{"id":27185252,"url":"https://github.com/tijjjy/tailscale-derp-docker","last_synced_at":"2025-04-09T17:14:27.039Z","repository":{"id":65220287,"uuid":"588416071","full_name":"tijjjy/Tailscale-DERP-Docker","owner":"tijjjy","description":"Docker container to self host Tailscale DERP server","archived":false,"fork":false,"pushed_at":"2024-07-29T07:16:06.000Z","size":34,"stargazers_count":86,"open_issues_count":2,"forks_count":31,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-09T17:14:20.594Z","etag":null,"topics":["derp","derper","docker","selfhost","tailscale"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tijjjy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-13T03:59:32.000Z","updated_at":"2025-03-31T13:38:27.000Z","dependencies_parsed_at":"2023-02-14T07:00:35.950Z","dependency_job_id":"282a6593-283e-4836-91f9-3c48a9c9fbc3","html_url":"https://github.com/tijjjy/Tailscale-DERP-Docker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijjjy%2FTailscale-DERP-Docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijjjy%2FTailscale-DERP-Docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijjjy%2FTailscale-DERP-Docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijjjy%2FTailscale-DERP-Docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tijjjy","download_url":"https://codeload.github.com/tijjjy/Tailscale-DERP-Docker/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248074925,"owners_count":21043490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["derp","derper","docker","selfhost","tailscale"],"created_at":"2025-04-09T17:14:26.308Z","updated_at":"2025-04-09T17:14:27.031Z","avatar_url":"https://github.com/tijjjy.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Introduction\n\nThe aim of this repository is to create a simple and easy to use docker container with minimal setup to run your own Tailscale DERP server.  \n\nThere is two parts to the container, the tailscale client itself and the DERP server. The tailscale client is used to connect the container to your tailnet as it's own device, this allows the --verify-clients argument to be set on the derp server, this is so only devices in your own tailnet can use the DERP server, allowing it to the open internet in my opinion is a bad idea. \n\nPlacing this DERP server at a closer geolocation than the default DERP servers to all of your devices can and will be beneficial for connections speeds between your devices that can't make a direct connection or at least struggle too.  \n\nThis is scalable, just build and run the container on servers in different countries if need be.  \n\nMy recommendation for the tailscale auth key to key an non-ephemeral key and once the device is connected disable the key expiry otherwise you will need to go back every now and then to renew it.\n\nThe container was built and tested on Ubuntu 22 5.19.0-28-generic. It's docker so it will most likely work on other distros as well.\n\n# Container\n\nThe container is setup to pull the latest version of the DERPER application and the latest version of Tailscale each time you build the container.\n\nTo rebuild with the latest version simple run the following commands\n```bash\ndocker rmi tailscale-derp-docker:1.0\ndocker build . -t tailscale-derp-docker:1.0\n```\n\n# Github Container Registry\n\nIf you don't want to build the container, you can simply using the pre-built container I have added to the github container registry.\n\nUsing the docker-compose.yml file, simply change this line\n```\nimage: tailscale-derp-docker:1.0\n```\nTo the following,\n```\nimage: ghcr.io/tijjjy/tailscale-derp-docker:latest\n```\n\nThere is a github actions workflow setup to build and publish a new container every roughly every 10 days so the tailscale version will be matching whichever version is available here https://pkgs.alpinelinux.org/package/edge/community/x86/tailscale\n\n# Instructions\n\nInstructions can be followed below or you can find a more detailed walkthrough on my blog. [https://tijjjy.me/2023-01-22/Self-Host-Tailscale-Derp-Server](https://tijjjy.me/2023-01-22/Self-Host-Tailscale-Derp-Server)\n\n### Ports Required\n\nTo allow full functionality of the DERP server, you will need to open/allow the following ports on your Firewall/Security Group\n\n```\n80:80/tcp\n443:443/tcp\n3478:3478/udp\n```\n\nPort 3478 is for STUN\n\n### Changing the .env file variables\n\n**IMPORTANT STEP**\n\nChange the variables below, most importantly the hostname and tailscale auth key variable.  \nMake sure the hostname is correct in your DNS zone or you will get an error when attempting to request a letsencrypt certificate\n\n```\nTAILSCALE_DERP_HOSTNAME=derp.example.com\nTAILSCALE_DERP_VERIFY_CLIENTS=true\nTAILSCALE_DERP_CERTMODE=letsencrypt\nTAILSCALE_AUTH_KEY=\"ENTER YOUR TAILSCALE AUTH KEY HERE\"\n```\n\n### Building Docker Image\n```\ndocker build . -t tailscale-derp-docker:1.0\n```\n### Starting the image\n```\ndocker compose up -d\n```\n\n### Checking containers logs\n\nAll processes and scripts are set to direct logs to stdout run the below command to monitor the container logs\n\n```\ndocker logs -f tailscale-derp\n```\n\n# Changing the Tailscale ACL\n\nOnce your Tailscale DERP server is operational and you can see the new device in the devices section of the Tailscale admin console, You need to change your ACL to only allow the use of your DERP server and omit out the default Tailscale servers. This can be done by adding the following config at the bottom of your ACL file.\n\n```\n\t\"derpMap\": {\n\t\t\"OmitDefaultRegions\": true,\n\t\t\"Regions\": {\n\t\t\t\"900\": {\n\t\t\t\t\"RegionID\":   900,\n\t\t\t\t\"RegionCode\": \"myderpserver\",\n\t\t\t\t\"Nodes\": [\n\t\t\t\t\t{\n\t\t\t\t\t\t\"Name\":     \"1\",\n\t\t\t\t\t\t\"RegionID\": 900,\n\t\t\t\t\t\t\"HostName\": \"derp.example.com\",\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t},\n\t\t},\n\t},\n```\n\nMore information can be found here [Tailscale DERP server docs](https://tailscale.com/kb/1118/custom-derp-servers/) on setting this config.  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftijjjy%2Ftailscale-derp-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftijjjy%2Ftailscale-derp-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftijjjy%2Ftailscale-derp-docker/lists"}