搭建derper节点
第一步需要创建ssl证书,文件名为build_cert.sh
#!/bin/bash
CERT_HOST=$1
CERT_DIR=$2
CONF_FILE=$3
echo "[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = XX
stateOrProvinceName = N/A
localityName = N/A
organizationName = Self-signed certificate
commonName = $CERT_HOST: Self-signed certificate
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = $CERT_HOST
" > "$CONF_FILE"
mkdir -p "$CERT_DIR"
openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout "$CERT_DIR/$CERT_HOST.key" -out "$CERT_DIR/$CERT_HOST.crt" -config "$CONF_FILE"
第二步保存文件,执行bash build_cert.sh 域名 ./ssl ./conf,就会生成文件
第三步创建docker-compose.yml文件
services:
derper:
image: docker.1ms.run/fredliang/derper:latest
environment:
- DERP_CERT_MODE=manual
- 'DERP_ADDR=:9541'
- DERP_DOMAIN=域名
volumes:
- './ssl/域名.key:/app/certs/域名.key'
- './ssl/域名.crt:/app/certs/域名.crt'
- /etc/localtime:/etc/localtime:ro
ports:
- '0.0.0.0:9541:9541'
- '0.0.0.0:3891:3478/udp'
restart: always
container_name: derper
第四步,执行docker-compose pull,拉去镜像
第五步,执行docker-compose up -d,开启镜像
第六步,查看当前DNS
/etc/resolv.conf第七步,修改DNS
nano /etc/systemd/resolved.conf
这个位置注释打开修改为223.5.5.5
保存
第七步,刷新防火墙
systemctl restart systemd-resolved第八步,手动验证一下tcl
curl -v https://login.tailscale.com第九步,需要关闭DNS
第十步,需要操作一下derpMap
"derpMap": {
"OmitDefaultRegions": true,
"Regions": {
"910": {
"RegionID": 910,
"RegionCode": "Beijing",
"RegionName": "Beijing Aliyun Derper",
"Nodes": [{
"Name": "910a",
"RegionID": 910,
"IPv4": "ip",
"DERPPort": 9541,
"STUNPort": 3891,
"InsecureForTests": true,
}],
},
},
},
第十一步骤,防火墙管理
3891 udp
9541 tcp
评论 (0)