fredliang44 / derper-docker Goto Github PK

View Code? Open in Web Editor NEW

245.0 5.0 65.0 28 KB

tailscale‘s selfhosted derp-server docker image

Home Page: https://tailscale.com/kb/1118/custom-derp-servers/

License: GNU General Public License v3.0

Dockerfile 100.00%

tailscale derp derper docker arm64 amd64

derper-docker's People

Contributors

Stargazers

Watchers

derper-docker's Issues

Reverse Proxy

I am trying to run a derper container behind a traefik proxy. I am not sure what I am doing wrong, but my config seems to work until I turn on verification.
Here is my service:

services:
  derp:
    image: fredliang/derper:latest
    container_name: tail-derp
    restart: unless-stopped
    environment:
      DERP_DOMAIN: derper.your-hostname.com
      DERP_ADDR: :80
      DERP_STUN: 'true'
      DERP_STUN_PORT: 3478
      DERP_HTTP_PORT: 443
      DERP_VERIFY_CLIENTS: 'true'
    networks:
      - web
    labels:
      traefik.enable: 'true'
      traefik.http.routers.derper.rule: Host(`derper.your-hostname.com`)
      traefik.http.routers.derper.tls.certresolver: myresolver
      traefik.http.routers.derper.entrypoints: websecure
      traefik.http.services.derper.loadbalancer.server.port: 80
      traefik.udp.routers.derper.entrypoints: stun
      traefik.udp.services.derper.loadbalancer.server.port: 3478

Derper is giving me constant errors like:

...
2023/05/28 01:09:27 derp client 172.19.0.19:50580/<id>: read EOF
2023/05/28 01:09:27 derp client 172.19.0.19:50580/<id>: removing connection
...

where 172.19.0.19 is the docker IP address of traefik, my reverse proxy. The service is available at https://derper.your-hostname.com and I also get the webpage, but it seems like I am missing something.

Sometimes I also do get errors like this:

...
2023/05/28 00:54:42 derp: 172.19.0.19:55912: client <id> rejected: client nodekey:<node key> not in set of peers
...

Provide docker-compose.yml in README.md

Please add docker compose sample in README.md

services:
    derper:
        environment:
            - DERP_DOMAIN=derper.yourdomain.com # change with your derper domain
        ports:
            - 80:80
            - 443:443
            - 3478:3478/udp
        image: fredliang/derper
        restart: unless-stopped

error name `DERP_HOSTNAME` in Readme

DERP_HOSTNAME in Readme is wrong, should use DERP_DOMAIN

Can't set DERP_STUN and DERP_VERIFY_CLIENTS to false

derper seems to parse boolean argument solely based on whether the corresponding command line flag exists or not, regardless of its value, so passing in --stun false or --verify-clients false has no effect. We might need to stop passing these flags to derper when DERP_STUN and DERP_VERIFY_CLIENTS are not set to true.

I can't think of a clean way to do this without introducing an entrypoint script. Any ideas?

启动之后绑定我自己的域名然后通过https://我的域名访问报错后台弹出如下错误

DERP_VERIFY_CLIENTS env option not working

According to the official documentation, if you want to use the DERP_VERIFY_CLIENTS Option on a custom derp server, you need to install a tailscale instance. Does this mean that the existing dockerfile cannot enable the DERP_VERIFY_CLIENTS Option? Because I don’t see the steps to install tailscale in the dockerfile.

official documentation : https://tailscale.com/kb/1118/custom-derp-servers#step-2-adding-derp-servers-to-your-tailnet

derp: 21.221.23.122:53654: client nodekey:09a***13d rejected: tailscaled version is too old (out of sync with derper binary)

dear:
Linux 5.16.17-sun50iw6 aarch64 GNU/Linux system, after upgrading the derper self built node installed in Docker to the latest version, cannot connect successfully. Using the "tailscale status" command displays: # Health check:

not connected to home DERP region 901
Use the 'tailscale netcheck' command to check if the display is normal:
Report:

UDP: true
IPv4: yes, 112.20.75.201:53735
IPv6: no, but OS has support
MappingVariesByDestIP:
PortMapping: UPnP
Nearest DERP: tong
DERP latency:
dtae: 1.3ms (tong)
The Derper log consistently shows that the tailscale version used is too old and rejected. Upgrading tailscale to the latest version 1.168.2 still remains the same:
2024/07/14 03:44:36 derp: 37.110.125.20:21391: client nodekey:88522 rejected: tailscaled version is too old (out of sync with derper binary)
2024/07/14 03:44:37 derp: 37.110.125.20:21394: client nodekey:b5b827 rejected: tailscaled version is too old (out of sync with derper binary)
2024/07/14 03:44:38 derp: 37.110.125.20:21396: client nodekey:fa9a65b rejected: tailscaled version is too old (out of sync with derper binary)
2024/07/14 03:44:38 derp: 21.221.23.122:53654: client nodekey: rejected: tailscaled version is too old (out of sync with derper binary)
May I ask what the reason is and how to solve it.
thank you.

orangepi3-lts 5.16.17-sun50iw6 tailscale/tailscale#3 SMP Tue Sep 6 18:22:49 CST 2022 aarch64 aarch64 aarch64 GNU/Linux，Client: Docker Engine - Community Version: 26.1.3 Context: default Debug Mode: false
Remove the upgrade and use the old version of Derper and Tailscale 1.68.1 to ensure normal operation.

地址失效了

Notes on latest tailscale (1.68.2)

Seems that the latest version of tailscale/derp relays on STUN for latency detection, so:

STUN must be enabled
network_mode should be set to "host"

I'm using Aliyun ECS (99/year) to run derp, and I've been struggling with this problem for several weeks :(

If more people run into the same issue, I believe these notes should be add to readme.

need to add variables for delaying the start of each

I need to add variables for delaying the start of each, preferably allowing the delay start time to be set manually. When DERP_VERIFY_CLIENTS=true, upon system reboot, the Docker container starts faster than the Tailscale client, causing errors in the container due to failure to load tailscaled.sock. Therefore, it is preferable to add variables for delaying the start of each to solve this issue.

fix DERP_CERT_DIR

derper-docker/Dockerfile

Line 15 in e546a8d

mkdir /app/cert

derper-docker/Dockerfile

Line 19 in e546a8d

ENV DERP_CERT_DIR /app/certs

Change ENV DERP_CERT_DIR /app/certs to ENV DERP_CERT_DIR /app/cert

Please update README with UDP port mapping

Hi there,

I noticed that the example in README reads:

docker run -e DERP_DOMAIN=derper.your-domain.com -p 80:80 -p 443:443 -p 3478:3478 fredliang/derper

But 3478 port in the docker instance is a UDP port. Please update it. Thanks.

Issue with `DERP_VERIFY_CLIENTS`

When I enable DERP_VERIFY_CLIENTS and mount the tailscale socket, the log spams:

2024/05/09 13:53:09 derp: 192.168.1.1:33204: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:11 derp: 182.239.114.237:18604: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:22 derp: 39.144.44.249:28107: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:31 derp: 39.144.44.249:28110: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:33 derp: 182.239.114.237:5269: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:33 derp: 39.144.44.249:28111: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:34 derp: 182.239.114.237:5270: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:35 derp: 192.168.1.1:37602: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:46 derp: 39.144.44.249:28120: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:48 derp: 192.168.1.1:58130: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:49 derp: 182.239.114.237:18606: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:56 derp: 192.168.1.1:58136: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:54:04 derp: 192.168.1.1:41912: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:54:12 derp: 192.168.1.1:54770: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused

Local tailscale is up and running

Command for starting the container:

 docker run -d -p 80:80 -p 443:443 -p 3478:3478/udp --name derper --restart=unless-stopped -v ./derper/certs:/app/certs -v /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock -e DERP_ADDR=":443" -e DERP_VERIFY_CLIENTS=true -e DERP_DOMAIN="derper.my-domain" fredliang/derper

容器无法启动

自己编辑掉，问题主要是docker版本不够高，18和20都跑不了，必须要20.10.23以上版本

Use latest derper package

tailscale/tailscale@210264f

Tailscale said that when we run derper with --verify-clients, the derper binary and tailscaled binary on the machine must be built from the same git revision, which means the same version.

derper-docker/Dockerfile

Line 5 in 5c2d88f

RUN go install tailscale.com/cmd/derper@main

Considering most of people use the latest version of tailscale, we may need to switch to tailscale.com/cmd/derper@latest.

fredliang44 / derper-docker Goto Github PK

derper-docker's People

Contributors

Stargazers

Watchers

Forkers

derper-docker's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs