How to Self-Host Headscale with Docker Compose

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in my previous video I showed you tail scale and how you can use that to set up a VPN for your home network and just showing you pretty much how easy it is to set up but the one thing I pointed out is that the control server where all of your clients connect back to is all managed via tail scale right and I did mention head scale which is the open- source alternative version of the tail scale control server that you can host yourself so that all your clients that you are managing connect to a backend server that you are also managing so in this video I'll be showing you how you can self host scale using Docker more specifically Docker compose we're going to set up a couple clients to Showcase how it all works and then we should be good so I think first off I will just show you my environment that I have set up at the moment that's running head scale so I have head scale deployed a couple of clients connected and I'll just show you the interaction between them and then I'll show you how you can get H scale deployed for yourself now there's a couple of reasons like I've already mentioned on why you might want to self host H scale and the main reason is that you don't want the backend control server to be managed and run by someone else you would rather have control over it and then using something like head scale or tail scale over a typical VPN such as like a standalone wire guard deployment or whatever is because you get a lot of benefits with using H scale you're getting not only the VPN which is based off y guard anyways you're getting things like Access Control lists which allow you to set what type of users can actually access what type of clients on your network right so you could say hey look I only want this user to access these certain services that are part of my hi scale environment rather than just allowing them to to access everything you get really fine grain controls you can also have like identity providers and all of that good stuff connected to your H scale as well so let me take you around the head scale environment that I have set up so head scale is running in a Docker container so if I just do Docker Pi hyen a and we'll group that for H scale you'll see that I have one up and running which is awesome right so let's clear this and the way we interact with head scale is since it's in a container we we just issue commands to the docker container so we can do something like Docker e exec so Docker execute we're wanting to run a command the container we want to send that command to which is just hi scale and now we're can enter our commands so we can do something like H scale nodes Alas and this will show us the devices that are currently connected to the machine so I've got two I've got the electron sandbox connected and my MacBook are currently connected to head scale at the top here you can actually see I have the tail scale client connect connected but I've actually got this pointing to a custom control server which is my head scale environment and you can see here heads scale. tech. NZ and that's what tail scale is looking back at it's not looking at its own one it's using my head scale environment so what I can do here just to Showcase that I am actually using head scale and I'm not connected to my network in any way to interact with my services I'm going to exit out of this container sorry the server let's go to my wireless and let's connect to my Hotpot that's going to kick me kick me off my wireless right so I'm off my wireless now and I should be on my Hotspot which I am so if I come to my tail scale server now and come to network devices my devices and electron sandbox I can copy that and it's given me the IP address and I can do something like SSH Tik to at and this IP address so the environment I've set up pretty much is I'm not on my home network now but I want to connect back to my server I'm going to hit enter and there we go I've connected to my sandbox server using that IP address uh from tail Scout that I've just been given and I'll show you how that configuration looks when we get into deploying head scale so I'm going to take you through the steps now of deploying your own hi scale environment so the big thing here is that you are going to need a domain name right because this is public our services are running outside of our home network they need to call back to something that's going to tell them where to go so we're going to get a domain name so make sure you've got one and there's two ways you can make your heads scale environment public well two ways I would suggest anyways there's probably others you can use a r proxy something like engine X proxy manager now I would typically suggest this because generally if you're going head scale you're trying to move away from like vendors and stuff and you're wanting to host your own stuff but if you really just want to get your environment public and accessible then you can also use something like Cloud flare tunnel so you can have a cloud flare tunnel set up a subdomain in there pointing to your head scale environment and then you'll be able to connect to it and that's what I'll show you in this video just because it's pretty straightforward and if you're already running a reverse proxy then you're already know how to configure that part I have videos for both Cloud flare tunnels and engine X proxy manager they'll be in the description so if you want to go either route make sure you watch those videos first so you actually understand how it all works CU I'm not going to cover every individual step with Cloud flare because I've already covered it right setting up head scale so this is docs. tech. NZ this is my documentation server and a link to this will be in the description and it has everything you need to get started with head scale now I said get started this is giving you the pretty much Bare Bones configuration to get it deployed I'm not giving you anything extra because it would be like an hour long video the whole point of this is not to over complicate things we're just getting head scale deployed and then if we want to focus on anything further we can in other videos or join the Discord or YouTube comments and I can help you there as well so you can see that there is a Docker compose file provided so the contents that you need we'll cover this more in detail when we actually deploy it we need to create some directories which are here and we've got the sample configuration file this configuration file has been Source from your official GitHub repo so you can grab it there as well but if you're just looking for the beer bones deployment there's only two things we need to actually change here in this configuration we need to change the server URL the URL that we're going to access head scale on so you'll want to set this as your custom domain and I'm going to go through this in a second all of these values we can leave default unless you really want to change them the IP prefixes by default these are fine if you would like to change this range because I don't know you prefer something else you can change that if you like scrolling down down you can see things you can change how often it updates all that good stuff now by default it's running an SQL light database now this is fine for most use cases but if you're in a business if you're going to have a lot of um clients connecting to your head scale environment then you're going to want to probably have like an external database something like postgis and there's an example config here for that now in both situations of using Cloud Flair or an engine X proxy manager or just a reverse proxy most of the time they will handle the certificates for you but there is configuration here for setting up lets encrypt if you do need it for whatever method you are going with and here's the main thing here that a lot of people love about tail scale and head scale is that the ACL so here you can set up the path for your access controllers policies if you're wanting to set them this is where it's done if you're going to override the DNS that's provided by default I believe these are the cloud flare domain uh DNS name servers which is just 1.11.1 you can set your own here if you wish and then you've got this here which is the last point I'm going to cover which is Magic DNS so you seen that when I was testing it before I was connecting via the IP address tail scale and head scale will give you a magic DNS which is structured as a fully qualified domain name that will look like this so for example we would have like elron Cloud which is my host name my user which would be Tik tox and then the base domain so it would be elron cloud. Tik to.it scale. Tik to. inz and that would be the domain name that I could use to interact with my server as well if I didn't want to do IPS so if you want magic DNS you need to make sure your base domain um also reflects that and I'll show you that in a second as well and everything else we're just going to leave as default so let's connect to our server and start getting this all set up so I'm going to change to a Docker container that I have sorry a Docker folder and in here I have a folder for all of my containers that I run uh utilizing compos so what I'm going to do is go back to the documentation we'll scroll down and we can just copy these commands here and we can paste them in I'm in that hi scale folder now so if I do an alas you can see we have config and data that's all we've got at the moment so now we need to make that Docker composed file which is very straightforward so we just going to do a nano Docker Hy compose yo right we go back to our documentation and we'll look for that composed file grab you thank you very much and we'll paste that in and we'll save it and let me just quickly cover what's happening here so we're creating a server called Head scale the container name is called Head scale we're using at the time of recording this the latest stable build which is 0.223 and we're going to mount some local binds so config and data so those two folders We just created before are going to be mapped to The Container um on these directories with inside the container this port here 27896 this is just like a random Port uh outside of the general range that a lot of people use around the 8,000 say 8080 or whatever feel free to change the though if you've got a preferred Port you'd like to use a valid Port that you can actually use feel free to change it otherwise just leave it as default if it works for you once the container is built it's going to run the command head scale serve which will actually just serve the head scale server and get everything up and running and then we've got restart which means unless stops so the container will always run even if the server's been restarted or whatever it will always auto start unless you have specifically told it to stop um so that's what's happening yeah so save that close down over there now we just need to make that config right so if I change directory into the config folder and then I already have one I've already configured one so if I come in here I can show you how I've got mine set up all I've done is I've changed that server URL here so now it's just reflecting H scale. Tik to. inz and the other thing that I changed was that Magic DNS um scrolling for that here we go all have changes that base domain for the magic DNS which is hits scale. Tik to. NZ those are the only two things I've changed and if you're just wanting to get this up and running that's all you need to change as well and now let's jump back up One Directory where the co Docker compose file was and we're good to spin this up so now we can do a Docker compose up hyph D now the container is up and running right so we can see that that's all up and running so before we can connect anything to it we need to have that domain name pointing to our head scale service right and like I said before you've got two options you've got engine X proxy manager and you've got Cloud flare but I'm going to show you the cloud flare method just because it's a lot more straightforward so this is my cloud flare environment now I already have videos dedicated to this so go watch this but all I've got is the heads scale. tech. NZ pointing to the IP address of my server that's running hit scale and the port that hit scale is running on and then that's all I need and then I can uh connect to it so coming back to the documentation underneath that big config file we need to create our first user so what we've got here is a docket exec command so this is just how we interact with the head scale container and how we run commands within it so I'm going to grab this command here and we're going to create our first user and that's how you do it DOC exact H scale um so I could just create another user here so I'll just say like Nick and there we' go I've just created that user now the way this works is that once we've got we've got our user we've got he scale up and running now we just have to connect our clients to it now you can see here there's a command here that's actually creating this thing called pre off keys right this is how your client authenticates with head scale so what we're going to do in this bottom command here once you've got the client on your machine and the all the clients look like it we're just using the tail scale clients like I've explained before if you click here it will take you to the download page and if you're on saying like Linux you can click Linux it will download the tail scale client on your Linux machine and then that will allow you to you know interact with to tail scale binary so you can see this command here is going to do a pseudo tail scale command and we're Sting the login server to your head scale server and then we're going to pass it an off key and that's what we're going to generate up here okay I hope that makes sense but let's go ahead and do it so we're going to copy this command past that in and we're going to generate this for the user Nick right and we're going to hit enter and you can see there it's just given us that key so now we can authenticate a ser with head scale using this key but we've got our key right so now that other command here which is the login command that we're going to use I've pasted that in so what we need to do is change a couple of things actually we can paste that off key in we also need to change the login server address right so the head scale one so let's come and change this so change that to Tik dosin and we're going to H enter so that's been connected and now this tail scale it's I need to reauthenticate this because me removing tail scale uh when it was already connected on the tail scale client on my MacBook if I click reauthenticate it should also connect to the new server as well so I'm going to hit reauthenticate here but that's connected and I've also just been able to reauthenticate with the Mac OS tail scale client and that's also connected so under devices I should see the sandbox now and they should all both show up in the head scale server as well so if I do a docket exit head scale and then head scale again nodes LS we've got both of those showing up now so they're all connected and now we can all talk to each other just like I was showing you at the start of this video right that is adding head scale I wanted to keep it short and just straight to the point for setting up just you know head scale with a VPN and just working and then if you want you can now add in the configuration file you know identity provider if you have one custom DNS if you want one Access Control list all of that good stuff you can now configure but I just wanted to get you into a good spot of understanding how head scale works I also didn't cover head scale UI in this video and the main reason for that is I think it's beneficial um and fundamental that you understand how H scale works just by itself right before you slap a UI on there um and the way the UI works is allows you to do a lot of like the user creation and stuff like that with a goey interface rather than the command line but I think it's good you understand how works at a command line level you never know if the UI breaks or whatever you still need to know how to use your head scale server but that's the video thank you so much for watching um also thank you so much for all the support lately we have hit 10,000 subscribers which is awesome um we'll just keep going and see how far we can go with it it's awesome uh if you get stuck any questions just want to have a chat YouTube comments or the Discord link is in the description for the Discord Channel I will see you there if you need it uh thank you so much for all the support I will see you in the next video goodbye [Music]

Info

Channel: Techdox

Views: 3,211

Rating: undefined out of 5

Keywords: how to, docker, headscale, headscale docker, docker compose, how to use tailscale, how to use tailscale on windows, tailscale how to, headscale set up, docker how to, how to use tailscale on android, how to install wordpress in docker, how to setup a vpn, how to setup tailscale, how to setup tailscale on windows, headscale setup, how to setup tailscale on linux, headscale tutorial, how to use tailscale on linux, how to make a minecraft server, wireguard vpn headscale

Id: bRD-i6Cj4z4

Channel Id: undefined

Length: 15min 19sec (919 seconds)

Published: Sun Jun 02 2024