fredliang44 / derper-docker Goto Github PK
View Code? Open in Web Editor NEWtailscale‘s selfhosted derp-server docker image
Home Page: https://tailscale.com/kb/1118/custom-derp-servers/
License: GNU General Public License v3.0
tailscale‘s selfhosted derp-server docker image
Home Page: https://tailscale.com/kb/1118/custom-derp-servers/
License: GNU General Public License v3.0
When I enable DERP_VERIFY_CLIENTS
and mount the tailscale socket, the log spams:
2024/05/09 13:53:09 derp: 192.168.1.1:33204: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:11 derp: 182.239.114.237:18604: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:22 derp: 39.144.44.249:28107: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:31 derp: 39.144.44.249:28110: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:33 derp: 182.239.114.237:5269: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:33 derp: 39.144.44.249:28111: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:34 derp: 182.239.114.237:5270: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:35 derp: 192.168.1.1:37602: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:46 derp: 39.144.44.249:28120: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:48 derp: 192.168.1.1:58130: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:49 derp: 182.239.114.237:18606: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:56 derp: 192.168.1.1:58136: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:54:04 derp: 192.168.1.1:41912: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:54:12 derp: 192.168.1.1:54770: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
Local tailscale is up and running
Command for starting the container:
docker run -d -p 80:80 -p 443:443 -p 3478:3478/udp --name derper --restart=unless-stopped -v ./derper/certs:/app/certs -v /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock -e DERP_ADDR=":443" -e DERP_VERIFY_CLIENTS=true -e DERP_DOMAIN="derper.my-domain" fredliang/derper
自己编辑掉,问题主要是docker版本不够高,18和20都跑不了,必须要20.10.23以上版本
DERP_HOSTNAME
in Readme is wrong, should use DERP_DOMAIN
I am trying to run a derper container behind a traefik proxy. I am not sure what I am doing wrong, but my config seems to work until I turn on verification.
Here is my service:
services:
derp:
image: fredliang/derper:latest
container_name: tail-derp
restart: unless-stopped
environment:
DERP_DOMAIN: derper.your-hostname.com
DERP_ADDR: :80
DERP_STUN: 'true'
DERP_STUN_PORT: 3478
DERP_HTTP_PORT: 443
DERP_VERIFY_CLIENTS: 'true'
networks:
- web
labels:
traefik.enable: 'true'
traefik.http.routers.derper.rule: Host(`derper.your-hostname.com`)
traefik.http.routers.derper.tls.certresolver: myresolver
traefik.http.routers.derper.entrypoints: websecure
traefik.http.services.derper.loadbalancer.server.port: 80
traefik.udp.routers.derper.entrypoints: stun
traefik.udp.services.derper.loadbalancer.server.port: 3478
Derper is giving me constant errors like:
...
2023/05/28 01:09:27 derp client 172.19.0.19:50580/<id>: read EOF
2023/05/28 01:09:27 derp client 172.19.0.19:50580/<id>: removing connection
...
where 172.19.0.19
is the docker IP address of traefik, my reverse proxy. The service is available at https://derper.your-hostname.com
and I also get the webpage, but it seems like I am missing something.
Sometimes I also do get errors like this:
...
2023/05/28 00:54:42 derp: 172.19.0.19:55912: client <id> rejected: client nodekey:<node key> not in set of peers
...
Seems that the latest version of tailscale/derp relays on STUN for latency detection, so:
I'm using Aliyun ECS (99/year) to run derp, and I've been struggling with this problem for several weeks :(
If more people run into the same issue, I believe these notes should be add to readme.
Please add docker compose sample in README.md
services:
derper:
environment:
- DERP_DOMAIN=derper.yourdomain.com # change with your derper domain
ports:
- 80:80
- 443:443
- 3478:3478/udp
image: fredliang/derper
restart: unless-stopped
Hi there,
I noticed that the example in README reads:
docker run -e DERP_DOMAIN=derper.your-domain.com -p 80:80 -p 443:443 -p 3478:3478 fredliang/derper
But 3478 port in the docker instance is a UDP port. Please update it. Thanks.
derper seems to parse boolean argument solely based on whether the corresponding command line flag exists or not, regardless of its value, so passing in --stun false
or --verify-clients false
has no effect. We might need to stop passing these flags to derper when DERP_STUN
and DERP_VERIFY_CLIENTS
are not set to true
.
I can't think of a clean way to do this without introducing an entrypoint script. Any ideas?
Tailscale said that when we run derper with --verify-clients
, the derper
binary and tailscaled
binary on the machine must be built from the same git revision, which means the same version.
Line 5 in 5c2d88f
Considering most of people use the latest version of tailscale, we may need to switch to tailscale.com/cmd/derper@latest
.
dear:
Linux 5.16.17-sun50iw6 aarch64 GNU/Linux system, after upgrading the derper self built node installed in Docker to the latest version, cannot connect successfully. Using the "tailscale status" command displays: # Health check:
UDP: true
IPv4: yes, 112.20.75.201:53735
IPv6: no, but OS has support
MappingVariesByDestIP:
PortMapping: UPnP
Nearest DERP: tong
DERP latency:
dtae: 1.3ms (tong)
The Derper log consistently shows that the tailscale version used is too old and rejected. Upgrading tailscale to the latest version 1.168.2 still remains the same:
2024/07/14 03:44:36 derp: 37.110.125.20:21391: client nodekey:88522 rejected: tailscaled version is too old (out of sync with derper binary)
2024/07/14 03:44:37 derp: 37.110.125.20:21394: client nodekey:b5b827 rejected: tailscaled version is too old (out of sync with derper binary)
2024/07/14 03:44:38 derp: 37.110.125.20:21396: client nodekey:fa9a65b rejected: tailscaled version is too old (out of sync with derper binary)
2024/07/14 03:44:38 derp: 21.221.23.122:53654: client nodekey: rejected: tailscaled version is too old (out of sync with derper binary)
May I ask what the reason is and how to solve it.
thank you.
orangepi3-lts 5.16.17-sun50iw6 tailscale/tailscale#3 SMP Tue Sep 6 18:22:49 CST 2022 aarch64 aarch64 aarch64 GNU/Linux,Client: Docker Engine - Community Version: 26.1.3 Context: default Debug Mode: false
Remove the upgrade and use the old version of Derper and Tailscale 1.68.1 to ensure normal operation.
According to the official documentation, if you want to use the DERP_VERIFY_CLIENTS Option on a custom derp server, you need to install a tailscale instance. Does this mean that the existing dockerfile cannot enable the DERP_VERIFY_CLIENTS Option? Because I don’t see the steps to install tailscale in the dockerfile.
official documentation : https://tailscale.com/kb/1118/custom-derp-servers#step-2-adding-derp-servers-to-your-tailnet
I need to add variables for delaying the start of each, preferably allowing the delay start time to be set manually. When DERP_VERIFY_CLIENTS=true, upon system reboot, the Docker container starts faster than the Tailscale client, causing errors in the container due to failure to load tailscaled.sock. Therefore, it is preferable to add variables for delaying the start of each to solve this issue.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.