improves the experience of using VS Code's Port Forwarding for remote preview development.

Since I already have a low-config cloud server, I used to use Caddy as a reverse proxy server to run my Alist project. So this time, I also considered using Caddy as a reverse proxy on the same server to deploy the DERP project.

The main reason for using Caddy is that compared to Nginx, it is very easy to configure and meets most requirements, and it has a good experience in automatic SSL management. It saves a lot of trouble.

Without further ado, let's start the configuration directly.

Configure Docker#

// docker-compose.yml
version: '3'
services:
  derper:
    image: fredliang/derper
    restart: always
    ports:
      - 3478:3478/udp
      - 23333:443
    environment:
      - DERP_DOMAIN=derp.example.com

Then start it.

sudo docker compose up

Configure Caddy#

// Caddyfile
derp.example.com {
    reverse_proxy localhost:23333
}

Reload the configuration of Caddy.

sudo docker compose exec -w /etc/caddy caddy caddy reload

Don't forget to point your domain name to your Caddy server.

Configure Tailscale#

Configure in Access Controls.

Direct link: https://login.tailscale.com/admin/acls/file

{
  // ... Other ACL configurations
  "derpMap": {
    "OmitDefaultRegions": true, // Whether to only connect to self-hosted derper nodes
    "Regions": {
      "900": {
        "RegionID": 900,
        "RegionCode": "myderp",
        "Nodes": [
          {
            "Name": "1",
            "RegionID": 900,
            "HostName": "derp.example.com", // Domain name
            "STUNPort": 3478,
            "DERPPort": 443,
          }
        ]
      }
    }
  }
}

That's it.

References#

  1. GitHub - fredliang44/derper-docker: tailscale's self-hosted derp-server docker image
  2. Custom DERP Servers
  3. How NAT traversal works
  4. Tailscale Basic Tutorial: Deploying Private DERP Relay Servers
  5. Exploring Tailscale DERP Relay Service
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.