headscale/0.23.0/setup/install/container/index.html

40 lines
44 KiB
HTML
Raw Normal View History

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="An open source, self-hosted implementation of the Tailscale control server."><meta name=author content="Headscale authors"><link href=https://juanfont.github.io/headscale/0.23.0/setup/install/container/ rel=canonical><link href=../community/ rel=prev><link href=../cloud/ rel=next><link rel=icon href=../../../assets/favicon.png><meta name=generator content="mkdocs-1.6.1, mkdocs-material-9.5.47"><title>Container - Headscale</title><link rel=stylesheet href=../../../assets/stylesheets/main.6f8fc17f.min.css><link rel=stylesheet href=../../../assets/stylesheets/palette.06af60db.min.css><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"><style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style><script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script><meta property=og:type content=website><meta property=og:title content="Container - Headscale"><meta property=og:description content="An open source, self-hosted implementation of the Tailscale control server."><meta property=og:image content=https://juanfont.github.io/headscale/0.23.0/assets/images/social/setup/install/container.png><meta property=og:image:type content=image/png><meta property=og:image:width content=1200><meta property=og:image:height content=630><meta content=https://juanfont.github.io/headscale/0.23.0/setup/install/container/ property=og:url><meta name=twitter:card content=summary_large_image><meta name=twitter:title content="Container - Headscale"><meta name=twitter:description content="An open source, self-hosted implementation of the Tailscale control server."><meta name=twitter:image content=https://juanfont.github.io/headscale/0.23.0/assets/images/social/setup/install/container.png></head> <body dir=ltr data-md-color-scheme=default data-md-color-primary=white data-md-color-accent=indigo> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#running-headscale-in-a-container class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <div data-md-color-scheme=default data-md-component=outdated hidden> </div> <header class=md-header data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=../../.. title=Headscale class="md-header__button md-logo" aria-label=Headscale data-md-component=logo> <img src=../../../logo/headscale3-dots.svg alt=logo> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> Headscale </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> Container </span> </div> </div> </div> <form class=md-header__option data-md-component=palette> <input class=md-option data-md-color-media data-md-color-scheme=default data-md-color-primary=white data-md-color-accent=indigo aria-label="Switch to dark mode" type=radio name=__palette id=__palette_0> <label class="md-header__button md-icon" title="Switch to dark mode" for=__palette_1 hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-
</span><span id=__span-0-2><a id=__codelineno-0-2 name=__codelineno-0-2 href=#__codelineno-0-2></a><span class=nb>cd</span><span class=w> </span>./headscale
</span></code></pre></div> </li> <li> <p>Download the example configuration for your chosen version and save it as: <code>/etc/headscale/config.yaml</code>. Adjust the configuration to suit your local environment. See <a href=../../../ref/configuration/ >Configuration</a> for details.</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-1-1><a id=__codelineno-1-1 name=__codelineno-1-1 href=#__codelineno-1-1></a>sudo<span class=w> </span>mkdir<span class=w> </span>-p<span class=w> </span>/etc/headscale
</span><span id=__span-1-2><a id=__codelineno-1-2 name=__codelineno-1-2 href=#__codelineno-1-2></a>sudo<span class=w> </span>nano<span class=w> </span>/etc/headscale/config.yaml
</span></code></pre></div> <p>Alternatively, you can mount <code>/var/lib</code> and <code>/var/run</code> from your host system by adding <code>--volume $(pwd)/lib:/var/lib/headscale</code> and <code>--volume $(pwd)/run:/var/run/headscale</code> in the next step.</p> </li> <li> <p>Start the headscale server while working in the host headscale directory:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-2-1><a id=__codelineno-2-1 name=__codelineno-2-1 href=#__codelineno-2-1></a>docker<span class=w> </span>run<span class=w> </span><span class=se>\</span>
</span><span id=__span-2-2><a id=__codelineno-2-2 name=__codelineno-2-2 href=#__codelineno-2-2></a><span class=w> </span>--name<span class=w> </span>headscale<span class=w> </span><span class=se>\</span>
</span><span id=__span-2-3><a id=__codelineno-2-3 name=__codelineno-2-3 href=#__codelineno-2-3></a><span class=w> </span>--detach<span class=w> </span><span class=se>\</span>
</span><span id=__span-2-4><a id=__codelineno-2-4 name=__codelineno-2-4 href=#__codelineno-2-4></a><span class=w> </span>--volume<span class=w> </span><span class=k>$(</span><span class=nb>pwd</span><span class=k>)</span>/config:/etc/headscale/<span class=w> </span><span class=se>\</span>
</span><span id=__span-2-5><a id=__codelineno-2-5 name=__codelineno-2-5 href=#__codelineno-2-5></a><span class=w> </span>--publish<span class=w> </span><span class=m>127</span>.0.0.1:8080:8080<span class=w> </span><span class=se>\</span>
</span><span id=__span-2-6><a id=__codelineno-2-6 name=__codelineno-2-6 href=#__codelineno-2-6></a><span class=w> </span>--publish<span class=w> </span><span class=m>127</span>.0.0.1:9090:9090<span class=w> </span><span class=se>\</span>
</span><span id=__span-2-7><a id=__codelineno-2-7 name=__codelineno-2-7 href=#__codelineno-2-7></a><span class=w> </span>headscale/headscale:&lt;VERSION&gt;<span class=w> </span><span class=se>\</span>
</span><span id=__span-2-8><a id=__codelineno-2-8 name=__codelineno-2-8 href=#__codelineno-2-8></a><span class=w> </span>serve
</span></code></pre></div> <p>Note: use <code>0.0.0.0:8080:8080</code> instead of <code>127.0.0.1:8080:8080</code> if you want to expose the container externally.</p> <p>This command will mount <code>config/</code> under <code>/etc/headscale</code>, forward port 8080 out of the container so the headscale instance becomes available and then detach so headscale runs in the background.</p> <p>Example <code>docker-compose.yaml</code></p> <div class="language-yaml highlight"><pre><span></span><code><span id=__span-3-1><a id=__codelineno-3-1 name=__codelineno-3-1 href=#__codelineno-3-1></a><span class=nt>version</span><span class=p>:</span><span class=w> </span><span class=s>&quot;3.7&quot;</span>
</span><span id=__span-3-2><a id=__codelineno-3-2 name=__codelineno-3-2 href=#__codelineno-3-2></a>
</span><span id=__span-3-3><a id=__codelineno-3-3 name=__codelineno-3-3 href=#__codelineno-3-3></a><span class=nt>services</span><span class=p>:</span>
</span><span id=__span-3-4><a id=__codelineno-3-4 name=__codelineno-3-4 href=#__codelineno-3-4></a><span class=w> </span><span class=nt>headscale</span><span class=p>:</span>
</span><span id=__span-3-5><a id=__codelineno-3-5 name=__codelineno-3-5 href=#__codelineno-3-5></a><span class=w> </span><span class=nt>image</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">headscale/headscale:&lt;VERSION&gt;</span>
</span><span id=__span-3-6><a id=__codelineno-3-6 name=__codelineno-3-6 href=#__codelineno-3-6></a><span class=w> </span><span class=nt>restart</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">unless-stopped</span>
</span><span id=__span-3-7><a id=__codelineno-3-7 name=__codelineno-3-7 href=#__codelineno-3-7></a><span class=w> </span><span class=nt>container_name</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">headscale</span>
</span><span id=__span-3-8><a id=__codelineno-3-8 name=__codelineno-3-8 href=#__codelineno-3-8></a><span class=w> </span><span class=nt>ports</span><span class=p>:</span>
</span><span id=__span-3-9><a id=__codelineno-3-9 name=__codelineno-3-9 href=#__codelineno-3-9></a><span class=w> </span><span class="p p-Indicator">-</span><span class=w> </span><span class=s>&quot;127.0.0.1:8080:8080&quot;</span>
</span><span id=__span-3-10><a id=__codelineno-3-10 name=__codelineno-3-10 href=#__codelineno-3-10></a><span class=w> </span><span class="p p-Indicator">-</span><span class=w> </span><span class=s>&quot;127.0.0.1:9090:9090&quot;</span>
</span><span id=__span-3-11><a id=__codelineno-3-11 name=__codelineno-3-11 href=#__codelineno-3-11></a><span class=w> </span><span class=nt>volumes</span><span class=p>:</span>
</span><span id=__span-3-12><a id=__codelineno-3-12 name=__codelineno-3-12 href=#__codelineno-3-12></a><span class=w> </span><span class=c1># Please change &lt;CONFIG_PATH&gt; to the fullpath of the config folder just created</span>
</span><span id=__span-3-13><a id=__codelineno-3-13 name=__codelineno-3-13 href=#__codelineno-3-13></a><span class=w> </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">&lt;CONFIG_PATH&gt;:/etc/headscale</span>
</span><span id=__span-3-14><a id=__codelineno-3-14 name=__codelineno-3-14 href=#__codelineno-3-14></a><span class=w> </span><span class=nt>command</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">serve</span>
</span></code></pre></div> </li> <li> <p>Verify headscale is running:</p> <p>Follow the container logs:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-4-1><a id=__codelineno-4-1 name=__codelineno-4-1 href=#__codelineno-4-1></a>docker<span class=w> </span>logs<span class=w> </span>--follow<span class=w> </span>headscale
</span></code></pre></div> <p>Verify running containers:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-5-1><a id=__codelineno-5-1 name=__codelineno-5-1 href=#__codelineno-5-1></a>docker<span class=w> </span>ps
</span></code></pre></div> <p>Verify headscale is available:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-6-1><a id=__codelineno-6-1 name=__codelineno-6-1 href=#__codelineno-6-1></a>curl<span class=w> </span>http://127.0.0.1:9090/metrics
</span></code></pre></div> </li> <li> <p>Create a user (<a href=https://tailscale.com/kb/1136/tailnet/ >tailnet</a>):</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-7-1><a id=__codelineno-7-1 name=__codelineno-7-1 href=#__codelineno-7-1></a>docker<span class=w> </span><span class=nb>exec</span><span class=w> </span>-it<span class=w> </span>headscale<span class=w> </span><span class=se>\</span>
</span><span id=__span-7-2><a id=__codelineno-7-2 name=__codelineno-7-2 href=#__codelineno-7-2></a><span class=w> </span>headscale<span class=w> </span>users<span class=w> </span>create<span class=w> </span>myfirstuser
</span></code></pre></div> </li> </ol> <h3 id=register-a-machine-normal-login>Register a machine (normal login)<a class=headerlink href=#register-a-machine-normal-login title="Permanent link">&para;</a></h3> <p>On a client machine, execute the <code>tailscale</code> login command:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-8-1><a id=__codelineno-8-1 name=__codelineno-8-1 href=#__codelineno-8-1></a>tailscale<span class=w> </span>up<span class=w> </span>--login-server<span class=w> </span>YOUR_HEADSCALE_URL
</span></code></pre></div> <p>To register a machine when running headscale in a container, take the headscale command and pass it to the container:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-9-1><a id=__codelineno-9-1 name=__codelineno-9-1 href=#__codelineno-9-1></a>docker<span class=w> </span><span class=nb>exec</span><span class=w> </span>-it<span class=w> </span>headscale<span class=w> </span><span class=se>\</span>
</span><span id=__span-9-2><a id=__codelineno-9-2 name=__codelineno-9-2 href=#__codelineno-9-2></a><span class=w> </span>headscale<span class=w> </span>nodes<span class=w> </span>register<span class=w> </span>--user<span class=w> </span>myfirstuser<span class=w> </span>--key<span class=w> </span>&lt;YOUR_MACHINE_KEY&gt;
</span></code></pre></div> <h3 id=register-machine-using-a-pre-authenticated-key>Register machine using a pre authenticated key<a class=headerlink href=#register-machine-using-a-pre-authenticated-key title="Permanent link">&para;</a></h3> <p>Generate a key using the command line:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-10-1><a id=__codelineno-10-1 name=__codelineno-10-1 href=#__codelineno-10-1></a>docker<span class=w> </span><span class=nb>exec</span><span class=w> </span>-it<span class=w> </span>headscale<span class=w> </span><span class=se>\</span>
</span><span id=__span-10-2><a id=__codelineno-10-2 name=__codelineno-10-2 href=#__codelineno-10-2></a><span class=w> </span>headscale<span class=w> </span>preauthkeys<span class=w> </span>create<span class=w> </span>--user<span class=w> </span>myfirstuser<span class=w> </span>--reusable<span class=w> </span>--expiration<span class=w> </span>24h
</span></code></pre></div> <p>This will return a pre-authenticated key that can be used to connect a node to headscale during the <code>tailscale</code> command:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-11-1><a id=__codelineno-11-1 name=__codelineno-11-1 href=#__codelineno-11-1></a>tailscale<span class=w> </span>up<span class=w> </span>--login-server<span class=w> </span>&lt;YOUR_HEADSCALE_URL&gt;<span class=w> </span>--authkey<span class=w> </span>&lt;YOUR_AUTH_KEY&gt;
</span></code></pre></div> <h2 id=debugging-headscale-running-in-docker>Debugging headscale running in Docker<a class=headerlink href=#debugging-headscale-running-in-docker title="Permanent link">&para;</a></h2> <p>The <code>headscale/headscale</code> Docker container is based on a "distroless" image that does not contain a shell or any other debug tools. If you need to debug your application running in the Docker container, you can use the <code>-debug</code> variant, for example <code>headscale/headscale:x.x.x-debug</code>.</p> <h3 id=running-the-debug-docker-container>Running the debug Docker container<a class=headerlink href=#running-the-debug-docker-container title="Permanent link">&para;</a></h3> <p>To run the debug Docker container, use the exact same commands as above, but replace <code>headscale/headscale:x.x.x</code> with <code>headscale/headscale:x.x.x-debug</code> (<code>x.x.x</code> is the version of headscale). The two containers are compatible with each other, so you can alternate between them.</p> <h3 id=executing-commands-in-the-debug-container>Executing commands in the debug container<a class=headerlink href=#executing-commands-in-the-debug-container title="Permanent link">&para;</a></h3> <p>The default command in the debug container is to run <code>headscale</code>, which is located at <code>/ko-app/headscale</code> inside the container.</p> <p>Additionally, the debug container includes a minimalist Busybox shell.</p> <p>To launch a shell in the container, use:</p> <div class="language-text highlight"><pre><span></span><code><span id=__span-12-1><a id=__codelineno-12-1 name=__codelineno-12-1 href=#__codelineno-12-1></a>docker run -it headscale/headscale:x.x.x-debug sh
</span></code></pre></div> <p>You can also execute commands directly, such as <code>ls /ko-app</code> in this example:</p> <div class="language-text highlight"><pre><span></span><code><span id=__span-13-1><a id=__codelineno-13-1 name=__codelineno-13-1 href=#__codelineno-13-1></a>docker run headscale/headscale:x.x.x-debug ls /ko-app
</span></code></pre></div> <p>Using <code>docker exec -it</code> allows you to run commands in an existing container.</p> </article> </div> <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script> </div> <button type=button class="md-top md-icon" data-md-component=top hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg> Back to top </button> </main> <footer class=md-footer> <nav class="md-footer__inner md-grid" aria-label=Footer> <a href=../community/ class="md-footer__link md-footer__link--prev" aria-label="Previous: Community packages"> <div class="md-footer__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg> </div> <div class=md-footer__title> <span class=md-footer__direction> Previous </span> <div class=md-ellipsis> Community packages </div> </div> </a> <a href=../cloud/ class="md-footer__link md-footer__link--next" aria-label="Next: Cloud"> <div class=md-footer__title> <span class=md-footer__direction> Next </span> <div class=md-ellipsis> Cloud </div> </div> <div class="md-footer__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z"/></svg> </div> </a> </nav> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-copyright> <div class=md-copyright__highlight> Copyright &copy; 2024 Headscale authors </div> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> <div class=md-social> <a href=https://github.com/juanfont/headscale target=_blank rel=noopener title=github.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 496 512"><!-- Font Awesome Free 6.7.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg> </a> <a href=https://ko-fi.com/headscale target=_blank rel=noopener title=ko-fi.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M2 21h18v-2H2M20 8h-2V5h2m0-2H4v10a4 4 0 0 0 4 4h6a4 4 0 0 0 4-4v-3h2a2 2 0 0 0 2-2V5a2 2 0 0 0-2-2"/></svg> </a> <a href=https://github.com/juanfont/headscale/pkgs/container/headscale target=_blank rel=noopener title=github.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 640 512"><!-- Font Awesome Free 6.7.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/licens