Loading... ## 介绍 尝试用docker(`ghcr.io/yangchuansheng/ip_derper:latest`)总是出问题,放弃docker一次成功,记录下来以供参考。 所用服务器:腾讯云Debian12 ## 安装go ``` apt install -y wget git openssl curl wget https://go.dev/dl/go1.21.5.linux-amd64.tar.gz rm -rf /usr/local/go && tar -C /usr/local -xzf go1.21.5.linux-amd64.tar.gz export PATH=$PATH:/usr/local/go/bin go version echo "export PATH=$PATH:/usr/local/go/bin" >> /etc/profile source /etc/profil ``` ## 安装tailscale derper ``` go env -w GO111MODULE=on go env -w GOPROXY=https://goproxy.cn,direct go install tailscale.com/cmd/derper@mai ``` ## 修改证书 每个人路径都不一样,仅供参考 ``` /root/goProject/pkg/mod/tailscale.com@v1.73.0-pre.0.20240820234010-7675c3ebf24d/cmd/derper ``` ![cert.go路径](https://lblog.net/usr/uploads/2024/08/2059332985.png) ![91到94行,注意符号](https://lblog.net/usr/uploads/2024/08/1232418238.png) ## 编译derper ``` cd /root/goProject/pkg/mod/tailscale.com@v1.73.0-pre.0.20240820234010-7675c3ebf24d/cmd/derper go build -o /etc/derp/derper ls /etc/derp ``` ![image.png](https://lblog.net/usr/uploads/2024/08/1135938844.png "文件结构") ## 自签域名 ``` openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/derp/derp.myself.com.key -out /etc/derp/derp.myself.com.crt -subj "/CN=derp.myself.com" -addext "subjectAltName=DNS:derp.myself.com" ``` 直接运行就好,不用改内容也不需要域名 ## 配置DERP ``` cat > /etc/systemd/system/derp.service <<EOF [Unit] Description=TS Derper After=network.target Wants=network.target [Service] User=root Restart=always ExecStart=/etc/derp/derper -hostname derp.myself.com -a :33445 -http-port 33446 -certmode manual -certdir /etc/derp RestartPreventExitStatus=1 [Install] WantedBy=multi-user.target EOF ``` ## 启用DERP ``` systemctl daemon-reload systemctl restart derp systemctl enable derp ``` ## ACL配置 ``` { "derpMap": { "OmitDefaultRegions": true, "Regions": { "901": { "RegionID": 901, "RegionCode": "CN", "RegionName": "ShangHai", "Nodes": [ { "Name": "ShangHai", "RegionID": 901, "DERPPort": 33445, "IPv4": "118.25.xxx.xxx", "InsecureForTests": true } ] } } } } ``` ## 检查DERP服务器是否接入 ``` tailscale netcheck tailscale status ``` ## 加密设置(防止白嫖) 先安装,在登录 ``` curl -fsSL https://ts-mirror.xedge.cc/install.sh | sh ``` 禁用密钥过期 ![网页端配置](https://lblog.net/usr/uploads/2024/08/927636985.png) 开启连接认证 ``` vi /etc/systemd/system/derp.service ``` ![连接认证](https://lblog.net/usr/uploads/2024/08/1921180242.png) ``` systemctl daemon-reload systemctl restart derp ``` ## 原址: 原作者那边更详细,此文章只做博主个人记录使用,仅供参考。 [https://blog.csdn.net/qq_29064203/article/details/135379460](https://blog.csdn.net/qq_29064203/article/details/135379460) 最后修改:2024 年 09 月 18 日 © 允许规范转载 赞 1 如果觉得我的文章对你有用,请随意赞赏