Headscale是一款开源的Tailscale控制服务器软件,使用Headscale可以自行架设Tailscale服务。

VPS安装Headscale

下载地址https://github.com/juanfont/headscale/releases

wget https://github.com/juanfont/headscale/releases/download/v0.24.0/headscale_0.24.0_linux_amd64.deb
apt install headscale_0.24.0_linux_amd64.deb

安装完成后会有如下提示:

----------------------------------------------------------------------
 headscale package has been successfully installed.

 Please follow the next steps to start the software:

    sudo systemctl enable --now headscale
    sudo systemctl start headscale

 Configuration settings can be adjusted here:
    /etc/headscale/config.yaml

----------------------------------------------------------------------

注册启动Headscale服务

systemctl enable --now headscale
systemctl start headscale

配置Headscale

编辑配置文件vi /etc/headscale/config.yaml

将其中的127.0.0.1替换为自己的服务器IP,例如45.67.89.99

sed -i 's|127.0.0.1|45.67.89.99|g' /etc/headscale/config.yaml

建议将randomize_client_port: false改为randomize_client_port: true开启客户端随机端口。

修改完成后重启服务systemctl restart headscale.service

查看当前状态systemctl status headscale.service

使用Headscale

Headscale用户管理

创建用户,bbq为自定义用户名

headscale users create bbq

使用headscale users list查看已存在用户

➜  ~ headscale users list
ID | Name | Username | Email | Created
1  |      | bbq      |       | 2025-01-20 08:06:07

Tailscale客户端连接Headscale

使用tailscale up --login-server <YOUR_HEADSCALE_URL>来连接Headscale,如下实例:

tailscale up --login-server=http://45.67.89.99:8080

To authenticate, visit:

        http://45.67.89.99:8080/register/mkey:b2ede8a694938

用浏览器打开http://45.67.89.99:8080/register/mkey:b2ede8a694938会提示一串命令,将其中的用户名替换为headscale用户名,在服务端执行命令即可。

➜  ~ headscale nodes register --user bbq --key mkey:b2ede8a694938
Node e6 registered

以上提示节点名为e6的客户端已经注册连接,我们可以使用headscale nodes list命令来查看已经连接的客户端。

➜  ~ headscale nodes list
ID | Hostname | Name | MachineKey | NodeKey | User | IP addresses                  | Ephemeral | Last seen           | Expiration          | Connected | Expired
1  | e6       | e6   | [sdf23]    | [34sf] | bbq  | 100.64.0.2, fd7a:115c:a1e0::2 | false     | 2025-01-20 08:23:48 | 0001-01-01 00:00:00 | online    | no

以上连接方法需要服务器二次同意才能加入,也可以通过预设验证密钥(preauthkeys)来直接加入服务端,而不需要服务器授权操作。

通过headscale preauthkeys create来新建密钥

### 为用户bbq新建有效期为24小时的密钥

➜  ~ headscale preauthkeys create -e 24h --user bbq
2025-01-20T00:59:08-08:00 TRC expiration has been set expiration=86400000
4a20ce34c2fuckgfwe

查看已存在密钥

➜  ~ headscale --user bbq preauthkeys list
ID | Key                                              | Reusable | Ephemeral | Used  | Expiration          | Created             | Tags
1  | 4a20ce34c2fuckgfwe | false    | false     | false | 2025-01-21 08:59:08 | 2025-01-20 08:59:08 |

接下来就可以使用预设密钥来直接连接服务端。

$ tailscale up --login-server=http://45.67.89.99:8080 --authkey 4a20ce34c2fuckgfwe

https://headscale.net/stable/