https://github.com/fredliang44/derper-docker
tailscale‘s selfhosted derp-server docker image
https://github.com/fredliang44/derper-docker
amd64 arm64 derp derper docker tailscale
Last synced: 25 days ago
JSON representation
tailscale‘s selfhosted derp-server docker image
- Host: GitHub
- URL: https://github.com/fredliang44/derper-docker
- Owner: fredliang44
- License: gpl-3.0
- Created: 2021-09-25T09:50:14.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-12-27T12:45:43.000Z (4 months ago)
- Last Synced: 2025-04-09T17:14:18.155Z (25 days ago)
- Topics: amd64, arm64, derp, derper, docker, tailscale
- Language: Dockerfile
- Homepage: https://tailscale.com/kb/1118/custom-derp-servers/
- Size: 31.3 KB
- Stars: 361
- Watchers: 4
- Forks: 85
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-starred - fredliang44/derper-docker - tailscale‘s selfhosted derp-server docker image (docker)
README
# Derper
[](https://hub.docker.com/r/fredliang/derper)
[](https://hub.docker.com/r/fredliang/derper)
[](https://hub.docker.com/r/fredliang/derper/tags)# Setup
> required: set env `DERP_DOMAIN` to your domain
```bash
docker run -e DERP_DOMAIN=derper.your-domain.com -p 80:80 -p 443:443 -p 3478:3478/udp fredliang/derper
```| env | required | description | default value |
| ------------------- | -------- | ---------------------------------------------------------------------- | ----------------- |
| DERP_DOMAIN | true | derper server hostname | your-hostname.com |
| DERP_CERT_DIR | false | directory to store LetsEncrypt certs(if addr's port is :443) | /app/certs |
| DERP_CERT_MODE | false | mode for getting a cert. possible options: manual, letsencrypt | letsencrypt |
| DERP_ADDR | false | listening server address | :443 |
| DERP_STUN | false | also run a STUN server | true |
| DERP_STUN_PORT | false | The UDP port on which to serve STUN. | 3478 |
| DERP_HTTP_PORT | false | The port on which to serve HTTP. Set to -1 to disable | 80 |
| DERP_VERIFY_CLIENTS | false | verify clients to this DERP server through a local tailscaled instance | false |
| DERP_VERIFY_CLIENT_URL | false | if non-empty, an admission controller URL for permitting client connections | "" |# Usage
Fully DERP setup offical documentation: https://tailscale.com/kb/1118/custom-derp-servers/
## Client verification
In order to use `DERP_VERIFY_CLIENTS`, the container needs access to Tailscale's Local API, which can usually be accessed through `/var/run/tailscale/tailscaled.sock`. If you're running Tailscale bare-metal on Linux, adding this to the `docker run` command should be enough: `-v /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock`