-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reverse Proxy #8
Comments
This isn't an error caused by your reverse proxy, rather it means that the device couldn't be verified by the DERP server. Make sure the container is able to access your Tailscale instance. I'm not sure about the other ones as I've never used Traefik, but ensure you have websocket support enabled as a first step. |
@mrrfv thanks for the respons! |
The Tailscale documentation says HTTPS should be optional (i.e. HTTP should still work) just in case you're using a network that blocks encrypted connections. Forcing HTTPS shouldn't cause that big of a problem though.
Mounting the Tailscale socket (as a volume) worked for me on the first try, so I don't really know how to help you in that regard. Using the same network or host networking doesn't work in my experience. Are you running Tailscale in a container, or bare-metal? Also: environment:
DERP_DOMAIN: derper.your-hostname.com Is |
I don't know if something has changed since I last tackled the problem, but it seems like this compose file works for now: derp:
image: fredliang/derper:latest
container_name: tail-derp
restart: unless-stopped
environment:
DERP_DOMAIN: derper.example.com
DERP_ADDR: :80
DERP_HTTP_PORT: -1
DERP_VERIFY_CLIENTS: 'true'
cap_add:
- NET_ADMIN
- NET_RAW
devices:
- /dev/net/tun:/dev/net/tun
networks:
- default
volumes:
- /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock
labels:
traefik.enable: 'true'
# HTTPS
traefik.http.routers.derper.rule: Host(`derper.example.com`)
traefik.http.routers.derper.tls.certresolver: myresolver
traefik.http.routers.derper.entrypoints: websecure
traefik.http.routers.derper.service: derper
traefik.http.services.derper.loadbalancer.server.port: 80
# STUN
traefik.udp.routers.derper.entrypoints: stun
traefik.udp.services.derper.loadbalancer.server.port: 3478 I am not sure if the
I will test this setup for a few days and report if any problems arise. If not, I will close the issue then. |
Thanks for you! |
Hi @arunoruto |
I am currently running tailscale on the host machine. Therefore, I am mounting the |
Hi, I am using Nginx Proxy Manager in docker, and not quite sure about how I could reverse proxy correctly. For docker, if I use 8443:443 to derper docker instance, and when reverse proxying it with derper.my-domain.com, can I set the destination to https://localhost:8443 with my certificate of *.my-domain.com? I have tried several times, but there is always an error of 502 openresty. |
我也有同样的问题.但我最近解决了:
启动后的日志:
宝塔面板的添加网站反代配置和ssl: 访问: 如果提示**Client sent an HTTP request to an HTTPS server.**请检查你的ssl配置(nginx和docker的都需要检查) |
你好,我按照你的方法部署了,但是在网站上Access Controls里面添加了 |
@conancheng hi,I also can not connect to the relay server, Only one have any idea about it ? |
一样的问题,请问你解决了,用的是阿里云,是不是阿里云有什么限制? @conancheng |
你的udp都没有开,阿里云和腾讯云都有自己的网络防火墙,需要在网页后台开一下对应的端口和协议。 |
I am trying to run a derper container behind a traefik proxy. I am not sure what I am doing wrong, but my config seems to work until I turn on verification.
Here is my service:
Derper is giving me constant errors like:
where
172.19.0.19
is the docker IP address of traefik, my reverse proxy. The service is available athttps://derper.your-hostname.com
and I also get the webpage, but it seems like I am missing something.Sometimes I also do get errors like this:
The text was updated successfully, but these errors were encountered: