共计 1585 个字符,预计需要花费 4 分钟才能阅读完成。
步骤1:安装必要工具
- 安装依赖:
apt update && apt install -y wget git openssl curl
- 下载并安装Go(访问Go Programming Language查看最新版本):
wget https://go.dev/dl/go1.22.4.linux-amd64.tar.gz
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.22.4.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
echo "export PATH=$PATH:/usr/local/go/bin" >> /etc/profile
source /etc/profile
go version
步骤3:下载Tailscale Derper
- 配置Go环境以使用中国国内的镜像:
go env -w GO111MODULE=on
go env -w GOPROXY=https://goproxy.cn,direct
- 克隆 tailscale derper:
git clone https://github.com/tailscale/tailscale.git
步骤4:编译与配置DERP服务
- 打开
cert.go
文件,删除校验证书代码
- 编译derper:
go build -o /etc/derp/derper ./cmd/derper
- 自签域名:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/derp/derp.myself.com.key -out /etc/derp/derp.myself.com.crt -subj "/CN=derp.myself.com" -addext "subjectAltName=DNS:derp.myself.com"
- 配置DERP服务:
cat > /etc/systemd/system/derp.service <<EOF
[Unit]
Description=TS Derper
After=network.target
Wants=network.target
[Service]
User=root
Restart=always
ExecStart=/etc/derp/derper -hostname derp.myself.com -a :33445 -http-port 33446 -certmode manual -certdir /etc/derp
RestartPreventExitStatus=1
[Install]
WantedBy=multi-user.target
EOF
步骤5:启动与验证
- 重新加载并启动DERP服务:
systemctl daemon-reload
systemctl restart derp
systemctl enable derp
- 检查DERP服务器状态,访问云服务器的IP地址和配置的端口号。
步骤6:ACL配置
- 在Tailscale网页端添加ACL配置,确保正确设置了Regions和Nodes。
"derpMap": {
"OmitDefaultRegions": true,
"Regions": {
"901": {
"RegionID": 901,
"RegionCode": "Myself",
"RegionName": "Myself Derper",
"Nodes": [
{
"Name": "901a",
"RegionID": 901,
"DERPPort": 33445,
"IPv4": "服务器IP",
"InsecureForTests": true,
},
],
},
},
},
检查状态
tailscale netcheck
查看derp
日志
journalctl -xefu derp
参考
正文完