Docker安装
# 下载并执行Docker官方安装脚本
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# 启动Docker服务
sudo systemctl start docker
sudo systemctl enable docker
DERP Server
只用ip无域名docker镜像
docker pull yangchuansheng/ip_derper:latest
运行
docker run -d -p 3478:3478 -p 3478:3478/udp -p 端口:443 --name derper --restart=always ghcr.io/yangchuansheng/ip_derper
浏览器访问https://ip:端口/ 出现下面内容则成功
DERP
This is a Tailscale DERP server.
It provides STUN, interactive connectivity establishment, and relaying of end-to-end encrypted traffic for Tailscale clients.
Documentation:
About DERP
Protocol & Go docs
How to run a DERP server
配置acl
根据官方derp清单可以知道不同ID对应的derp区域,然后通过配置文件覆盖,优选延迟低的区域,这里直接把其他区域屏蔽,只走自建节点。
打开地址进行配置,以下内容追加到配置文件中的ssh后面既可。xx可以自己编名字
"randomizeClientPort": true,
"derpMap": {
"OmitDefaultRegions": false,
"Regions": {
"901": {
"RegionID": 901,
"RegionCode": "xx",
"RegionName": "xx",
"Nodes": [
{
"Name": "901",
"RegionID": 901,
"HostName": "你的ip",
"DERPPort": 端口,
"IPv4": "你的ip",
"InsecureForTests": true,
"STUNPort": 3478,
},
],
},
"1": null,
"2": null,
"3": null,
"4": null,
"5": null,
"6": null,
"7": null,
"8": null,
"9": null,
"10": null,
"11": null,
"12": null,
"13": null,
"14": null,
"15": null,
"16": null,
"17": null,
"18": null,
"19": null,
"20": null,
"21": null,
"22": null,
"23": null,
"24": null,
"25": null,
"26": null,
"27": null,
"28": null,
},
},
更换了derp节点需要客户端重启tailscale才能生效
测试
tailscale netcheck
tailscale ping 目标ip