ipv6 deper

app/caddy-lan/lan.Caddyfile

@@ -5,4 +5,29 @@
 http://dify.sv-v2.lan {
 	bind 100.64.0.32
 	reverse_proxy localhost:9802
-}
+}
+
+http://alist.sv-v2.lan {
+	bind 100.64.0.32
+	reverse_proxy localhost:5244
+}
+
+http://od.sv-v2.lan {
+	bind 100.64.0.32
+	reverse_proxy localhost:8069
+}
+
+http://litellm.sv-v2.lan {
+	bind 100.64.0.32
+	reverse_proxy localhost:4000
+}
+
+http://clash-ui.sv-v2.lan {
+	bind 100.64.0.32
+	reverse_proxy localhost:7880
+}
+
+http://langflow.sv-v2.lan {
+	bind 100.64.0.32
+	reverse_proxy localhost:7860
+}

docker-compose-derper-vs1.yaml

@@ -0,0 +1,17 @@
+version: '3.5'
+services:
+  derper:
+    container_name: derper
+    image: fredliang/derper
+    restart: always
+    volumes:
+      - /home/mrh/myrepo/sv-v-config/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/minio.magong.site:/cert
+    ports:
+      - 10998:10998/udp
+      - 10999:10999
+    environment:
+      DERP_DOMAIN: ddns-go.sv-v.magong.site
+      DERP_ADDR: ":10999"
+      DERP_STUN_PORT: "10998"
+      # DERP_CERT_MODE: manual
+      # DERP_CERT_DIR: /cert

docker-compose-derper.yaml

@@ -0,0 +1,17 @@
+version: '3.5'
+services:
+  derper:
+    container_name: derper
+    image: fredliang/derper
+    restart: always
+    volumes:
+      - /root/program/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/hs.magong.site:/cert
+    ports:
+      - 10998:10998/udp
+      - 10999:10999
+    environment:
+      DERP_DOMAIN: hs.magong.site
+      DERP_ADDR: ":10999"
+      DERP_STUN_PORT: "10998"
+      DERP_CERT_MODE: manual
+      DERP_CERT_DIR: /cert

headscale/config/config.yaml

@@ -10,13 +10,13 @@
 #
 # https://myheadscale.example.com:443
 #
-server_url: http://localhost:8080
+server_url: http://localhost:27896
 
 # Address to listen to / bind to on the server
 #
 # For production:
 # listen_addr: 0.0.0.0:8080
-listen_addr: 0.0.0.0:8080
+listen_addr: 0.0.0.0:27896
 
 # Address to listen to /metrics, you may want
 # to keep this endpoint private to your internal
@@ -76,7 +76,7 @@ derp:
   server:
     # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
     # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
-    enabled: true
+    enabled: false
 
     # Region ID to use for the embedded DERP server.
     # The local DERP prevails if the region ID collides with other region ID coming from
@@ -91,7 +91,7 @@ derp:
     # When the embedded DERP server is enabled stun_listen_addr MUST be defined.
     #
     # For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/
-    stun_listen_addr: "0.0.0.0:3478"
+    stun_listen_addr: "0.0.0.0:10997"
 
     # Private key used to encrypt the traffic between headscale DERP
     # and Tailscale clients.
@@ -106,12 +106,12 @@ derp:
 
     # For better connection stability (especially when using an Exit-Node and DNS is not working),
     # it is possible to optionally add the public IPv4 and IPv6 address to the Derp-Map using:
-    ipv4: 1.2.3.4
-    ipv6: 2001:db8::1
+    ipv4: 101.126.130.39
+    # ipv6: 2001:db8::1
 
   # List of externally available DERP maps encoded in JSON
-  urls:
-    - https://controlplane.tailscale.com/derpmap/default
+  # urls:
+    # - https://controlplane.tailscale.com/derpmap/default
 
   # Locally available DERP map files encoded in YAML
   #
@@ -121,7 +121,8 @@ derp:
   #
   # paths:
   #   - /etc/headscale/derp-example.yaml
-  paths: []
+  paths: 
+    - /etc/headscale/derp.yaml
 
   # If enabled, a worker will be set up to periodically
   # refresh the given sources and update the derpmap
@@ -272,7 +273,7 @@ dns:
   # `base_domain` must be a FQDN, without the trailing dot.
   # The FQDN of the hosts will be
   # `hostname.base_domain` (e.g., _myhost.example.com_).
-  base_domain: h.l
+  base_domain: lan 
 
   # List of DNS servers to expose to clients.
   nameservers:
@@ -313,7 +314,7 @@ dns:
   #
   # Alternatively, extra DNS records can be loaded from a JSON file.
   # Headscale processes this file on each change.
-  # extra_records_path: /var/lib/headscale/extra-records.json
+  extra_records_path: /var/lib/headscale/extra-records.json
 
 # Unix socket used for the CLI to connect without authentication
 # Note: for production you will want to set this to something like:

headscale/config/derp.yaml

@@ -0,0 +1,25 @@
+regions:
+  901:
+    regionid: 901
+    regioncode: myself
+    regionname: Tencent Guangzhou 
+    nodes:
+      - name: 901a
+        regionid: 901
+        hostname: 'hs.magong.site'
+        ipv4: '101.126.130.39'
+        stunport: 10998
+        stunonly: false
+        derpport: 10999
+  902:
+    regionid: 902
+    regioncode: vs1derper
+    regionname: Home Guangxi IP6
+    nodes:
+      - name: 902a
+        regionid: 902
+        hostname: 'ddns-go.sv-v.magong.site'
+        # ipv4: '101.126.130.39'
+        stunport: 10998
+        stunonly: false
+        derpport: 10999

readme.md

@@ -37,6 +37,7 @@ https://luotianyi.vc/8480.html
 ```shell
 docker restart headscale
 dc exec  caddy caddy reload --config /etc/caddy/Caddyfile
+dk exec caddy-lan caddy reload --config /etc/caddy/Caddyfile
 # dc exec headscale headscale apikeys create --expiration 9999d
 # docker exec -it headscale headscale users create mxy
 # 创建可重用秘钥，秘钥不会失效，让用户自行管理
@@ -45,7 +46,7 @@ docker exec -it headscale headscale preauthkeys create --user mxy --reusable --e
 
 tailscale up --login-server https://hs.magong.site  --authkey 59a4f2afdc6605a8b213279d61fb926ad0ff704fc874dfec --hostname pc-xy --netfilter-mode=off --accept-dns=true 
 # 指定云服务器，注册
-sudo tailscale up --login-server https://hs.magong.site  --authkey 90e2d5089997c0ef0929eaa8475ac441de0fe9acae43cfbd --hostname dy1 --netfilter-mode=off --accept-dns=true
+sudo tailscale up --login-server https://hs.magong.site  --authkey 90e2d5089997c0ef0929eaa8475ac441de0fe9acae43cfbd --hostname sv-v2 --netfilter-mode=off --accept-dns=true
 # 云服务器如果自己配置了内网 DNS 服务器，需要指定该网卡的 search 域名
 sudo resolvectl domain eth0 ~.
 
@@ -129,6 +130,10 @@ vi /root/program/headscale/headscale/data/extra-records.json
 ```shell
 vi /root/program/headscale/headscale/config/config.yaml
 # extra_records_path: 
+exit 
+sudo vi /home/mrh/program/headscale/app/caddy-lan/lan.Caddyfile
+dk exec caddy-lan caddy reload -c /etc/caddy/Caddyfile
+dk exec caddy-lan  caddy fmt --overwrite /etc/caddy/Caddyfile
 ```