Headscale - Open Source, Self Hosted Wireguard Control Server for your Tailscale Network!
Рет қаралды 55,981
Күн бұрын=== Links ===
Show Notes
wiki.opensourceisawesome.com/...
Headscale
github.com/juanfont/headscale
Headscale Web UI
github.com/ifargle/headscale-...
Tailscale Client Downloads
tailscale.com/download/
Trayscale - Linux Tailscale GUI Client
github.com/DeedleFake/trayscale
-----------------------------------------------------------------------------
Get the AwesomeOpenSource Merchandise
awesomeopensource.creator-spr...
Support my Channel and ongoing efforts through Patreon:
/ awesomeopensource
Buy Me a Coffee or Beer
paypal.me/BrianMcGonagill?cou...
=== Timestamps ===
00:00 Beginning
00:09 Introduction
01:45 Thank you to my Patrons at Patreon, and my Subscribers on KZfaq
02:23 Headscale Server Configuration and Install
17:55 Setup our Reverse Proxy
21:08 Add Users and Nodes to our Network
29:08 Server Web UI Install
36:21 Adjust our Reverse Proxy
37:29 Get your Headscale UI API Key
41:53 A Linux Client Desktop GUI
=== Contact ===
Twitter: @mickintx
Telegram: @MickInTx
Mastodon: @MickInTx@fosstodon.org
Try out SSDNodes VPS Services! Amazing Specs for incredibly low costs. I'm running a 32 GB RAM / $ CPU Server for only $9 a month! Seriously. FOr long term server usage, this is the way to go!
www.ssdnodes.com/manage/aff.p...
Get a $50.00 credit for Digital Ocean by signing up with this link:
m.do.co/c/a6a61ae55242
Use Hover as your Domain Name Registrar to get some great control over you domains / sub-domains:
hover.com/SHPaiirr
Support my Channel and ongoing efforts through Patreon:
/ awesomeopensource
What does the money go to?
To Pay for Digital Ocean droplets, donations to open source projects I feature, any hardware I may need to purchase for future episodes (which I will then give to a subscriber in a drawing or contest).
=== Attributions ===
Intro and Outro music provided by www.bensound.com
@Kevin-oj2uo 8 ай бұрын
I was thinking about researching about this the other day , after using tailscale and it was working great but I wanted something more open source. Thank you men you are awesome!
@AwesomeOpenSource 8 ай бұрын
My pleasure! And thank you!
@ig00g1e 7 ай бұрын
also you can host your own derp server which will be 100% self hosted.
@lmaoroflcopter 7 ай бұрын
This is one of today's projects for me :) excellent video!
@AwesomeOpenSource 7 ай бұрын
Fantastic!
@DJDashzn 8 ай бұрын
This is just great Brian Going to definitely try this out
@AwesomeOpenSource 8 ай бұрын
Awesome! It works quite well.
@mrfoodarama 2 ай бұрын
I'd no idea something like this existed, fantastic!
@AwesomeOpenSource Ай бұрын
Glad you like it!
@arcel83 8 ай бұрын
great Video! Thanks for that! worked like a charm!
@AwesomeOpenSource 8 ай бұрын
Super glad it's working for you.
@deedlefake 2 күн бұрын
Nice video. Thanks for mentioning Trayscale.
@AwesomeOpenSource 17 сағат бұрын
You bet.
@GianvitoFerrara 8 ай бұрын
Great video as always
@AwesomeOpenSource 8 ай бұрын
Thank you my friend, Glad you enjoyed!
@mr.architect3464 Ай бұрын
Thank you man, I liked your video! Respect Have a good day!
@AwesomeOpenSource Ай бұрын
Thank you.
@driodeiros 8 ай бұрын
Thank you for the video. +1 for a follow up video showing how to use OpenID to provide authentication.
@AwesomeOpenSource 8 ай бұрын
You are welcome, and hopefully recording this evening!
@cloud2050 8 ай бұрын
Thanks for the video. It is very informative. Yes can do a video on setting up routes? Again great work.
@AwesomeOpenSource 8 ай бұрын
I'll see what I can do.
@khanhthedag7269 Ай бұрын
thanks. nicely explained.
@AwesomeOpenSource Ай бұрын
Glad it was helpful!
@flavb83music 7 ай бұрын
Awesome video. Thanks.
@AwesomeOpenSource 7 ай бұрын
Glad you liked it!
6 ай бұрын
Thank you Brian 🙏
@AwesomeOpenSource 6 ай бұрын
My pleasure!
@rafaeltorresfurlan6888 8 ай бұрын
Wow, tks for the video, I will try headscale after i faced a not good experience with netmaker (i tried about a year ago, with crashes and updates problems).
@AwesomeOpenSource 8 ай бұрын
Sorry you had a hard time with Netmaker, but maybe Headscale will give you what you need.
@montywhisp 8 ай бұрын
I hope that you will create a similar awesome video about self-hosted zerotier server too :)
@AwesomeOpenSource 8 ай бұрын
I’ll have to look into it again. When I looked last it was very sparse on details and it seemed to have some parts still reliant on Zerotier services. Maybe it’s gotten better.
@ozzykampha2776 8 ай бұрын
Awsome as always
@AwesomeOpenSource 8 ай бұрын
Thank you so much 😀
@kenny45532 8 ай бұрын
I can't wait for the authentik add-on video to this. I am trying to learn more about both head scale and authentik. It would be nice to get a good start. I already deployed authentik and head scale. both work great. But putting them together would be even better (I think)
@AwesomeOpenSource 8 ай бұрын
Awesome. I think you'll love how easy it really is in the end. And honestly, the ease is because people wayyyy smarter than me are creating these amazing open source tools that make everything a lot easier.
@aionice2029 8 ай бұрын
Hi Brian I love your videos !!!! been a massive inspiration I have been learning a lot, could you maybe do a video on ACLs ?
@AwesomeOpenSource 8 ай бұрын
I've been tackling that topic myself. I have the basic ACLs working between users / groups, and device access, but I haven't gotten the ACL for me to access another groups exit route to their LAN setup properly yet. Let me get a bit further, and I'll definitely do one.
@4ohm531 3 ай бұрын
Thank you!
@AwesomeOpenSource 3 ай бұрын
My pleasure!
@AndreaGhensi 8 ай бұрын
Hi Brian, great content, just 2 observatuons: - it would be great if you add chapters to your video, very useful for reference after the first watch; - maybe you explained in other videos, but why do you open docker ports instead of joining the containers to the same network as nginx proxy and just use the service name and its port? This will increase the security of the whole system. I like to use traefik as reverse proxy because I can set up the routing rules via label on the service container, very handy!
@AwesomeOpenSource 8 ай бұрын
I have timestamps in the description, which is how the chapter markers used to be made. Not sure if KZfaq changed how to do that and I missed it. I'll check and see...but weird. I open ports because I run NGinX Proxy Manger on a different host than I run most of my other applications. You can absolutely do it the way you are saying though.
@hotstovejer 8 ай бұрын
I dove into this headfirst (no pun intended, but I'll take the laugh), and ended up trying to do this with headscale and headscale-ui, then found Firezone because of authentic, then found Defguard. My issue is that I'm using Traefik on a docker host, and multiple docker servers, so I've just been adding the containers to the manual file config.
@AwesomeOpenSource 8 ай бұрын
hahahahah. Adding Firezone and DefGuard to my list for future coverage! Very cool!
@yanglob 8 ай бұрын
One more thing. In config.xml, the ip-prefix section, you should put the ip4 range before the ip6 range, otherwise, the copy ip function in Tailscale client will always copy ip6 address instead of ip4.
@AwesomeOpenSource 8 ай бұрын
Great tip! Thanks for that!
@yanglob Ай бұрын
Later, I left headscale-ui for headscale-admin, it is much more responsive and nicer UI, imo. One setup difference is each device accessing its UI needs its own headscale API key. I'm not sure whether this approach has more risk than the centralized headscale-ui approach.
@AwesomeOpenSource Ай бұрын
I tried several, I showed headscale-ui on the video, but believe I also ended up on headscale-admin.
@ron1769 8 ай бұрын
I've waiting for. It so much. Van you give us a step by spet tuto for netbird with proxy nginx manager
@AwesomeOpenSource 8 ай бұрын
Let me see what I can figure out.
@alirezaghaderi 3 ай бұрын
Perfect video man thanks.... One question ...if we use cloudflare dns manager and route a subdomain to the server , do we still need thde reverse proxy ? I dont understsnd why we need them in the first place
@AwesomeOpenSource 3 ай бұрын
Reverse proxy generally runs as a way to route traffic around your internal network of services. So, auth.mydomain.com goes to your authentication tool, chat.mydomain.com goes to your matrix server, and vpn.mydomain.com might go to your headscale UI. The other part is that, in this case, we can point a domain to our headscale network, and allow clients to connect, so the revese proxy says I see your request for xy.mydomain.com, and I have a matching entry at 10.20.30.40, let me send you to that machine on port 29897. Something like taht.
@grimtagnbag 8 ай бұрын
I need this
@AwesomeOpenSource 8 ай бұрын
It's pretty awesome!
@dcerbino 5 ай бұрын
Great tutorial. The only problem that I had was with Nginx Proxy Manager. The latest version 2.11.0 is broken on the custom location part so I had to downgrade to version v2.10.4
@AwesomeOpenSource 5 ай бұрын
Sorry you had that trouble. Did you create an issue for the developer of NGinX Proxy Manger?
@ppkscott 8 ай бұрын
Great video. Going to set up my own server this week following your guide. Does this allow for unlimited clients or is there still limits? Thanks
@AwesomeOpenSource 8 ай бұрын
As far as I know, there are no hard (preset / programmatic) limits on number of clients.
@cowbe0x004 Ай бұрын
Thank you for the great content, was able to set up the server and client by following your video. Do you know if it's possible to route all traffic to the server? I have headscale on a cloud server and I want to route all client traffic to it.
@AwesomeOpenSource Ай бұрын
I think in the client config you want to set the DNS to a provider you like, then set allowed IPs to be 0.0.0.0/0, and that should do it.
@ag36015 3 ай бұрын
Thanks for the tutorial! Is it ok to leave server url: 127.0.0.1:8080 or it might be less secure than having your own domain? If it's the same, why change it?
@ichilvers 8 ай бұрын
Interested to hear thoughts of headscale vs netmaker?
@AwesomeOpenSource 8 ай бұрын
Netmaker is great, and for a newer user, IMO, easier to get certain things setup like exiting into an entire LAN from the Wireguard network. Making an Exit Node so all traffic goes through Wireguard out to the internet, etc. That said, Headscale is not super difficult to use, but going between the headscale docs and Tailscale docs is a bit annoying at times. Overall though, it just takes some experimentation.
@astrobit301 14 күн бұрын
Hi, thank you for sharing knowledge ! What are the NGINX first login credentials ?
@AwesomeOpenSource 7 күн бұрын
You mean nginx proxy manager? I believe they are admin@example.com and changeme if you mean the defaults.
@SimarMannSingh 8 ай бұрын
Good one. But unfortunately, its hard to get a public IP address in many regions and opting for a static IP address is the only option if this method is selected (which obviously costs extra, per month). Majority of the ISP's now a days are choosing to provide CGNAT IP addresses. 😩
@AwesomeOpenSource 8 ай бұрын
True. Depending on what costs more you could potentially setup your server on a VPS for a few bucks a month, or maybe using the Oracle Free Tier. Then use that as your public IP.
@--ic0n-1- 8 ай бұрын
Could you please investigate "Zitadel" instead of "Authentik"? It seems quite promising! 😊
@AwesomeOpenSource 8 ай бұрын
I'm already using Authentik, but it's actually quite "simple" once you get your head around what you need to do. It may translate to Zitadel as well. I'll look into it to see what I can figure out.
@raynicbak 8 ай бұрын
Hey Brian, Could you help me know what are the requirements to host Headscale? I can't seem to find that information. Is it okay to do so on a VPS, or a Raspberry Pi, or what other system?
@AwesomeOpenSource 8 ай бұрын
I don't know specifically what specs you need. I am running on docker, as you know. Currently with about 10 connections it's using 28 MB RAM, and goes from 0 to 4% of a single CPU. It's not using much of anything at all really. So I think you could easily run it on a low cost VPS from DO or Linode, etc. I do think there is an RPi version you can run, and seems like I've seen posts from folks who run it on that hardware. I run it on a VM with Docker, and it's running fine so far.
@micky1067 8 ай бұрын
Hi Brian... Great tutorial again.. Have you test the tailscale android app ? I can not connect to headscale. Even I changed the server to my selfhosted server. Some idea ?
@AwesomeOpenSource 8 ай бұрын
I haven't. I'm not an Android user, and don't even have a test device. The Headscale documentation indicates that it and iOS should work, but I also have difficulty getting my iOS app to let me use my own server. I'm still working on it, so I'll update when / if I get it working.
@AwesomeOpenSource 8 ай бұрын
Oddly enough. I just tried it again, and now it's letting me add my phone. It essentially loaded a browser window with the command, and a key I need to use to register my device to my server. I had to reset the tailscale app in my settings, then kill the app, reboot the phone, then start the app again.
@micky1067 8 ай бұрын
@@AwesomeOpenSource I have done the same in Android...and it runs too. Thanks.. greetings from Germany ... Michael ..
@Themahaaveer 4 ай бұрын
I don't have a static IP. However, i have a domain and ddns service running. How do I set up a reverse proxy. Instead of A record, will a redirect to ddns url work ? Thanks for making great videos !
@AwesomeOpenSource 4 ай бұрын
Setup a subdomain of the DDNS, and make sure the ports are setup properly coming into your network. You can still use NGinX proxy manager to proxy the request for the DDNS subdomain around your network as needed.
@uuu12343 2 ай бұрын
Hi! Question, does headscale require any port forwarding or any pre-requisites (i.e. VPS)?
@uuu12343 2 ай бұрын
Oh I see, so seems like this is just wireguard without port forwarding through the tailscale client?
@AwesomeOpenSource 2 ай бұрын
It doesn't. Just 80 and 443 on the network if you're inside a LAN. In my case I forward 80 and 443 to my reverse proxy, and let that deal with calls to the headscale server.
@default_youtube_profile 8 ай бұрын
I think if you selfhost headscale and tailscale then you would have to open port to access tail-scale over the internet from outside ?!
@AwesomeOpenSource 8 ай бұрын
If you already have port 80 and 443 open, then that's it. The rest is done through that.
@7jp539nY 8 ай бұрын
i'm having issues with tailscale up hanging on ubuntu server (Let's call it #1). I'm using NPM (hosted on #1 and working for other subdomain containers) pointing to dedicated vm for headscale (#2). The only difference in my setup is I'm using the imported certificate that I got from cloudflare, which my domain is proxied through.
@AwesomeOpenSource 8 ай бұрын
Cert shouldn't matter. I had the tailscale up command get me a couple of times too. It was just a matter of me digging in. On an LXC in Proxmox I found I had to pass through the proxmos setting to the LXC container for this to work, as the LXC couldn't access the tun0 that it needed for Tailscale to work. You might make sure the tailscaled service is active, and if not, check the logs. if it is restart tailscaled, and try again.
@gguestdub3518 8 ай бұрын
A question, how do I so that all the traffic goes through headscale? Since when I connect my public IP does not change and my normal public IP continues to appear, but I want to make full use of the headscale internet, is there any option?
@AwesomeOpenSource 8 ай бұрын
I believe if you look at "Exit Route" or "Exit Node"' on the headscale and tailscale documentation, you'll be able to find how to do this.
@gguestdub3518 8 ай бұрын
@@AwesomeOpenSource That's it, I already did it! Incredible, after searching and analyzing on my own and obviously because of the support in the videos, I managed to do it, I can now pass all the traffic through a node and not only that, many other things, fantastic! :)
@gigiipaq8172 7 ай бұрын
Hi Brian, I am getting an error when I build the container: FTL go/src/headscale/cmd/headscale/cli/server.go:21 > Error initializing error="failed to read or create private key: failed to save private key to disk: open : no such file or directory" headscale_headscale_1 exited with code 1 Do you know how to fix it. Thanks
@AwesomeOpenSource 7 ай бұрын
You might check the permissions of the folder it's trying to create the key in, and make usre it can write a file there.
@didou59630 5 ай бұрын
Hello ! @@AwesomeOpenSource I have exactly the same problem, I have absolutely no idea where I should give write or read rights... Can you help us with this?
@alexfields1334 5 ай бұрын
@AwesomeOpenSource Solution is easy the config file is outdated. You need to manually download the latest release tar an then use that configuration file.
@iroesstrongarm 2 ай бұрын
@@alexfields1334 This fixed the problem for me as well
@khanhthedag7269 Ай бұрын
a question: You also have a tutorial about netbird. very good. Now, which is better and safer, netbird or headscale? thanks.
@AwesomeOpenSource Ай бұрын
I personally like the ease of setting up routing rules in Netbird. This can be done with Headscale, but it's all done through Yaml files, and it's a bit convoluted as it is today. Other than that, both are rock-solid for connecting.
@khanhthedag7269 Ай бұрын
@@AwesomeOpenSource I think also, Netbird server is easier to setup than Headscale. Netbird Client is also easy to download. Thanks. You have a lot nice Tutorial.
@jim7smith 8 ай бұрын
Hi Brian....I am certain you already know this, but when creating more than one directory, just use the one command and add the names of the other directories you want to create.......less typing....LOL
@AwesomeOpenSource 8 ай бұрын
I do, I just like for folks to be able to follow what I'm doing, especially those who may be more new to the command line. But I still appreciate you sharing the tips with me. Keep 'em coming.
@MG-vv1zi 8 ай бұрын
@@AwesomeOpenSourcegreat explanation, thanks a lot.
@thestreamreader 7 ай бұрын
i wish tailscale was built into the nextcloud solution and app so you could run a vpn and still access your nextcloud without having to open a port on mobile.
@AwesomeOpenSource 7 ай бұрын
You can run the tailscale client on the same server as your nextcloud, then add the tailscale IP to your nextcloud allowed origins configuration.
@nowandthentech 3 ай бұрын
Hey All, everything work suntil i add the custom location in NPM. As soon as I save after adding the "ladmin" at the same IP, the proxy host goes from "Online"to "Offline" in NPM. Any ideas? No error in the headscale or headscale ui logs.Im using a VPS.Firewall is disabled. It did the same thing when i hosted it on my network. thanks
@AwesomeOpenSource 3 ай бұрын
are you putting "ladmin"? or "/admin"?
@jairwen82 3 ай бұрын
Thanks for this tutorial. When I don't use --auth-key, it hangs without returning. why?
@AwesomeOpenSource 3 ай бұрын
If you are trying to run it on a machine with no desktop interface / browser, then it will hang because it's waiting for the auth-key. If you are trying to make it open your Auth screen on a desktop and it's not opening, then I also saw it hang a few times. Just took persistence for me.
@jairwen82 3 ай бұрын
@@AwesomeOpenSource because my android can not popup that window, I test other platform and found Tailscale hangs in Linux terminal. then I found I can fix it by change server_url in config.yml of headscale, from to , but don’t know why.
@salamdamai 2 ай бұрын
So this is my scenario: machine 192.68.1.10 is where I am running headscale. 192.168.1.11 is running nginx manager. I was able to add the 192.168.1.10 to the host proxy but I was not able to add it with SSL. It gives me error: internal error. I also have a domain name, which I specified in headscale config file and in nginx reverse proxy manager. NOW do I need to set a port forwarding, forwarding to 192.168.1.11. If yes, what port number should I be specifying for both ports in the Port forwarding page of my router. So when I enter the domain name, the packet will go out into the internet, and then enter the router. And then the router forward that packet to the nginx and then nginx forward that to the 192.168.1.10. Am I understanding this right?
@AwesomeOpenSource 2 ай бұрын
You should forward port 80 and 443 to the ip ending in .11. Then on NGinX proxy manager create your entry for headscale. Now just enter port 80 in the first tab, then request a new certificate on the SSL tab, and agree to the TOS. Save. This should get you going.
@salamdamai 2 ай бұрын
@@AwesomeOpenSource Thanks. Yeah there many details that I had to try it. Because of the magic of ZFS, any changes I made to the nginx server or headscale server, I have reverse it back using snapshot. So I can try different things. I finally manged to get it to work. So now the client will be using https to connect to headscale server. But its frustrating that I do not know many of the details. Let me list these question, you dont have to answer it. I am already grateful for you videos. I learned so much about nginx and not to mention the webserver for nginx and for headscale, which I knew nothing about. Question #1: when creating port forward in the router, there are two ports that I need to specify; I am assuming that one is for the port the router is listening from the internet. The other port is used to talk to the internal server (in this case its the nginx server). Can these two port be different? Question #2: I am right to assume that for nginx requires two ports: one to listen signals from the router (from port forwarding, the port used to talk to internal server) and the other port that will be used to talk to the headscale server. So the talking and liseterning port between the router and the nginx must be the same. IN the same way, the talking and the listening port between the nginx and the headscale must also be the same.
@salamdamai 2 ай бұрын
@@AwesomeOpenSource Another question that you don't have to answer, since the SSL cert is in nginx, that means the encryption data transfer is used between teh client and nginx. And since headscale server is listering to port 80 and in your video, you did not specify ssl cert, the communcation between the nginx and the headscale server is not encrypted, which is find becuase they both are behind the firewall. So if I specify the ssl cert in headscale, do I still need to specify ssl cert in nginx? Probably the answer is "up to me". If no ssl between the internet and nginx, there will be no encryption between the internet and nginx server. But there will be encryption between nginx and headscale. So it is a waste of time to specify ssl in heascale. SSL is only used one time during the machine registration between the headscale server and the tailscale client right? Afterward it does not matter anymore. The wireguard connection will be established between the cliient and the headscale directly, bypassing nginx. Or everytime I switched off tails scale and then turning it back on, it will go through the nginx server to re-establies the connection. Once the connection is established, nginx is no longer needed. I guess nginx is used used to pass secure information to build the tunnel between the client and the headscale server. After the tunnel is created, it is the encryption TLS from writeguard that will guard the data exchange between the twos.
@ozzykampha2776 8 ай бұрын
Maybe do one on Loki?
@AwesomeOpenSource 8 ай бұрын
I'll check it out and see what I find.
@Themahaaveer 4 ай бұрын
How do I use the embedded derp server when running headscale behind the reverse proxy ?
@AwesomeOpenSource 4 ай бұрын
I'm not 100%, as I didn't setup that part. Here's what's in their documentation thought: "WebSockets support is required when using the headscale embedded DERP server. In this case, you will also need to expose the UDP port used for STUN (by default, udp/3478). Please check our config-example.yaml." Hope that helps.
@Themahaaveer 4 ай бұрын
Yes done that. Acme throws weird certificate errors. Kindly consider a short follow up video on running the embedded derp server as it will truly make the headscale private.
@Virtualchronos 3 ай бұрын
This tutorial can't be used anymore since recent updates break a lot of things. Webui is also very buggy so a new updated tutorial with another web management interface would be awesome. i tried myself to use another webui without any success.
@AwesomeOpenSource 3 ай бұрын
Hmmm. I'll have to take a look. This isn't that old of a video. As for Headscale UI it was the best one I found as far as functions. Do you have any others I could look into?
@Virtualchronos 3 ай бұрын
@@AwesomeOpenSource yes, since i finaly succeed in using it, i can even help you if necessary. The best one i found is headscale-admin wich is the best so far with a lot of improvements. the only problem is for nginx proxy manager (be careful, npm latest version is broken with sub domains). I can give you my config files wich will make you gain a few hours of work and avoid trial and errors like i did.
@Virtualchronos 3 ай бұрын
@@AwesomeOpenSource i've tried to answer you a few times but it's deleted each time. try headscale admin. i've all the necessary config if you want them i would be glad to help you and give it
@AwesomeOpenSource 3 ай бұрын
@@Virtualchronos KZfaq will delete comments from viewers if it has a URL or link in it. But if you will jump over to discuss.opensourceisaaesome.com, I’d love to see what you have. I’m mickintx
@Virtualchronos 3 ай бұрын
@@AwesomeOpenSource I didn't included any link. i suspect youtube to ban some specific terms I maybe used without noticing. I'll send you msg there, count on it ^.^
@alx8439 8 ай бұрын
Have you reviewed Nebula on your channel?
@AwesomeOpenSource 8 ай бұрын
I haven't. I tried to get it all setup a couple of years ago, but it was a bit difficult at the time. I should re-visit it.
@alx8439 8 ай бұрын
@@AwesomeOpenSource thanks. I've been using tailscale for years, and have my own list of next best things to try like Zerotier and Nebula, but never got time
@varodaya 8 ай бұрын
How do you rate this over metmaker ?
@AwesomeOpenSource 8 ай бұрын
For me, they both have pros and cons. Netmaker, IMO, once up and running is much easier to just start using, and the built on Web Admin panel is really great. Things like the subnet routing (getting onto a LAN from the wireguard VPN) is also quite a bit easier with Netmaker. Alex really has done a ton of work to make everything very easy. Headscale, is a bit more piece-meal, and you need to read a bit to find the right commands to do various things. The tailscale client is good, but again, no GUI from Tailscale for linux...thus Trayscale comes into play as yet another piece you can add on. You can do all the same things, but Netmaker still makes it easier as a fully self hosted solution.
@zyghom 4 ай бұрын
how to connect macbook? the default client has no options for different server (headscale) or so
@AwesomeOpenSource 4 ай бұрын
Download the Tailscale client, then change the server you want to authenticate with, or use the terminal to connect using the command I used in the video.
@zyghom 4 ай бұрын
@@AwesomeOpenSource I am trying... just found the CLI there as well but not yet successful ;-)
@zyghom 4 ай бұрын
ok, macbook done, now fighting with the obvious things that were "one clik" step in tailscale - approving exit nodes and routes etc - yeap, tailscale made it easy
@MuhammadIrfan-ni9pb 8 ай бұрын
Does this configuration require a ip public sir ?
@AwesomeOpenSource 8 ай бұрын
If you want to set it up for access over the internet, then it will. You could setup the control server on a VPS with a public IP, and it will coordinate your clients to all find each other as an alternative.
@nowandthentech 7 ай бұрын
anyone else get? WRN Failed to read configuration from disk error="While parsing config: yaml: line 12: did not find expected key". I coped it right from the site. I also did the wget method. Thanks!
@AwesomeOpenSource 7 ай бұрын
Sometimes, copying yaml, for whatever reason, seems to either include some special hidden character, or not include something needed. I've found I just have to manually type it, or use an online yaml checker to try and figure out what's wrong with it.
@nowandthentech 7 ай бұрын
Thanks Brian, now that is seemingly working but it freezes when adding a client with an auth key?
@alexfields1334 5 ай бұрын
@AwesomeOpenSource Solution is easy the config file is outdated. You need to manually download the latest release tar an then use that configuration file.
@salamdamai 2 ай бұрын
I dont understand your step on 47:37. Why you specify a different port number? Shouldnt that be port 8080?
@AwesomeOpenSource 2 ай бұрын
In docker containers, if you are running other containers, common ports are often already in use on the host. The ability to map a different port number is a great feature in docker. It allows you to run multiple services on the same host that may need the same port. So, in order to avoid 8080, I changed it to a less common port.
@gigiipaq8172 7 ай бұрын
I don't think it's permission problem. I get the same error when I build the container with root permissions......
@AwesomeOpenSource 7 ай бұрын
Hmmm. Not sure then.
@alexfields1334 5 ай бұрын
@AwesomeOpenSource Solution is easy the config file is outdated. You need to manually download the latest release tar an then use that configuration file.
@alirezaghaderi 2 ай бұрын
it seems latst flag doesnt work I used headscale/headscale:0.22.3 for now
@AwesomeOpenSource 2 ай бұрын
Maybe they took down latest for some reason.
@duncan-mcrae 6 ай бұрын
I wonder how this would run for enterprise - like 100 users? Enterprise Tailscale at 20/user/month minimum for 100 users is a lot of cash.
@AwesomeOpenSource 6 ай бұрын
Just depends on how much you are using it. Should runfine. Essentially Wireguard creates a nice peer-to-peer network. Some devices need the relay server, but desktop and laptops can usually navigate a P2P connection. Mobile devices can as well, it's really the cell network that interferes from what I understand.
@cig_in_mouth3786 8 ай бұрын
Everything looks great but i need on android phone or some portable device. I think termux route :p
@AwesomeOpenSource 8 ай бұрын
Tailscale has apps for both iOS and Android. They should work with Headscale as well.
@cig_in_mouth3786 8 ай бұрын
@@AwesomeOpenSource yeah but there is no option for choosing custom server, like if you use bitwarden it gives me option to select server (vault waden works) here there are no such options 😕
@dasfaultierdeslebens9134 6 ай бұрын
Workes fine for Desktop Clients and bad for mobile Clients.
@AwesomeOpenSource 6 ай бұрын
It's a pain to get the mobile clients setup for it, but once I got them setup, they just work. Turn them on, turn them off, just works.
@dasfaultierdeslebens9134 6 ай бұрын
@@AwesomeOpenSource Change Server worked. But it is too unsafe for a productivity System...I switched back to the original Service.
@luwk 3 күн бұрын
Witch domain provider you are using
@AwesomeOpenSource 17 сағат бұрын
I was using GoDaddy at the time, but moved that domain to Hover now.
@luckywang95 7 ай бұрын
Is this doable on a network without https?
@AwesomeOpenSource 7 ай бұрын
You could probably use the IP only, but https is just for the Web UI that's separate from Headscale itself.
@luckywang95 7 ай бұрын
@@AwesomeOpenSource ya. im trying to install headscale UI and it doesnt work with IP only. https is a must for web UI?
@AwesomeOpenSource 7 ай бұрын
Not for the web ui specifically. The https requirement will be to get you mobile device to connect to the headscale server. You need to have a valid cert on an iOS device, but not sure about Android's requirements.
@yagoa 5 ай бұрын
dislike cuz docker
@AwesomeOpenSource 5 ай бұрын
That's a shame, docker is really a great way to run your services. You can install any project directly on your system as well. Docker just makes that a bit easier by 1. scripting out the installation, 2. using a very minimal image to install it on, and 3 making it a very lean virtual machine (container) which segregates it from the rest of the system unless you make the in-roads for it.
@yagoa 5 ай бұрын
I speak from experience, eg. 10x ram usage and 5x cpu usage for pi-hole This is not viable for any efficiency minded individual or server admin@@AwesomeOpenSource
@yagoa 5 ай бұрын
yes all the work you save by the scripting is lost by having to forward all kinds of things between systems@@AwesomeOpenSource
Awesome Open Source
Рет қаралды 53 М.
Awesome Open Source
Рет қаралды 37 М.
Awesome Open Source
Рет қаралды 47 М.
Awesome Open Source
Рет қаралды 115 М.
Awesome Open Source
Рет қаралды 49 М.
Jim's Garage
Рет қаралды 26 М.
business Us
Рет қаралды 7 МЛН
LED Screen Factory-EagerLED
Рет қаралды 15 МЛН