我迁我迁！Headscale迁移Derp自建中继节点记录

使用非标端口，国内机子+备案域名。

https://github.com/NicoOrz/Tailscale-DERP-Docker

用的是这个docker项目

修改env文件

[root@VM-20-12-centos Tailscale-DERP-Docker]# cat .env 
TAILSCALE_DERP_HOSTNAME=域名
TAILSCALE_DERP_VERIFY_CLIENTS=true
TAILSCALE_DERP_CERTMODE=letsencrypt
#TAILSCALE_AUTH_KEY="NO NEED"

修改docker-compose.yml

[root@VM-20-12-centos Tailscale-DERP-Docker]# cat docker-compose.yml 
version: '3'

services:
   tailscale-derp:
       container_name: tailscale-derp
       image: tailscale-derp-docker:1.0
       hostname: ${TAILSCALE_DERP_HOSTNAME}
       volumes:
         - /lib/modules:/lib/modules:ro
        #- $PWD/certs:/root/derper/${TAILSCALE_DERP_HOSTNAME}
         - $PWD/config:/var/lib/tailscale
         - /opt/1panel/www/sites/www.ushio.ink/ssl/fullchain.pem:/root/derper/${TAILSCALE_DERP_HOSTNAME}/${TAILSCALE_DERP_HOSTNAME}.crt
         - /opt/1panel/www/sites/www.ushio.ink/ssl/privkey.pem:/root/derper/${TAILSCALE_DERP_HOSTNAME}/${TAILSCALE_DERP_HOSTNAME}.key
         - /run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock 
       cap_add:
         - NET_ADMIN
         - NET_RAW
       environment:
         - TAILSCALE_DERP_HOSTNAME=${TAILSCALE_DERP_HOSTNAME}
         - TAILSCALE_DERP_VERIFY_CLIENTS=${TAILSCALE_DERP_VERIFY_CLIENTS}
         - TAILSCALE_DERP_CERTMODE=${TAILSCALE_DERP_CERTMODE}
         - TAILSCALE_AUTH_KEY=${TAILSCALE_AUTH_KEY}
         - DERP_HTTP_PORT=-1
         - TAILSCALE_LOGIN_SERVER=${TAILSCALE_LOGIN_SERVER}
       ports:
         - 36666:443/tcp
         - 36667:3478/udp
         #Uncomment only if you aren't running tailscaled on the host system otherwise it will error
         #- 41641:41641/udp
       restart: unless-stopped
       devices:
         - /dev/net/tun:/dev/net/tun

[root@VM-20-12-centos Tailscale-DERP-Docker]# 

Dockerfile（禁用内置Tailscaled，在宿主机上手动安装Tailscale）

[root@VM-20-12-centos Tailscale-DERP-Docker]# cat Dockerfile 
FROM alpine:latest AS builder

# 使用清华大学的 Alpine Linux 镜像源
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories

LABEL org.opencontainers.image.source https://github.com/n0ptr/Tailscale-DERP-Docker

# 安装 Go 并设置 Go 模块代理
# 显式使用 edge 社区仓库，通常包含最新版本
RUN apk add --no-cache go --repository=https://mirrors.tuna.tsinghua.edu.cn/alpine/edge/community
ENV GOPROXY=https://mirrors.aliyun.com/goproxy/
# 使用 go install 安装 derper
RUN go install tailscale.com/cmd/derper@main

FROM alpine:latest

# 使用清华大学的 Alpine Linux 镜像源
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories

# 安装 Tailscale 所需的软件包
#RUN apk add --no-cache curl iptables

# 安装 Tailscale 和 Tailscaled
#RUN apk add --no-cache tailscale --repository=https://mirrors.tuna.tsinghua.edu.cn/alpine/edge/community

RUN mkdir -p /root/go/bin
COPY --from=builder /root/go/bin/derper /root/go/bin/derper

# 复制初始化脚本
COPY init.sh /init.sh
RUN chmod +x /init.sh

# Derper Web 端口
EXPOSE 80
EXPOSE 443/tcp
# STUN 端口
EXPOSE 3478/udp

ENTRYPOINT /init.sh
[root@VM-20-12-centos Tailscale-DERP-Docker]# 

然后安装Tailscale

安装后

tailscale up --login-server {headscale_address}
docker compose up -d

大功告成！