starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-11 20:00:28 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

Headscale failes to acknowledge Peers (Docker) #18

New Issue
Closed
opened 2025-12-29 01:20:10 +01:00 by adam · 3 comments
adam commented 2025-12-29 01:20:10 +01:00
Owner
Copy Link

Originally created by @bharathmsd7 on GitHub (Jul 30, 2021).

Descriptions

Trying to build a docker contianer using the binary from release v0.3.3. But the peer got hanged while connecting to headscale using tailscale up -login-server HEADSCALE_URL --authkey AUTHKEY. Headscale accepts the connection request and list the connected nodes while running headscale -n namespace nodes list, In peer running tailscale status shows logged out.

NOTE : Running headscale in the host machine works fine, only problem is while running it as a container.

Configurations

Using Ubuntu 18.04 as base image, private.key and drep.yaml remains unchanged.
Binary https://github.com/juanfont/headscale/releases/download/v0.3.3/headscale_0.3.3_linux_amd64 used for building this image.

Dockerfile

FROM ubuntu:18.04

COPY private.key    /etc/headscale/private.key
COPY config.json    /etc/headscale/config.json
COPY derp.yaml      /etc/headscale/derp.yaml
COPY entrypoint.sh  /etc/headscale/entrypoint.sh	

COPY headscale   /usr/bin/headscale

ENV TZ UTC
EXPOSE 8000/tcp

WORKDIR /etc/headscale/

ENTRYPOINT ["./entrypoint.sh"]

Config.json

{
    "server_url": "http://127.0.0.1:8000",
    "listen_addr": "0.0.0.0:8000",
    "private_key_path": "private.key",
    "derp_map_path": "derp.yaml",
    "ephemeral_node_inactivity_timeout": "30m",
    "db_type": "postgres",
    "db_host": "headscale-db",
    "db_port": 5432,
    "db_name": "headscale",
    "db_user": "foo",
    "db_pass": "bar",
    "tls_letsencrypt_hostname": "",
    "tls_letsencrypt_listen": ":http",
    "tls_letsencrypt_cache_dir": ".cache",
    "tls_letsencrypt_challenge_type": "HTTP-01",
    "tls_cert_path": "",
    "tls_key_path": "",
    "acl_policy_path": ""
}

Entrypoint.sh

#!/bin/sh

headscale namespaces create namespace
headscale -n namespace preauthkeys create --reusable > /etc/headscale/external/authkey.txt
headscale serve

docker-compose.yaml

version: "3.3"

networks:
  headscale-network:

volumes:
  headscale-db:
  headscale-auth:

services:
  PostgresDB:
    image: postgres:latest
    ports:
      - 5432:5432
    environment:
      - POSTGRES_DB=headscale
      - POSTGRES_USER=foo
      - POSTGRES_PASSWORD=bar
    volumes:
      - headscale-db:/var/lib/postgresql/data
    networks:
      headscale-network:
        aliases:
          - headscale-db

  Headscale-Server:
    image: headscale:ubuntu18.04
    ports:
      - 8000:8000
    volumes:
      - headscale-auth:/etc/headscale/external
    depends_on:
      - PostgresDB
    networks:
      headscale-network:
        aliases:
          - headscale-server
Originally created by @bharathmsd7 on GitHub (Jul 30, 2021). # Descriptions Trying to build a docker contianer using the binary from release v0.3.3. But the peer got hanged while connecting to headscale using `tailscale up -login-server HEADSCALE_URL --authkey AUTHKEY`. Headscale accepts the connection request and list the connected nodes while running `headscale -n namespace nodes list`, In peer running `tailscale status` shows **logged out**. #### NOTE : Running headscale in the host machine works fine, only problem is while running it as a container. ## Configurations Using Ubuntu 18.04 as base image, private.key and drep.yaml remains unchanged. Binary https://github.com/juanfont/headscale/releases/download/v0.3.3/headscale_0.3.3_linux_amd64 used for building this image. ### Dockerfile ```bash FROM ubuntu:18.04 COPY private.key /etc/headscale/private.key COPY config.json /etc/headscale/config.json COPY derp.yaml /etc/headscale/derp.yaml COPY entrypoint.sh /etc/headscale/entrypoint.sh COPY headscale /usr/bin/headscale ENV TZ UTC EXPOSE 8000/tcp WORKDIR /etc/headscale/ ENTRYPOINT ["./entrypoint.sh"] ``` ### Config.json ```json { "server_url": "http://127.0.0.1:8000", "listen_addr": "0.0.0.0:8000", "private_key_path": "private.key", "derp_map_path": "derp.yaml", "ephemeral_node_inactivity_timeout": "30m", "db_type": "postgres", "db_host": "headscale-db", "db_port": 5432, "db_name": "headscale", "db_user": "foo", "db_pass": "bar", "tls_letsencrypt_hostname": "", "tls_letsencrypt_listen": ":http", "tls_letsencrypt_cache_dir": ".cache", "tls_letsencrypt_challenge_type": "HTTP-01", "tls_cert_path": "", "tls_key_path": "", "acl_policy_path": "" } ``` ### Entrypoint.sh ```bash #!/bin/sh headscale namespaces create namespace headscale -n namespace preauthkeys create --reusable > /etc/headscale/external/authkey.txt headscale serve ``` ### docker-compose.yaml ```yaml version: "3.3" networks: headscale-network: volumes: headscale-db: headscale-auth: services: PostgresDB: image: postgres:latest ports: - 5432:5432 environment: - POSTGRES_DB=headscale - POSTGRES_USER=foo - POSTGRES_PASSWORD=bar volumes: - headscale-db:/var/lib/postgresql/data networks: headscale-network: aliases: - headscale-db Headscale-Server: image: headscale:ubuntu18.04 ports: - 8000:8000 volumes: - headscale-auth:/etc/headscale/external depends_on: - PostgresDB networks: headscale-network: aliases: - headscale-server ```
adam closed this issue 2025-12-29 01:20:11 +01:00
adam commented 2025-12-29 01:20:12 +01:00
Author
Owner
Copy Link

@juanfont commented on GitHub (Jul 30, 2021):

Can you check changing the ports in Headscale-Server to 0.0.0.0:8000:8000 ?

@juanfont commented on GitHub (Jul 30, 2021): Can you check changing the ports in `Headscale-Server` to `0.0.0.0:8000:8000` ?
adam commented 2025-12-29 01:20:12 +01:00
Author
Owner
Copy Link

@bharathmsd7 commented on GitHub (Jul 31, 2021):

Changing the server_url in config.json works for me

"server_url": "http://127.0.0.1:8000" to "server_url": "http://0.0.0.0:8000"

After sometime it again fails.

@bharathmsd7 commented on GitHub (Jul 31, 2021): Changing the **server_url** in config.json works for me `"server_url": "http://127.0.0.1:8000"` to `"server_url": "http://0.0.0.0:8000"` After sometime it again fails.
adam commented 2025-12-29 01:20:12 +01:00
Author
Owner
Copy Link

@bharathmsd7 commented on GitHub (Aug 2, 2021):

Is there is any way to find more detailed logs,
becoz in headscale serve it shows just like Successfully authenticated via AuthKey
But in peer tailscale up -login-server HEADSCALE_URL --authkey AUTHKEY got hanged.

@bharathmsd7 commented on GitHub (Aug 2, 2021): Is there is any way to find more detailed logs, becoz in **`headscale serve`** it shows just like **Successfully authenticated via AuthKey** But in peer `tailscale up -login-server HEADSCALE_URL --authkey AUTHKEY` got hanged.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
CLI
DERP
DNS
Nix
OIDC
SSH
bug
database
documentation
duplicate
enhancement
faq
good first issue
grants
help wanted
might-come
needs design doc
needs investigation
no-stale-bot
out of scope
performance
policy 📝
pull-request
Mirrored from GitHub Pull Request
 question
regression
routes
stale
tags
tailscale-feature-gap
well described ❤️
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/headscale#18
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?