installation for a noob about headscale-ui HOT 4 CLOSED

Not really clear what the key-problem is. Any logs?

Reading your question…this is not a real beginners-product, so start slow. Bit by bit, part for part.
what can you get to work, what not.
Document and log to the detail, so you can give / we can get insight.

This stack (and Traefik) is a great product, but not for everyone - you’ll need a thorough understanding of networking, containers etc.
If you are fine with that, and willing to learn, you’ll get there!

from headscale-ui.

I am absolutely willing to learn and build my knowledge base as a non-IT certified/qualified person . I have been on my homelab journey for around 6 months and teaching myself and learning as I go.

I do have a separate bare metal pfsense firewall at the front of my network and on this I have set up and been using HA proxy for my services, so have not tried using Traefik before and have zero experience with it.
For testing this stack, I have created a new virtual machine on my Proxmox installation and installed docker, docker-compose, and portainer.

Here is my docker-compose:
version: '3.9'
services:
headscale:
image: headscale/headscale:latest
pull_policy: always
container_name: headscale
restart: unless-stopped
command: headscale serve
volumes:
- /mnt/samsungssd/docker/headscale-traefik/config:/etc/headscale
- /mnt/samsungssd/docker/headscale-traefik/data:/var/lib/headscale
labels:
- traefik.enable=true
- traefik.http.routers.headscale-rtr.rule=PathPrefix(/) # you might want to add: && Host(your.domain.name)"
- traefik.http.services.headscale-svc.loadbalancer.server.port=8080

headscale-ui:
image: ghcr.io/gurucomputing/headscale-ui:latest
pull_policy: always
container_name: headscale-ui
restart: unless-stopped
labels:
- traefik.enable=true
- traefik.http.routers.headscale-ui-rtr.rule=PathPrefix(/web) # you might want to add: && Host(your.domain.name)"
- traefik.http.services.headscale-ui-svc.loadbalancer.server.port=80

traefik:
image: traefik:latest
pull_policy: always
restart: unless-stopped
container_name: traefik
command:
- --api.insecure=true # remove in production
- --providers.docker
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --global.sendAnonymousUsage=false
ports:
- 80:80
- 443:443
- 8080:8080 # web UI (enabled with api.insecure)
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/certificates:/certificates

Here is my config.yaml for headscale;
config.yaml.txt

Here are the requested logs;
_traefik_logs.txt
_headscale_logs.txt
_headscale-ui_logs.txt

All 3 services are up and running and I can access the headscale UI if I browse to http://localhost/web, however when I try to enter the API Key I keep getting a "TypeError:Failed to Fetch. API test did not succeed.Headscale might be down or API settings may need to be set. change server settings in the settings page"

For the Headscale URL I have entered https://hs.xxx.xxx:443 but no success with getting this working.

Best

from headscale-ui.

Can't help you with traefik sorry, never used it. I typically recommend caddy for simple reverse proxying.

I did write a guide for headscale here, but honestly I wouldn't start with headscale if you're struggling. I'd start with wireguard, learn how wireguard works, then move to more complex VPN solutions (or just stick with wireguard).

from headscale-ui.

I was just having this issue too with Traefik 2. I was able to resolve the issue by adding :443 to the server url in the config.yml for headscale (example below). Then in headscale ui settings making sure the same url is being used as you've already stated you have entered (http://headscale.yoururl.com:443). Hope this helps

ex.
server_url: http://headscale.yoururl.com:443

from headscale-ui.