As a service with end-to-end encryption and the ability to establish peer-to-peer connections, Tailscale now supports connecting up to 100 devices for free, which is more than enough for individual users. Almost all of my local network devices are connected using Tailscale. In a recent article titled "Managing Servers with VS Code, I Have a Unique Server Management Method" (https://zhuanlan.zhihu.com/p/659427990), I mentioned that I really like using Remote SSH and often use Tailscale to create an internal network for remote development using Remote SSH.
However, Tailscale has a problem in the network environment in mainland China, where there are often high latency or connection issues. Fortunately, the official allows users to set up their own DERP servers to act as relays and solve this problem. No longer do you have to worry about the connection being lost halfway through writing code, and the excellent network experience also improves the experience of using VS Code's Port Forwarding for remote preview development.
Since I already have a low-config cloud server, I used to use Caddy as a reverse proxy server to run my Alist project. So this time, I also considered using Caddy as a reverse proxy on the same server to deploy the DERP project.
The main reason for using Caddy is that compared to Nginx, it is very easy to configure and meets most requirements, and it has a good experience in automatic SSL management. It saves a lot of trouble.
Without further ado, let's start the configuration directly.
Configure Docker#
// docker-compose.yml
version: '3'
services:
derper:
image: fredliang/derper
restart: always
ports:
- 3478:3478/udp
- 23333:443
environment:
- DERP_DOMAIN=derp.example.com
Then start it.
sudo docker compose up
Configure Caddy#
// Caddyfile
derp.example.com {
reverse_proxy localhost:23333
}
Reload the configuration of Caddy.
sudo docker compose exec -w /etc/caddy caddy caddy reload
Don't forget to point your domain name to your Caddy server.
Configure Tailscale#
Configure in Access Controls.
Direct link: https://login.tailscale.com/admin/acls/file
{
// ... Other ACL configurations
"derpMap": {
"OmitDefaultRegions": true, // Whether to only connect to self-hosted derper nodes
"Regions": {
"900": {
"RegionID": 900,
"RegionCode": "myderp",
"Nodes": [
{
"Name": "1",
"RegionID": 900,
"HostName": "derp.example.com", // Domain name
"STUNPort": 3478,
"DERPPort": 443,
}
]
}
}
}
}
That's it.