* This would cause otherwise the command to abort after the first statement of the docker command ;)
		
			
				
	
	
	
		
			4.9 KiB
		
	
	
	
	
	
	
	
			
		
		
	
	Running headscale
Server configuration
- 
Download the headscale binary https://github.com/juanfont/headscale/releases, and place it somewhere in your $PATH or use the docker container docker pull headscale/headscale:x.x.x
- 
When running headscale in a docker container, prepare a directory to hold all configuration mkdir config
- 
Get yourself a DB a) Get a Postgres DB running in Docker: docker run --name headscale \ -e POSTGRES_DB=headscale \ -e POSTGRES_USER=foo \ -e POSTGRES_PASSWORD=bar \ -p 5432:5432 \ -d postgresor b) Prepare a SQLite DB file: touch config/db.sqlite
- 
Create a WireGuard private key, headscale configuration, and a DERP map file. Refer to tailscale sample for more guidance. wg genkey > config/private.key cp config.yaml.[sqlite|postgres].example config/config.yaml cp derp-example.yaml config/derp.yaml
- 
Create a namespace headscale namespaces create myfirstnamespaceor Docker: docker run \ -v $(pwd)/config:/etc/headscale/ \ -p 127.0.0.1:8080:8080 \ headscale/headscale:x.x.x \ headscale namespaces create myfirstnamespaceor if your server is already running in Docker: docker exec <container_name> \ headscale namespaces create myfirstnamespace
- 
Run the server headscale serveor Docker: docker run \ -v $(pwd)/config:/etc/headscale/ \ -p 127.0.0.1:8080:8080 \ headscale/headscale:x.x.x \ headscale serve
Nodes configuration
If you used tailscale.com before in your nodes, make sure you clear the tailscaled data folder
systemctl stop tailscaled
rm -fr /var/lib/tailscale
systemctl start tailscaled
Adding node based on MACHINEKEY
- 
Add your first machine tailscale up --login-server YOUR_HEADSCALE_URL
- 
Navigate to the URL returned by tailscale up, where you'll find your machine key.
- 
In the server, register your machine to a namespace with the CLI headscale -n myfirstnamespace nodes register -k YOURMACHINEKEYor Docker: docker run \ -v $(pwd)/config:/etc/headscale/ \ headscale/headscale:x.x.x \ headscale -n myfirstnamespace nodes register -k YOURMACHINEKEYor if your server is already running in Docker: docker exec <container_name> \ headscale -n myfirstnamespace nodes register -k YOURMACHINEKEY
Alternative: adding node with AUTHKEY
- 
Create an authkey headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24hor Docker: docker run \ -v $(pwd)/config:/etc/headscale/ \ headscale/headscale:x.x.x \ headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24hor if your server is already running in Docker: docker exec <container_name> \ headscale -n myfirstnamespace preauthkeys create --reusable --expiration 24h
- 
Use the authkey on your node to register it: tailscale up --login-server YOUR_HEADSCALE_URL --authkey YOURAUTHKEY
If you create an authkey with the --ephemeral flag, that key will create ephemeral nodes. This implies that --reusable is true.
Please bear in mind that all headscale commands support adding -o json or -o json-line to get nicely JSON-formatted output.
Debugging headscale running in Docker
The headscale/headscale Docker container is based on a "distroless" image that does not contain a shell or any other debug tools. If you need to debug your application running in the Docker container, you can use the -debug variant, for example headscale/headscale:x.x.x-debug.
Running the debug Docker container
To run the debug Docker container, use the exact same commands as above, but replace headscale/headscale:x.x.x with headscale/headscale:x.x.x-debug (x.x.x is the version of headscale). The two containers are compatible with each other, so you can alternate between them.
Executing commands in the debug container
The default command in the debug container is to run headscale, which is located at /bin/headscale inside the container.
Additionally, the debug container includes a minimalist Busybox shell.
To launch a shell in the container, use:
docker run -it headscale/headscale:x.x.x-debug sh
You can also execute commands directly, such as ls /bin in this example:
docker run headscale/headscale:x.x.x-debug ls /bin
Using docker exec allows you to run commands in an existing container.