Headscale - Open Source, Self Hosted Wireguard Control Server for your Tailscale Network!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] it's your open source Advocate and I'm back with another video and today I'm going to talk about head scale if you seen my videos on net maker or wire guard in general then you'll know that tail scale is an implementation of wire guard that helps you set up a flat Network across multiple local area networks multiple devices it's really really awesome the way that it works and of course I wanted to find an open source version of it because the tail scale control server is not open source now their clients are and we're going to use their clients for part of this setup but head scale is an open source implementation of that control server that works super well with all the tail scale stuff and helps you set this stuff up in a really great way now I'll say compared to net maker I find head scale a little bit more difficult not not super hard but definitely there's a few more steps to get things set up the way you want whereas net maker definitely has like you know click this button type this in and you're done and you've got an egress node into a network and things like that you can do that with head scale as well it it really works fine I'm going to show you how that set how that setup works and we're going to get everything up and running today so I'm going to go through head scale the server the control UI and if time isn't too far along I might go ahead and cover some web goys that are there for the head scale server as well as the tail scale side of things with a guey that's created for Linux there's already a goey for Mac OS and windows of course but they didn't create one for Linux for some reason so somebody else did which is awesome because it's open source and we love that so we're going to get into the head scale server setup right after this I want to say thank you to all of my subscribers and all of my patrons over at patreon seriously you guys make this so worth it for me to do these videos every week I really truly enjoy it and I just can't say thank you enough if you're enjoying these videos subscribe let YouTube know that I'm doing a good job by subscribing to the channel plus you'll get notified when I have new videos coming out and finally if you're enjoying what I'm doing give it a like just click on that thumbs up and that way YouTube knows that you like it and they'll pass it along to other people that might enjoy my content as well I really appreciate it thank you again let's get started so to set up the head scale server we're going to go over to our terminal and we're going to log into our test system and as always we're going to create our folder structure first so we're going to do mkd r-p Docker slad scale so when we do that this command says make a directory and check to see if the docker directory exists if it does just use it if it doesn't then create it then it goes to the next step and says now see if there's a head scale directory inside of that and if there is use it otherwise create it so we get a lot out of that single command so we're going to CD into that new folder if we do an LS there's nothing there yet so we need to create a couple of things we need to create some folders inside of this so we're going to do an mkd config and an mkd data to create a config folder and a data folder and then we're also going to create a Docker composed. yaml file so we're going to do a nano Dockery composed. yml now what we want in this is pretty straightforward it's pretty small it makes it really easy to get the server up and running actually but we do need a configuration file to go with it so don't don't go off and run things ahead of me here I'm going to copy what I've got I'm going to paste it into here so this is a version 3.5 Docker compose file our service is going to be called heads scale our image is head scale head scale and it's the latest version is what it's going to pull it's going to pull stable it doesn't pull alphas and things like that so you'll see uh some things about that here in a minute the volume we wanted we already have our config and our data and I've got those set as do slash which means in the same directory where the stalker compos file exists and we're going to map those to Etsy head scale and VAR live head scale inside the container so the things on the left are our our host volumes folders on our host the things on the right are our Docker container folders so we're mapping this folder from the host to this folder in the docker container in both of these situations for the ports normally they set this to 8080 and they map it to 8080 I changed it because 8080 is a very common Port you can change this port on the left side to anything you want as long as it's not a common port for some other service and as long as it's not currently in use on your host so I set up 27896 because it's a pretty simple number for me to remember and it's not a common Port so this command head scale serve is how you bring up the server so once it actually pulls all the stuff down gets everything going it's going to run this command that says head scale serve which says bring up the head scale server for me and finally we've got this part that says re restart unless stopped which means if I reboot my server my physical server my virtual server any of those things it'll restart this container once it once it comes back up unless I stop this container intentionally and then do anything it's going to try to restart the container so I really like this setting because it lets me stop it if I want to but other than that it'll restart on its own so we're going to save that with CR o we're going to hit enter and then contrl X to exit and now we need to go grab a configuration file and they've got a nice example configuration file out there on their do on our GitHub site so we're going to use a command to go grab that and pull it down and this is that command so it's going to use Curl so you want to make sure you have curl installed on your on your server there and then it's going to go out to their GitHub site here and it's going to pull down their config example. yo file and this Dash o just says when it comes down put it in the config folder and name it config.yml so that's what what we're going to have just going to hit enter for that and it's done and now we need to go into that configuration file and actually change a couple of things not much but there's a little bit of stuff to be aware of in there so we're going to do Nano config and then config yaml and you'll see here we've got a whole lot of information that they're giving us but we're going to be fine we're just going to run through this really quick so right here the URL clients will connect to so I want to have this where my clients can actually get to it over the Internet so I'm going to give it a fully qualified domain name like their example up here what they have is your clients are going to try to connect over this 127.0.0.1 so I'm just going to go here and and take this out and I want it to be an https Service uh but I'm going to leave it as HTTP for now so I'm going to call this head scale. routy home.org so I own the domain rout me home.org I am creating a subdomain called Head scale in that domain and I have an a record already set up to point to my public IP address when that gets to my network it's going to hit the firewall and it's going to be on Port 80 or Port 443 that's going to forward through to a reverse proxy that I run called enginex proxy manager which I'll show you in a minute and I'm going to set up an entry in there with this same exact fqdn right here Ed scale. rout home.org and I'm going to tell it to point to This Server inside of my network on the 27896 port and that's what's going to let things work properly now there's no website that goes with the head scale uh server here on its own there are some other ones that will add to it but nothing just just built in everything is command line okay so we'll go through that as well so on the listen address you can just leave that as 127.0.0.1 and then as we actually we need to we need to change that I'm wrong we don't want to leave that we want to change that so we're going to mark that one out with the pound sign here and we're going to go right right above it and just take out the pound sign in front of the listen address that says 000000 and 8 8080 which is fine this is talking about inside the container but we want to make sure that any other uh Source can actually reach this service as we go down so this metrics part I I just left everything else exactly as it is I don't think I changed anything else but we'll kind of scroll down through here and talk about any of the things that are really important um all these things you just want to leave like they are um this one here on the IP address so this is the IP address range that it will use to assign out IP addresses to devices that get onto your network if you don't understand what these are I would highly recommend not changing them if you do and you know you want a different IP range and a different subnet mask size then feel free to do that but you should absolutely know what these things mean before you change them so most private IP addresses are 1 192.168 x.x which means that's going to be a 192.168 SL I believe it's 16 here you can do 10.0.0.0 or 10.xxx sl8 which means any of these last three octets can be variable when you have the 10 address and and again you can look up the private address ranges and it'll tell you exactly what they are um I if you don't have a reason to change this I wouldn't just just leave it as it is just know that you can but when you do add clients to the Head scale Network it's going to give you a little message about hey that's not within the head scale stuff it's just going to warn you about it I would say again it does it does exactly what you want it gives you an IP in the range that you set but it does give you a warning in the command line that's kind of annoying so I'd say if you don't have to change it don't change it all right as we continue down we've got these derp settings I didn't change any of this stuff I just left it as it is we're just going to continue down all the way past this and there's quite a bit here a lot of it's comments to help you understand what these things are so just understand that anything with a hashtag in front of it or the pound sign here that's a comment so that you can read it and understand more about what this thing is setting so disable check updates so basically if you want to check for automatic automatically check for updates You' set this to True um if you want to enable it leave it as false that's kind of how it works um Emeral node in activity timeout 30 minutes seems fine uh node update check interval 10 seconds also seems fine but you could change that if you really want to I don't suggest getting it any any less than that it shouldn't need it the B DB type in this case it is going to use SQL light three which is fine um if you're only going to set up maybe 50 100 even you know 500 clients SQL light will probably handle that with no problem I would not worry too much about it if you're going to be setting up thousands to 10 thousands of clients you might want to go and set up a postgress database again highly recommended if you're setting up that many clients that you know what you're doing you should know how to to go set up your postgress database and how to put the values in here so that this knows how to connect to it and use it but in our case I think DB type sqlite 3 is going to be just fine and this is the DB path VAR live heads scale DB sqlite which if you remember in our Docker composed. yo file we mapped to a volume on the host which means that's going to be persisted between updates which is great we're going to continue down uh so the let's encrypt stuff I'm going to set that through my reverse proxy so there's nothing for me to set here so I didn't change any of these things it's up to you guys if you want to but again if you're using a different reverse proxy there's nothing to do here so keep just keep moving down um logs if you want to do something with your logs you can um and you can change this to um what whatever format you want and the level you can change this to debug to get more information but you should only do that if you're asked to do that by the Developers for some reason otherwise leave it like it is as we keep going down you can set up ACL so there's an ACL policy path if you have a a policy file that you want to use um again not something I'm going to go through here it's way outside the scope of just learning how to set this up and get a few clients connected but if you want to learn those things there's documentation out there that tells you all about it your name servers if you don't like the 1.11.1 name servers of cloudflare then you could change that to 8.8.8.8 for Google or uh one I can't remember the other one 207 I don't remember anyways it's it's the one for Open DNS or you can you can use any DNS servers you want name servers that you want actually it's up to you but uh this is fine for me for what we're doing so as we continue down you can set up uh DNS information continually down this whole section here so this is all DNS information under that DNS setting that's right up there at the top so they do have a thing called Magic DNS and it's pretty interesting and it kind of starts up here but if you want to run this in a way that lets you name your different machines and just call them by name if you set up the right host entry and you have this turned on and ready and you set up a special file like you're seeing here then you can basically go and say Hey I want graphon do whatever you call your vpn.com to point to 100. 16403 that's going to be my grafana machine same way with any other machine you want if you want a Prometheus to be 100 4.0.4 you could set that up and then you could call these things by name instead of having to do it by IP address for me I generally know what my IP addresses are for my different servers and I'm going to show you some tools that are going to help you figure out which things that you want to connect to that are really great there's some great guey tools that are open source out there that give you a web server guey on top of the server as well as a nice open source project that gives you a guey server in your Linux environments when you're when you're running with a normal desktop so pretty nice otherwise you can do a lot of things with the command line as well so we'll kind of go through all that all right we're going to keep going down here base domain so if you're going to use the magic DNS that we talked about up above you would want to set whatever the base domain is going to be so in this case our base domain would be hc. routy home.org and then I could set up you know prometheus. head.out home.org graph. head scale. RMH home.org and so on so just know that if you want to use those things you need to set up that BAS domain down here and you need to know what that base domain is going to be in order to set it of course as we keep going down you have some oidc stuff I'm going to cover this later because I'm going to do a video on authentic and I'm going to set up an O authentication setup and oidc is one of those things that you'll really like and I think you'll really appreciate how it makes this work even more fluidly and and and just so much so much easier in my opinion but for now we're going to learn the the the concepts of everything and we'll get this going there's nothing else in here to change so we're going to do CR o to save our changes CR X to exit that file and we are now ready to actually go and pull everything down and get it started and up and running so as always we're going to do Docker space compose uh up- D and then two Amper Sands and we're going to put a second command so that first command is do compose up- D that says bring down the images start the containers and run them as a Damon in the background so that I don't have to stay connected but they'll stay running the next one is docker compose and then logs DF so this says once you get that up and running show me the logs and follow them so that I can see what's going on as it happens now I've already done this in testing so I've pulled the images down so you won't see that part here but if you're doing it for the first time you'll see the imag is getting pulled down so be patient just takes uh 30 seconds maybe a minute or it should be less than a minute depending on your your internet speed so I'm going to hit this you're going to see it's going to create it's going to get started and that's it it's up and running it tells us right here on 000000 880 that's inside the container so both of these things are listening inside the container but we're we're running I don't have any devices connected to it yet so I want to talk a little bit about actually using the command line information because this is running in Docker you can run this from here but you just need to tell it to run the commands inside the docker container and there's two different ways you can do that you can use Docker compose exec and then you use the service name which is head scale so this just says hey I'm about to tell you to to run some commands and I want you to execute them inside of the service with the name head scale then you put in the command which is head scale and we can type in nodes and then list and that would list all the nodes we have of course we don't have any so we don't see anything listed there except for just the kind of the header bar title bar whatever you want to call it the other way we can do this is just with plain Docker we can say Docker and then we can now in this case we're going to say exec but we want to use the actual container name so we're going to hit just tab right there and you see it says head scale D heads scale-1 that's the one we want and then we're going to do the same thing head scale this is the command nodes and then list and we're going to get the same output that we just got it's just running it in a different way now this is the other thing I was talking about on those on those automatic updates and which version It's using so it's telling you hey an update version of head scale has been found but it's an alpha 1 so it's telling me it's 0230 alpha 1 which means it's very early Alpha means like this thing may not be stable it may have some broken parts but it's telling us that we're working we're running 0223 so I want to run the stable version I don't want to run an alpha version but be aware if you want to run the Alpha version you can go out there and figure out what tag you need for that I prefer the stable version and that's what it pulls automatically okay I'm coming back to this after the fact and I apologize I thought I had had recorded the part where I was setting up the proxy the actual reverse proxy but in order to do that so that we can actually have our clients reach the server and once we get ready we're also going to want to add a little bit to this later in the video we'll do that so that you can actually get to your web guey if you want to use that as well but first we just need the clients to be able to reach our server and we want to do that by host name so that we can do that across the internet which is the whole point of a VPN so here we're going to click into our proxies we're going to click add and we're going to click right here and we're just going to type in the name that we want so in this case it's a heads scale. routy home.org and then we're just going to hit tab so that it turns into a little chip like that and once we've got that remember I've got the domain name I own routy home.org I have a subdomain of head scale and I have an a record on that domain that points to my public IP address when the request comes to my firewall my firewall looks at it and says oh okay I know what that is I'm going to pass that through on Port 80 or 443 to enginex proxy manager enginex proxy manager looks at whatever site you're requesting and says do I have this in my list of sites and if it does it'll send you along to the IP address wherever you're running that particular service and then you want to put in the port that you also mapped for that service so we're going to put in the IP address 192.168.10.0 in my case and the IP address was 27896 we're going to say block common exploits and websocket support and make sure it's publicly accessible so this says if I get this request I'm going to send it to this server on this port that's pretty simple now we want to get an SSL certificate so that everything is being encrypted with htps so we're going to click on the SSL tab click on the little none drop down we're going to click on request a new certificate Force SSL http2 support and then make sure your email is filled in and then click on the I agree to the L en Crypt terms of service and then finally you just click click on Save now if you have everything set up correctly with your a records your port forwarding everything like that what this is going to do is going to say hey let's encrypt I have this site that I want you to try to give me a certificate for and it's going to go okay what site and it's going to hand off this name and let encrypt is going to say okay let me see if I can hit that name on Port 80 which is why we're forwarding this port right here it's going to come in and it's going to go okay yes I got through the firewall yes okay I see your site and when it does that it's go all right let me issue a nice certificate here it's going to issue that certificate and then this little box is just going to go away and it's going to take less time than it took me to explain what's going to happen for that to happen in most cases but when you click save you'll see a little spinner once you get certificate the Box just closes and you'll see an entry down in your list and it'll have an let's encrypt uh certificate over here and you're set so that's really how you set up your reverse proxy there's not a lot more to it if you're using a different piece of software than inex proximated for reverse proxy you're going to have to understand how to set that up I I just don't know enough about the other software to do that for you so we've got our heads scale server up and running and the next thing we want to do is add clients before we add any actual devices to our Network we need to create at least one user so we want to do that and you can do that with the command line very easily now I will again show you a way to do this with an ooth type in authenticated user later and it makes it easier to add your your devices I mean it's not hard hard to do it this way either but just a different way of doing things but we can just add users here through the command line and understanding why the command line works like this is knowing that we're running this in Docker so we're going to write in a command that says Docker and then exec which means execute this inside of the docker container that I'm about to name in this case the docker container is called Head scale head scale one so that's why I just started typing head and then hit tab so it would autocomplete it so this part of the command says run what I'm about to give you ins inside of this container now I'm going to write the actual command that I want it to run which is heads scale so that's the start of the command and I'm going to say users create and then I'm going to give it the name of the user I wanted to create so in this case my name Brian and there we go so it created my user you can see that right here now I know there's a lot of stuff here so first it says there's an updated version of head scale we kind of talked about this it's an alpha one but I want to use this current stable one it's going to tell you that every time you do this just because it's try to let you know hey there's an updated version so now we've got a user we want to actually go and add some clients and what we need to do in order to add those clients is get a pre-o key so we're going to do the same thing we just did we're going to do that Docker exec head scale head scale one and then we're going to say head scale and we're going to create a preo key so we're going to say preo keys create and then we're going to say- e and we're going to give it a time for it to expire so I'm going to say 20 24 hours- you and what user do we want this to be created for and what user is this machine going to be assigned to so we only have one user so we'll put in my username if you had multiple users of course you could choose who it's going to be assigned to so we're going to hit enter and it's going to create this key right here for us so I need this key and I actually need to set up a machine where I can go and actually get my nodes going so I'm going to add this to one of my Docker servers here so I'll log into that I'm going to increase the font size for you and I'm going to go and get this tail Scale app so it's really easy to get we're going to go over to tail scale and they have this download tail scale page and right here I've got Linux selected but they have Mac OS iOS Windows Linux and Android so just pick the one you need and then follow their instructions but for Linux we've got this nice oneliner command that works pretty well so I'm going to copy it and I'm going to go back and I'm going to just paste that in want to let that run you need curl because it's going to go to this address with curl and it's going to pull down a file called install.sh and then it's going to run it which is what that pipe sh means this essentially just says hey go update everything and make sure you got updated packages and then it's going to say now let's install tail scale so this works really well at least on yuntu that's where I've tried it um Debian it it also worked well on Debian so I've tried it there those are both Debian based systems anyways but um should work on most of the systems that you can run with Linux so I've got a new kernel module I'll just say Okay um it's in the middle of a command so I think it continues in the background even though I've said okay it's kind of weird I don't know why it does this but it kind of locks up when I do this let me see if I can just close out of it and then go back into it here I just set tail scale and it gives me all of the commands that I can run with the tail scale command of course you actually need to do that as pseudo so I would do pseudo tail scale I'm just going to paste the rest of the command in there and it's pseudo tail scale up which means bring up my tail scale client use the login server that I've got listed here in this case that's not the right login server so we're going to fix it here headcat meh home.org and then d-o key and we're going to put a space and we're going to grab our off key from our server here so here it is right here we're just going to highlight it again and then we'll right click and copy it and then we'll go back to the other tab here and right click and paste and this is just going to tell it hey go ahead and add this machine to the system again it's going to ask me for my super user password because I logged out and back in and it finishes with no errors or anything like that so we can do pseudo tail scale status and you'll see right here it shows that we've got the UB soccer we've got my UB Docker server that's the name of my device here's the the information for it here's my username and then it's a Linux system so pretty pretty basic information there but if we go back to our server we can actually use the heads scale command again to see a little bit more information I showed you this earlier so we can say nodes and list so there we go we've got our UB Docker server is up and it's running and you can see here that it's got an MB GPC uh br is the is the username and it's it's 100 16401 so let's add one more and just show you that we can actually ping each other with these IP addresses which means they're communicating over wire guard like we want so we'll go and add one more server here so I'm going to log into my Docker server to and again I'll just increase the font size here and I'm going to run that same command that I did all right so we've got tail scale installed so I'm going to do sudu tail scale up and then D- login DS server and then htps colad scale. rout meh home.org d-o key and then I'm going to go grab a new off key from my server so I'm going to run that same command I did while ago and we want to create a pre-o key for my user and it's going to give me a new key so I'm going to grab that key copy it and I'm going to go back here and I'm just going to paste that key in and there we go so now if I do pseudo tail scale status you can see the status there and you can see that I can see both of my of my systems on the list now I can pseudo tail scale IP I think yeah so it shows me the IP address of this machine and if I switch here and do that pseudo tail scale IP I can see that this one's got that IP so if I do ping and I put in the other IP which is2 plus 100. 6402 you can see it starts pinging which is great so I'm I'm hitting the other machine from my server both of my machines are on this tail scale Network and I'm able to Ping and and reach those machines so we've got machines set up we've got our user created and everything is up and running so I've shown you all the basics set up your server get it running set up reverse proxy get it going add a user to your server and then add some machines for that user onto your wire guard Network that's being run by head scale and using the open source tail scale clients so we're up and running we've got everything going you're adding servers you're adding you've added nodes and now you can go and actually do some really cool stuff the next thing we want to do is look at a couple of goys one is going to be the web server goey that sits on top of your head scale server and the other one going to be a gooey that works on your Linux or desktops because there's really not anyone made by tail scale but there's somebody who went and made one of their own and it works really nicely so I'll show you how to install that as well there are several user interfaces that people have built using web Technologies to sit on top of your head scale server this is the one that I chose just because it seemed to be the most full featured but there are others out there and the head scale site lists a couple of more for you to go look at if you want to um I kind of like this it makes it pretty easy to see what's going on they give you some great screenshots here and you've got some control from the actual interface which is pretty nice as well for a few of the things that we were doing through the command line so I'll kind of go through that also um this tells you what the tech is things like that uh I did go and ask them to give me any links uh if they have it for how to support the project because there's nothing listed here on their page right now I couldn't find anything so if you find something let me know but um I do always like projects to list out hey you know what kind of things can we do to support the project uh you know and help you out so I'll be looking for that but they have a setup page here that gives you some installation and setup information they have bare metal Docker compose is what we want to use in our case because we're already using compose for the main head scale server so it gives you a list of the different uh items that you can have here which is pretty great so it gives you a really great way to kind of get this set up and let you see like what kind of settings Environmental variabl you have and explains what those are for and what what they can be used for so we're going to jump over and just look at what this looks like when you put it together and what you do is you take the compose that they have and you just add a new Services section to your head scale Docker compose file and then make sure a couple of things are set up properly for it to be able to communicate with your main head scale server you don't have to run it that way but to me it makes it very easy to run it that way all right back on our head scale server and inside of our Docker head scale folder we want to create a new volume or a new folder so we're going to do mkd and then we're going to call this volume I think volume maybe it's volume so let me check and make sure it is volume so we're just going to create this just like this and then we're going to change the permissions on this thing to make sure that we are the owner we're going to do just Chone Dash uh Chone 1000 colon 1000 and then volume just like that just to make sure it's ours and now we're going to go and edit our docker compos file so we're going to use Nano doery composed. yaml and we're going to just move down right here where we've got the services section we're just going to move down and we're going to move uh one more line one two and then we're just going to paste this in because I've got it all copied already to the clipboard and we'll go up and kind of look at what it really says to us so we've got our head scale section that we already set down below this we've got the head scale web UI section that we just added so this is going to be pulling from the head scale web UI latest and it's going to be called Head scale web UI so right here on the time zone you can change this to your time zone I've got America Chicago because that's where I'm at here we we labeled it pgid puid 10000 100000 and then we've got the color is blue you can set this to any primary color this is basically this is based on what materialize CSS uses for its color scheming you can't use like blue dark and two or anything like that but you can use blue red blue gray things like that for the color scheming it it's very much up to you kind of which one you choose but I just left it as blue that's what they had defaulted now here the heads scale server we want to set this to our heads scale server domain so in our case it's heads scale. rout meh home.org and the same thing here so we're just going to set this twice which is slash admin so this just says uh whenever you go to this address after this it's going to say slash admin if you want to get to the user interface side of it we've got this key here so this is just a placeholder key it's not an actual key so we need to go create this key uh we're going to just erase this and we'll go create one and there's comments in here that tell you all about kind of how to do this so they say use open SSL random base 6432 as the command so as long as you have opl installed this will work so we're just going to copy that and we're going to do a contr o real quick and save our changes we'll exit out and we'll just paste that in and it's going to give us this key right here and it's fine that you see it because I'm going to get rid of this test server afterwards so we've got this nice key that we need and I'm just going to copy that I'm going to go back into my Docker composed. file and go right back down to where we were and we're going to go here and just paste in this key just like that so we've got our key pasted in and then we've got this off type so here you can see that it set to oidc if you don't have an open ID connect type thing set up like authentic aelia keycloak something like that and you're not familiar with how to set that up for now you don't have to use this you can actually use this with basic authentication instead and that's probably what you want to do so what we're going to do is we're going to change this to say basic and then log level is info that's fine we want to set our environment variables for our basic authentication so I'm just going to set this to uh equals Brian and then down here I'm going to set this to a a password and this you should always use a long strong password for this but I'll just use something simple because again I'm going to destroy this afterwards something like that and then we need to uncomment these two lines just like that now down here for the oidc stuff we're not going to use it right now so we're going to comment those lines out and then we've got our Port mapping so we've got 5,000 to 5,000 ,000 that's fine unless you have 5,000 already in use you should change it to something else um we did 27 8 9 6 so I think 5,000 is fine you just need to remember whatever you set this to if you have 5,000 already in use you don't want to use it so we could use 51 uh in fact let's just use like 92 90 that shouldn't be in use and that's that's on my left side is what's on the host system and this is inside the container so we leave the right side alone for our volumes you can see we've gotv volume and/ config which is already set and it's a readon volume we should have everything set that we need so we're going to save with crl O and exit Nano with contr X and we're just going to do a Docker compose up- D again and then two ampersands Docker compose logs DF so it's going to bring down the new stuff for the head scale web UI it's going to get started it's going to start showing us some output from the logs so we need to look and see update and is okay so everything there looks okay I think the PO net map machine M Docker server 2 noise true log level set it info so it's given us some basic information here I think everything looks okay so uh it says configuring the app we'll give it just a minute um while we're doing that we need to go set up a new entry on our engine X proxy manager for our reverse proxy that we created so we're going to go in here we're going to go to our head scale entry right here and we're going to hit uh we're going to click on this three dots and click edit and I'm going to zoom this up for you guys so you see it's already got heads scale. ryh home.org in there what we need to do is add a custom location right here on this tab so we're going to hit add locations and we're going to hit slash admin is what we had inside of the docker compose file we're going to put in the same address and we're going to put in Port 9190 I believe is what we set and then let me just double check my IP address UH 60 not 64 I keep making that mistake and it's just not good so we want to make this the right IP address there we go we're going to hit save and now if we actually go to that IP all right there we go so it comes up now the first thing that it wants is it wants this server information so you need to get this this API key well luckily they've got these instructions I'm going to blow this up a little bit for you I'm going to click on the instructions they give you this nice popup and they tell you you need to go and ask for this API key which is the command head scale API Keys create so we've already done this a few times pretty easy to get going I'll clear this out and we're going to do Docker exec remember we're running this inside of the container head scale head scale head scale one and then head scale and it's going to give us this nice API key that we need in order for our UI to be able to connect so we're going to copy that and we're going to go back to the browser here we can close this and we're going to erase this and paste in the new one and we're going to hit save and it's going to go out and check and see hey can I see it yes I can here's all the information that I needed it's going to give you an expiration date everything like that about the key we're going to hit close then we're going to hit test and it's going to show us to you again so it runs it and it says success which is great which means we're now connected so we can scroll down we can see a little bit of information about this and we can jump over here to our user and it starts off a little bit slow but it does get faster after you've done it a few times and it's casted a bit of information so it grabs the information from your user and you can see here that I've got couple of keys that I've created of course and we can see here whether they're used ephemeral whether they're usable we have actions if we if if there's any actions available it gives you those as well you can delete the user here and you can even rename the user here so pretty useful from this tool and then if we go over here we'll see our actual machines so there's my first server and again we can delete the server we can move move the server to a different user uh we can rename the server if we don't like that name and then down here we can see a bunch of the information so we can see the IP addresses that it gave uh we can see when it was last seen last updated created so on and so forth and we can even give tags to these machines so we've got both of these servers here where we can see this information and take these actions and you can add other machines right here as well but what you want to have is the ability to log in to your server so you want to say select the user and then we want to have a machine registration key that we're actually going to use in order to register that machine so it's something that you need to have by running it this information and and and basically going and getting the registration key from the machine uh the other one is the preo keys which it tells you hey you can do this but you need to do it from the users tab so we can actually add machines here from the users Tab and remember how we had to create that pre-o key from the head scale server instead we can say add a pre key right here it's going to come up it's going to give us a little bit of information it's going to ask us if we want to put an expiration date uh whether it should be reusable or ephemeral and then we can click on ADD and get a new key and it'll give you a key that you just again take copy it and then paste it into your tail scale uh device to add that add that device to your system so a good bit of information that you can get here a good bit of information that you can see so if you want to toggle expired things you don't see them anymore pretty easy it just let you kind of clear up the list a little bit so yeah I mean a really nice little user interface gives you a lot of really decent control over your your head scale server that you don't have to go into the command line if you don't want to but you can still do some things in the command line if you want to as well and there are settings over here as well there's not a lot here for the settings it's really just setting the API key and seeing the about information uh but we do have an overview tab as well so if we jump over to the overview tab here again it grabs this information it starts caching it so get a little bit faster over time uh so machines added users added so you can kind of see all the information that we've got going and then you've got some general information about the actual system and then you've got some DNS information as well so pretty useful pretty nice little web UI that I like quite a bit and again it's got the basic off if you don't already have an oidc provider but I'm going to do a video on authentic and we'll get oidc set up and we can use it for both the server and for the the web UI here which is pretty nice now if you're like me using the command line is fine having things connected all the time is fine but having a little bit more control over your different devices is also very useful so I like to have a a user interface when I'm on a desktop it's just nice to have that it's very convenient and a lot of times it makes things a little bit easier than open up the terminal type it in a command you can just flip a switch something like that unfortunately tail scale does not make a user interface for Linux they do make it for Windows and Mac so if you've got that kind of machine you're set but if you have a machine like I do and you're looking for something there's a really nice open source program out here um called Trace scale which gives you almost all of the same capabilities as the tail scale client which is really nice it's just a wrapper around the command line tools but it's really really cool um so here you can see that he's got some information he's got an about he's got his releases listed he's got the packages that he used the contributors and languages and then if you continue down he's got a place down here where you can actually go and contribute a little bit of money to him I'm looking for there it is right here so you can buy him a coffee which is really awesome um definitely if you like this and you're going to use this get out there and and donate so that he'll be encouraged to continue developing this piece of software because I think it's a pretty nice piece of software actually so you have Aur instructions you have manual install instructions and you have flathub which is something that I really like so if we click on flathub should take us right to the page and if we just click on the little down arrow we'll get our install Command right here we can open up our terminal and then just go to a tab that's on our actual local machine here so now I can paste in that command from flathub and you can see it's just going to grab tray scale for us so it's going to go and load up the metadata it's going to ask are you sure you want to do this yes I do and then we're going to give it just a just a minute to get installed now one thing to note is I'm running KDE but this is actually going to use a gnome look and it uses I'm going to say gnome but it uses gnome or gnome however you want to say it say use the gnome platform so it's going to have that Gnome look but it sets everything up in inside of its container for the flat pack so everything you need will be there whenever you're ready for it all right so Trace scale finished installing so we can just click on the icon here and start typing and there's Trace scale it's going to come up and it's going to give us a warning so we're going to give it just second to start and it's going to say hey this user is not set as an operator you should have run this command first so it's pseudo tail scale set-- options equals dollar sign user or-- operator equals dollar sign user so we're going to go back and do that we're just going to close this we'll close it from the tray over here so it's called tray scale it runs in the tray mostly we're going to do pseudo tail scale set-- operator equals dollar sign user now this little variable here just means it's the user that you're currently logged in as so this is all this is telling it so it's going to set that user as the operator and it should come back just like that and now if we go and set up Trace scale should open up and not give us that warning there we go and you can see it shows the name of my current machine that I'm on and I've got some other really cool stuff now I can't change the size of the interface but it does adapt I have the Dark theme set so it already adapted the colors to that shows you what my IP address is on my on the network that this machine is a part of and as we go down I've got different options so this one that says accept routes what I did was I set up one of my other machines as a router that allows me to access a separate local area network at a whole separate location through this route so there's commands that I ran to actually get all this done but this just picked up on it that this is already set so it turned on that flag for me I didn't have to go turn it on the nice thing about having tray scale is if you don't want to learn those commands and figure all that out which I'll cover that in the show notes but I'm not going to go through it here if you install Trace scale you can just check this box and it'll help you with those things um I'll talk about setting up subnet routes and stuff like that in the show notes it's a little bit deep for this one but it it's a useful tool as well if you'd like a separate video let me know in the comments and I would be happy to do one but we're going to move forward here you can see the other machines that are on my network and you can see some details about them which is really nice and yeah you can see if they're connected currently you know so you can kind of Click through see this information and then if you want to disconnect this machine from the network you can tick tick this box right here to disconnect it from the network and then take it again to reconnect it to the network so you have some pretty decent control over those kind of things and again you can copy your IP address you've got some different stuff that you can set which is pretty great so I like this tool it's really nice it's a really nice little user interface and when you close it it just actually minimizes to the tray down here at the bottom right and you can just bring it back up by clicking on show and it'll load back up and make sure everything's the same it reloads that information when you do that which is nice uh but it's there running if you need it and really really simple really straightforward so I really like that I think it's a really great tool I've tried to show you several things in here that'll help you you get head scale up and running help you get your machines added to your tail scale Network and help you have some nice gooey tools on top of that to use with your wire guard Network hope you enjoyed this if you did like subscribe tell your friends about it so they can come along the journey with us and I'll talk to you next [Music] time it's your open source Advocate and I'm back and I've set up a with a little bit of merchandise I love being your open source Advocate but I want you guys to be the open source Advocates with me so if you want to get out there and get some of this stuff and if you do let me know what you think of it thank you for subscribing

Info

Channel: Awesome Open Source

Views: 27,447

Rating: undefined out of 5

Keywords: open, source, opensource, open-source, self, hosted, selfhosted, self-hosted, free, libre, software, server, web, internet, browser, linux, mac, macos, os x, windows, microsoft, unix, bsd, ios, android, pi, raspberry, desktop, vps, tutorial, how to, setup, installation, instructions, cli, command line, terminal, interface, network, networking, news, projects, wireguard, vpn, tailscale, headscale, gui, ui, virtual private, wire guard, openvpn, cisco, lan, wan, docker, pfsense, opnsense, openwrt, dd-wrt, unraid, proxmox, iphone, pc, app, 2023

Id: OKwrfmMoAk0

Channel Id: undefined

Length: 47min 38sec (2858 seconds)

Published: Tue Oct 17 2023