Headscale docker部署webui
本篇接着上篇所写的部署流程, 继续修改docker compose
部署WebUI
在上一篇部署完成Headscale之后,我们只能通过命令行进行访问,这实在不够雅观(被打
所以本篇继续部署HeadScale的WebUI方便我们的管理
WebUI的项目地址: Package headscale-ui (github.com)
部署流程比较简单
只需要在docker compose里增加一段
headscale-ui:
image: ghcr.io/gurucomputing/headscale-ui:latest
restart: unless-stopped
container_name: headscale-ui
ports:
- "8081:80"那么此时的docker-compose文件就是
version: '4.1'
services:
headscale:
image: headscale/headscale:0.22.3
container_name: headscale
command: headscale serve
restart: unless-stopped
volumes:
- /opt/headscale/config/:/etc/headscale/
- /opt/headscale/data/:/var/lib/headscale/
ports:
- "8089:8080"
- "9090:9090"
headscale-ui:
image: ghcr.io/gurucomputing/headscale-ui:latest
restart: unless-stopped
container_name: headscale-ui
ports:
- "8081:80"至此,webui就部署完成了
配置反代
为了方便访问,我们需要进行反代的配置,这里使用nginx
在安装完成之后,我们新增一个配置文件(来自部署私有的 Headscale 控制台 · 三令五申 (yelsew.net))
server {
server_name headscale.owk.ink;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
location /web {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8081;
}
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/headscale.owk.ink/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/headscale.owk.ink/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = headscale.owk.ink) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name headscale.owk.ink;
return 404;
}
ssl证书需要自己申请
这个配置文件的主要作用是将/ 反向代理到本地8080
将/web反向代理到本地的8081 , 实现headscale.owk.ink可以作为登录服务器headscale.owk.ink/web可以作为管理端口
(两个分开域名也不是不行)
使用WebUI
直接访问刚刚的域名/web
会出现这样的提示
此时点击左边的Settings
将你的域名填入 Headscale URL 中 (不需要带web)
获取APIKEY
打开你上一节部署的headscale容器
通过终端输入:
headscale apikeys create此时会输出一个APIKEY, 这个APIKEY会有90天有效期
把他填到网页的APIKEY中
点击下面的Test Server Settings
如果正常,此时就已经获得了web的访问权限了
(这个APIKEY本地保存在你的浏览器中, 其他人无访问权限)
## 尾声
至此,Headscale的配置就做完了:)
祝各位玩的开心
本文地址: https://www.owk.ink/archives/22.html
本文原作者: Err_owk
本站文章均遵循CC BY-NC-SA 4,0协议发布,请规范转载.
共有 0 条评论