准备一台nat服务器

iShot_20230712_08.55.04.png

image.png

我用的是nat服务器搭建的成本更低购买链接

安装docker和nginx

在宝塔里面点击安装就可以了

部署derp容器


docker run --restart always \

--name derper -p 1234:1234 -p 3478:3478/udp \

-e DERP_ADDR=:1234 \

-e DERP_DOMAIN=添你的域名 \

-d docker.io/yangchuansheng/derper:latest

image.png

添加证书和反向代理

image.png

反向代理的url是http://127.0.0.1:1234

image.png

打开防火墙3478端口

image.png

添加端口转发

image.png

测试访问derp服务器

https://derp.rrtt.top:18857 访问成功

image.png

修改tailscale配置文件


// Example/default ACLs for unrestricted connections.

{

// Declare static groups of users beyond those in the identity service.

"Groups": {

"group:example": ["user1@example.com", "user2@example.com"],

},

// Declare convenient hostname aliases to use in place of IP addresses.

"Hosts": {

"example-host-1": "100.100.100.100",

},

"ACLs": [

// Match absolutely everything. Comment out this section if you want

// to define specific ACL restrictions.

{"Action": "accept", "Users": ["*"], "Ports": ["*:*"]},

],

"derpMap": {

"OmitDefaultRegions": true,

"Regions": {

"900": {

"RegionID": 900,

"RegionCode": "江苏",

"RegionName": "宿迁",

"Nodes": [{

"Name": "1",

"RegionID": 900,

"HostName": "你的域名",

"DERPPort": 443对应的网端口,

"STUNPort": 3478对应的外网端口,

}],

},

},

},

}

保存配置文件通过 tailscale netcheck命令进行查看

image.png