From 5f1a9d0d6b76ef0542830e822291c194a5d67b7e Mon Sep 17 00:00:00 2001 From: okxlin Date: Wed, 13 Dec 2023 23:06:03 +0800 Subject: [PATCH] =?UTF-8?q?feat:=E6=B7=BB=E5=8A=A0headscale-derp=E5=88=B0?= =?UTF-8?q?=E5=88=97=E8=A1=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/headscale-derp/README.md | 28 +++++++++++++++ apps/headscale-derp/data.yml | 20 +++++++++++ apps/headscale-derp/latest/.env.sample | 5 +++ apps/headscale-derp/latest/data.yml | 32 ++++++++++++++++++ .../latest/data/derper.your-domain.com.crt | 30 ++++++++++++++++ .../latest/data/derper.your-domain.com.key | 5 +++ apps/headscale-derp/latest/docker-compose.yml | 28 +++++++++++++++ apps/headscale-derp/logo.png | Bin 0 -> 3185 bytes 8 files changed, 148 insertions(+) create mode 100644 apps/headscale-derp/README.md create mode 100644 apps/headscale-derp/data.yml create mode 100644 apps/headscale-derp/latest/.env.sample create mode 100644 apps/headscale-derp/latest/data.yml create mode 100644 apps/headscale-derp/latest/data/derper.your-domain.com.crt create mode 100644 apps/headscale-derp/latest/data/derper.your-domain.com.key create mode 100644 apps/headscale-derp/latest/docker-compose.yml create mode 100644 apps/headscale-derp/logo.png diff --git a/apps/headscale-derp/README.md b/apps/headscale-derp/README.md new file mode 100644 index 00000000..b29afd2b --- /dev/null +++ b/apps/headscale-derp/README.md @@ -0,0 +1,28 @@ +# Derper + +[![docker workflow](https://github.com/fredliang44/derper-docker/actions/workflows/docker-image.yml/badge.svg)](https://hub.docker.com/r/fredliang/derper) +[![docker pulls](https://img.shields.io/docker/pulls/fredliang/derper.svg?color=brightgreen)](https://hub.docker.com/r/fredliang/derper) +[![platfrom](https://img.shields.io/badge/platform-amd64%20%7C%20arm64-brightgreen)](https://hub.docker.com/r/fredliang/derper/tags) + +# Setup + +> required: set env `DERP_DOMAIN` to your domain + +```bash +docker run -e DERP_DOMAIN=derper.your-domain.com -p 80:80 -p 443:443 -p 3478:3478/udp fredliang/derper +``` + +| env | required | description | default value | +| ------------------- | -------- | ---------------------------------------------------------------------- | ----------------- | +| DERP_DOMAIN | true | derper server hostname | your-hostname.com | +| DERP_CERT_DIR | false | directory to store LetsEncrypt certs(if addr's port is :443) | /app/certs | +| DERP_CERT_MODE | false | mode for getting a cert. possible options: manual, letsencrypt | letsencrypt | +| DERP_ADDR | false | listening server address | :443 | +| DERP_STUN | false | also run a STUN server | true | +| DERP_STUN_PORT | false | The UDP port on which to serve STUN. | 3478 | +| DERP_HTTP_PORT | false | The port on which to serve HTTP. Set to -1 to disable | 80 | +| DERP_VERIFY_CLIENTS | false | verify clients to this DERP server through a local tailscaled instance | false | + +# Usage + +Fully DERP setup offical documentation: https://tailscale.com/kb/1118/custom-derp-servers/ \ No newline at end of file diff --git a/apps/headscale-derp/data.yml b/apps/headscale-derp/data.yml new file mode 100644 index 00000000..37bab264 --- /dev/null +++ b/apps/headscale-derp/data.yml @@ -0,0 +1,20 @@ +name: Headscale-DERP +tags: + - 工具 +title: Headscale 的中继服务 +type: 工具 +description: Headscale 的中继服务 +additionalProperties: + key: headscale-derp + name: Headscale-DERP + tags: + - Tool + shortDescZh: Headscale 的中继服务 + shortDescEn: Headscale relay service + type: tool + crossVersionUpdate: true + limit: 0 + recommend: 0 + website: https://hub.docker.com/r/fredliang/derper + github: https://github.com/fredliang44/derper-docker + document: https://headscale.net diff --git a/apps/headscale-derp/latest/.env.sample b/apps/headscale-derp/latest/.env.sample new file mode 100644 index 00000000..fd637df8 --- /dev/null +++ b/apps/headscale-derp/latest/.env.sample @@ -0,0 +1,5 @@ +CONTAINER_NAME="headscale-derp" +PANEL_APP_PORT_HTTPS="40184" +PANEL_APP_PORT_STUN="3478" +DATA_PATH="./data" +DERP_DOMAIN="derper.your-domain.com" diff --git a/apps/headscale-derp/latest/data.yml b/apps/headscale-derp/latest/data.yml new file mode 100644 index 00000000..95a31a63 --- /dev/null +++ b/apps/headscale-derp/latest/data.yml @@ -0,0 +1,32 @@ +additionalProperties: + formFields: + - default: 40184 + edit: true + envKey: PANEL_APP_PORT_HTTPS + labelEn: Port + labelZh: 端口 + required: true + rule: paramPort + type: number + - default: 3478 + edit: true + envKey: PANEL_APP_PORT_STUN + labelEn: STUN Service Port + labelZh: STUN 服务端口 + required: true + rule: paramPort + type: number + - default: ./data + edit: true + envKey: DATA_PATH + labelEn: Data folder path (Domain certificate needs to be replaced, certificate file name is the same as the server hostname) + labelZh: 数据文件夹路径 (需要替换域名证书,证书文件名与服务器主机名相同) + required: true + type: text + - default: 'derper.your-domain.com' + edit: true + envKey: DERP_DOMAIN + labelEn: Derper server hostname + labelZh: Derper服务器主机名 + required: true + type: text diff --git a/apps/headscale-derp/latest/data/derper.your-domain.com.crt b/apps/headscale-derp/latest/data/derper.your-domain.com.crt new file mode 100644 index 00000000..1e9988a5 --- /dev/null +++ b/apps/headscale-derp/latest/data/derper.your-domain.com.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIICTzCCAfWgAwIBAgIUVimWHYcwGCEzjo2PIWRX+pk5xk4wCgYIKoZIzj0EAwIw +czELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC0xv +cyBBbmdlbGVzMRgwFgYDVQQKDA9NeSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFmRl +cnBlci55b3VyLWRvbWFpbi5jb20wIBcNMjMxMjEzMTMzMTM1WhgPMjEyMzExMTkx +MzMxMzVaMHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYD +VQQHDAtMb3MgQW5nZWxlczEYMBYGA1UECgwPTXkgT3JnYW5pemF0aW9uMR8wHQYD +VQQDDBZkZXJwZXIueW91ci1kb21haW4uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D +AQcDQgAEuQsY4F6ixzijQoNJ5qhRwiXIQVRi8/4+ARi9y2XDqno+mRTe6kcqbWza +o1Qvnb+bDQX3TlI0znR07/TBbnKm3KNlMGMwIQYDVR0RBBowGIIWZGVycGVyLnlv +dXItZG9tYWluLmNvbTAdBgNVHQ4EFgQU42YYF2rWI639HjHPYr4T4XNDs5gwHwYD +VR0jBBgwFoAUM05GUd0314M3wxC0/hXTJDS/RiswCgYIKoZIzj0EAwIDSAAwRQIg +IeK6zsPY9KH9LooAzG5IMjTFfhL66I/LpMxwhD4ZoHkCIQDV4aWOeE/1SH9OJeUQ +J9KKE11IOW5ieMP/UGLq5g7I8A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPTCCAeOgAwIBAgIUM8dtduktU0oMp6IbjUdN0NYfth4wCgYIKoZIzj0EAwIw +czELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC0xv +cyBBbmdlbGVzMRgwFgYDVQQKDA9NeSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFmRl +cnBlci55b3VyLWRvbWFpbi5jb20wIBcNMjMxMjEzMTMzMTM0WhgPMjEyMzExMTkx +MzMxMzRaMHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYD +VQQHDAtMb3MgQW5nZWxlczEYMBYGA1UECgwPTXkgT3JnYW5pemF0aW9uMR8wHQYD +VQQDDBZkZXJwZXIueW91ci1kb21haW4uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D +AQcDQgAEYg7HUFZFXMrnG44AFGKASd5UX5Oo70k09G1+OSkCLcyqQPQyHnlLUnEg +01kpVOxAM7hEl0WaDdiT6PuyJHO1xKNTMFEwHQYDVR0OBBYEFDNORlHdN9eDN8MQ +tP4V0yQ0v0YrMB8GA1UdIwQYMBaAFDNORlHdN9eDN8MQtP4V0yQ0v0YrMA8GA1Ud +EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAJwSWKP0yDpBe8RAfwwm49Ym +clETnK7i3vnFG/OE3Z6UAiBgT8UBSt5surHTtMQIYfezWBTx2pxYSKJxaUStFyDi +tw== +-----END CERTIFICATE----- diff --git a/apps/headscale-derp/latest/data/derper.your-domain.com.key b/apps/headscale-derp/latest/data/derper.your-domain.com.key new file mode 100644 index 00000000..a2e748a8 --- /dev/null +++ b/apps/headscale-derp/latest/data/derper.your-domain.com.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgFMO2b7macGU9gXYD +NNVXS+NaDgVBT7chDLvRckGHNUmhRANCAAS5CxjgXqLHOKNCg0nmqFHCJchBVGLz +/j4BGL3LZcOqej6ZFN7qRyptbNqjVC+dv5sNBfdOUjTOdHTv9MFucqbc +-----END PRIVATE KEY----- diff --git a/apps/headscale-derp/latest/docker-compose.yml b/apps/headscale-derp/latest/docker-compose.yml new file mode 100644 index 00000000..64a051bf --- /dev/null +++ b/apps/headscale-derp/latest/docker-compose.yml @@ -0,0 +1,28 @@ +version: '3' +services: + headscale-derp: + container_name: ${CONTAINER_NAME} + restart: always + networks: + - 1panel-network + ports: + - "${PANEL_APP_PORT_HTTPS}:${PANEL_APP_PORT_HTTPS}" + - "${PANEL_APP_PORT_STUN}:${PANEL_APP_PORT_STUN}/udp" + volumes: + - "${DATA_PATH}:/app/certs" + environment: + - DERP_DOMAIN=${DERP_DOMAIN} + - DERP_CERT_MODE=manual + - DERP_ADDR=:${PANEL_APP_PORT_HTTPS} + - DERP_HTTP_PORT=-1 + - DERP_STUN=true + - DERP_STUN_PORT=${PANEL_APP_PORT_STUN} + - DERP_CERT_DIR=/app/certs + - DERP_VERIFY_CLIENTS=false + image: fredliang/derper:latest + labels: + createdBy: "Apps" + +networks: + 1panel-network: + external: true diff --git a/apps/headscale-derp/logo.png b/apps/headscale-derp/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..544221900e90795406557ba9f27d3f4891e20eee GIT binary patch literal 3185 zcmds)`8yP98^>qKzSc=3M3OqTgTXK~Ws8WA$dOJc&Z!T9^lmFrq(n|M-# zQr_e|Ub73#z?40ZR|Z|3g$Gw_2ewTOW2)j2kKH-GmaX%C-_e5s+XuITf% zA1fkRkpIk)1+^aBfvUMo>dQ?6#eb5FC*ZQ&J^Q@oV;4pMW^iU z?taYH^s#}!;Y4vLk-P4Xi@(G5HCm8#IvS{Lfj;(sC}Dl@42TIkLAyY6AQh4_NcyB? z6dX7XbOF2QO;wAHzWBY>R1gW=10jLzL)QU#paF;otl6IBBK!5IB5|UuaBo%GEQyGY zCT)=j?4-~Fz1#M7|MZhh1vusuvCd2HJ zq=Fbh5-J==%UnExRzo3BT5(LSZf~Q&w}vBe3gL3$fS}p0ig(Z(C>()Jl<}J$@Zabm z#Ud5l3?M@VlTBbWU=`lps3qV<4aCtoauhAD)PTZ+?bU8j=1{S~ldM^n`f*XE z5D|hnG<84K^`MPE|L<0=-z#Zp;V541d@L`Tl%Ia%V;CwHd^fnkom*W#SaHp{$V^a- zWzoo3+9!91kAmAZBHs8d`5D~r?do> z^6iYil=o?&$`Y8kGa(wsmacGmjc|x*khIg?Jm5B1bG4rw>bYQ{-KmViO&a%ST6$_e z)z;kh$k3{f&r>Q`Af!eSTw5gD4^TGc2K@l0pb`Osj}W{iwe|40_eokYBhdQXLCaGK zrvuHfbM}XX6HNiklRx$gNkSGPsoDzSayr<_N=8{+sHvbXDFAKq&y3wOi4;k3nX$7E z!cVgnfA#?>0wZ0$Z96p=V*Tk;B$3MUa#S`?X8Z0S8Q+-#$f8mIVU>TN5X^u+Dcfe# z^UM3Q@GOVUNLoIlhhA(dIGt?==vw|H*^cNXg!32i)RTj@_NEC#F}ko^1b_0|eomvB zgIPghfRNJaAwo$FM_>XRH-MtsgJWczG+JlJ|u$o5Ng2X4fMqk@pJGKMOvNXLeR zrpjIqXmocfW_qZCOPFX-O4Pr zXK8g*YEtb*oQ)aYRQR?@v_^O)g7Kq1F#t;F zY(tpnKN#A3S1++8A-{Nbb5>nI;ii+4g^2<*))m7@$?ot?XRC^hR0|~io$n4029ld_ zKIzXPPu9+p?zSYGN5cX|r@JE*xy0jJslQcWT;8$$4TCD@AZM>VLNNSki&I3AjJ1qs1U*ug46mq;TNjuwcjB|c)@QkD`1MH2%tG0ii+$tU@A~Q5VHV9Y z4F=1zU*G2=UhIQ>(qYdZRy8Vn9wAZ;@pWl!((|ozlBTX5JN^@56r|d>+B4U`mL_>& z*F~4@&_S8e%Ax5I$&}A_j`AO|gis~or&T8Lubkz7}F3LXZ%w#Qt+)*>) zr^kNli@u_@Mz6|)i>LgP2W-3IcHcXTW7%n(Dl?CfGl{e;j%8BB#A z>Xj{aou8O`2UTniK}Tz5;dI$>Sb@!4?uT#P22<5GB5jLO*q&{hT_9_@I0Z`AJfmTw z*PW_o#}XhRlLdmFep*@Kxl=B^s(7K5__!gb1G=Ag_`It$?9R=vtnVPp=wJ->cY+vw zMgra8dJnqXM>$kyN-hjtpqUhGK{Syo7pyL{kccazx)*TvVdIo03b zaV!Mw@hKPnJu$aw#%W5O^NYEhQJ~jYApRH(Lq6s^^SS{`@}i!vU7fYmtCyKKLzQLv zbE|=E-}BX?)Ln)hyN3YI$;DVy0PlV1nMb`68+i5y zUk;v8?!7hD++E0`gEt0s$`)XL`ErWC)*O&=N^z`idUaOjw+UWufb zJi1%DUq#@f^z0nVe>-ocsA9C}`RLVW^PsPJwSNcNg>&hcO zZ(PcgtEqPI;F0=V!RH>fzpdD3~0L5r%Jb?*w4%Nby zhFW*+BY_f%8kLhuo~a&U9`milipn)-*}xl9P>_a7#yg8fh;Tz*@r5VncyRpgeBt5V7Lsi-TUqN%k-+az|@{yh~{y9oKF^yt6& zMhoR#pk0I<