Nexmoe

Nexmoe

一个开发者。关于勇敢与热爱,互联网/创造/赛博朋克
twitter
github
HomeArchivesAbout

Caddy, Docker Simple Self-Hosted Tailscale DERP

1202
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Tailscale is a service that offers end-to-end encrypted and secure connections. The free account now supports connecting up to 100 devices, which is more than enough for personal users. The author uses Tailscale to connect their internal network devices and enjoys using Remote SSH for remote development. However, Tailscale experiences latency and connection issues in the network environment of mainland China. The author solves this problem by self-hosting a DERP server using Caddy as a reverse proxy. They provide the Docker and Caddy configurations needed for setting up DERP. Additionally, they explain how to configure Tailscale's Access Controls to connect to the self-hosted DERP server. The author concludes by providing references for further information on DERP and Tailscale.

As a service with end-to-end encryption and the ability to establish peer-to-peer connections, Tailscale now supports connecting up to 100 devices with its free account, which is more than enough for individual users. Almost all of my local network devices are connected using Tailscale. In a recent article titled "Managing Servers with VS Code, I Have a Unique Server Management Method" (https://zhuanlan.zhihu.com/p/659427990), I expressed my love for using Remote SSH and frequently use Tailscale to establish an internal network for remote development using Remote SSH.

However, Tailscale faces an issue in the network environment in mainland China, where there are often high latency or connection issues. Fortunately, the official solution allows users to self-host DERP servers to act as relays and solve this problem. No longer do you have to worry about your code being interrupted halfway through, and the excellent network experience also improves the Port Forward experience in VS Code, making remote preview development more convenient.

Since I already have a low-spec cloud server, I previously used Caddy as a reverse proxy server to run my Alist project. So this time, I also considered using Caddy as a reverse proxy on the same server to deploy the DERP project.

The main reason for choosing Caddy is that compared to Nginx, it has a simple configuration that can meet most requirements, and it also has a good experience with automatic SSL management, which saves a lot of trouble.

Without further ado, let's start the configuration directly.

Configure Docker#

// docker-compose.yml
version: '3'
services:
  derper:
    image: fredliang/derper
    restart: always
    ports:
      - 3478:3478/udp
      - 23333:443
    environment:
      - DERP_DOMAIN=derp.example.com

Then start it.

sudo docker compose up

Configure Caddy#

// Caddyfile
derp.example.com {
    reverse_proxy localhost:23333
}

Reload Caddy's configuration

sudo docker compose exec -w /etc/caddy caddy caddy reload

Don't forget to point your domain name to your Caddy server.

Configure Tailscale#

Configure in Access Controls

Direct link: https://login.tailscale.com/admin/acls/file

{
  // ... other ACL configurations
  "derpMap": {
    "OmitDefaultRegions": true, // Whether to only connect to self-hosted derper nodes
    "Regions": {
      "900": {
        "RegionID": 900,
        "RegionCode": "myderp",
        "Nodes": [
          {
            "Name": "1",
            "RegionID": 900,
            "HostName": "derp.example.com", // Domain name
            "STUNPort": 3478,
            "DERPPort": 443,
          }
        ]
      }
    }
  }
}

That's it.

References#

  1. GitHub - fredliang44/derper-docker: tailscale's self-hosted derp-server docker image
  2. Custom DERP Servers
  3. How NAT traversal works
  4. Tailscale Basic Tutorial: Deploying Private DERP Relay Servers
  5. Exploring Tailscale DERP Relay Service
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.