Container's embedded DERP only has STUN port #290

New Issue

adam · 2025-12-29T01:26:14+01:00

adam commented

2025-12-29 01:26:14 +01:00

Originally created by @1itt1eB0y on GitHub (Jul 9, 2022).

config.yml

server_url: https://*.com:8080
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 0.0.0.0:19090
grpc_listen_addr: 0.0.0.0:50443
grpc_allow_insecure: false
private_key_path: /etc/headscale/private.key
ip_prefixes:
  - 10.10.0.0/16
derp:
  server:
    enabled: false
    region_id: 999
    region_code: "headscale"
    region_name: "Headscale Embedded DERP"
    stun_listen_addr: "0.0.0.0:44444"
  paths: ["/etc/headscale/derp.yaml"]
  auto_update_enabled: true
  update_frequency: 5m
disable_check_updates: false
ephemeral_node_inactivity_timeout: 30m
db_type: sqlite3
db_path: /etc/headscale/db.sqlite
tls_client_auth_mode: disabled
tls_cert_path: "/etc/headscale/*.com/fullchain1.pem"
tls_key_path: "/etc/headscale/*.com/privkey1.pem"
log_level: debug
acl_policy_path: ""
dns_config:
  nameservers:
    - 10.10.0.1
  domains: []
  magic_dns: false
  base_domain: lan
unix_socket: /var/run/headscale.sock
unix_socket_permission: "0770"

docker-compose.yml

version: "3"
services:
  headscale:
    container_name: headscale
    restart: always
    environment:
      - TZ=UTC+8
      - GIN_MODE=release
    image: headscale/headscale:latest
    ports:
      - 8080:8080/tcp
      - 10.0.21.1:19090:19090/tcp
      - 44444:44444/udp
    volumes:
      - /root/docker/headscale/config:/etc/headscale/
    command:
      - headscale
      - serve

port status

STUN port is working. I didn't capture a screenshot but it can be found with nmap

Originally created by @1itt1eB0y on GitHub (Jul 9, 2022). config.yml ```yaml server_url: https://*.com:8080 listen_addr: 0.0.0.0:8080 metrics_listen_addr: 0.0.0.0:19090 grpc_listen_addr: 0.0.0.0:50443 grpc_allow_insecure: false private_key_path: /etc/headscale/private.key ip_prefixes: - 10.10.0.0/16 derp: server: enabled: false region_id: 999 region_code: "headscale" region_name: "Headscale Embedded DERP" stun_listen_addr: "0.0.0.0:44444" paths: ["/etc/headscale/derp.yaml"] auto_update_enabled: true update_frequency: 5m disable_check_updates: false ephemeral_node_inactivity_timeout: 30m db_type: sqlite3 db_path: /etc/headscale/db.sqlite tls_client_auth_mode: disabled tls_cert_path: "/etc/headscale/*.com/fullchain1.pem" tls_key_path: "/etc/headscale/*.com/privkey1.pem" log_level: debug acl_policy_path: "" dns_config: nameservers: - 10.10.0.1 domains: [] magic_dns: false base_domain: lan unix_socket: /var/run/headscale.sock unix_socket_permission: "0770" ``` docker-compose.yml ```yaml version: "3" services: headscale: container_name: headscale restart: always environment: - TZ=UTC+8 - GIN_MODE=release image: headscale/headscale:latest ports: - 8080:8080/tcp - 10.0.21.1:19090:19090/tcp - 44444:44444/udp volumes: - /root/docker/headscale/config:/etc/headscale/ command: - headscale - serve ``` port status ![图片](https://user-images.githubusercontent.com/29831189/178110188-e768a8e9-d969-4187-af8a-d4545aa6049f.png) STUN port is working. I didn't capture a screenshot but it can be found with nmap

adam added the bug label 2025-12-29 01:26:14 +01:00

adam closed this issue

2025-12-29 01:26:15 +01:00

adam commented

2025-12-29 01:26:15 +01:00

@kradalby commented on GitHub (Jul 10, 2022):

Hi, can you elaborate what the problem is? I do not understand what is not working.

@kradalby commented on GitHub (Jul 10, 2022): Hi, can you elaborate what the problem is? I do not understand what is not working.

adam commented

2025-12-29 01:26:16 +01:00

@1itt1eB0y commented on GitHub (Jul 10, 2022):

It is simple, the embedded DERP doesn't create a DERP port to accept the DERP connection.

@1itt1eB0y commented on GitHub (Jul 10, 2022): It is simple, the embedded DERP doesn't create a DERP port to accept the DERP connection.

adam commented

2025-12-29 01:26:16 +01:00

@juanfont commented on GitHub (Jul 10, 2022):

The DERP endpoint runs in the same addr:port as the Headscale API.

On Sun, Jul 10, 2022, 15:25 1itt1eB0y @.***> wrote:

It is simple, the embedded DERP doesn't create a DERP port to accept the
DERP connection.

—
Reply to this email directly, view it on GitHub
https://github.com/juanfont/headscale/issues/673#issuecomment-1179728743,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AABMGQ6I5XIEQ3VEPTGRWM3VTLFNJANCNFSM53DO4N3Q
.
You are receiving this because you are subscribed to this thread.Message
ID: @.***>

@juanfont commented on GitHub (Jul 10, 2022): The DERP endpoint runs in the same addr:port as the Headscale API. On Sun, Jul 10, 2022, 15:25 1itt1eB0y ***@***.***> wrote: > It is simple, the embedded DERP doesn't create a DERP port to accept the > DERP connection. > > — > Reply to this email directly, view it on GitHub > <https://github.com/juanfont/headscale/issues/673#issuecomment-1179728743>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AABMGQ6I5XIEQ3VEPTGRWM3VTLFNJANCNFSM53DO4N3Q> > . > You are receiving this because you are subscribed to this thread.Message > ID: ***@***.***> >

adam commented

2025-12-29 01:26:16 +01:00

@1itt1eB0y commented on GitHub (Jul 10, 2022):

OH! Got it 🤣
BTW, can I set the embedded DERP running with -verify-clients or it will run with it by default

@1itt1eB0y commented on GitHub (Jul 10, 2022): OH! Got it 🤣 BTW, can I set the embedded DERP running with `-verify-clients` or it will run with it by default

adam commented

2025-12-29 01:26:16 +01:00

@Houiin commented on GitHub (Oct 26, 2024):

OH! Got it 🤣 BTW, can I set the embedded DERP running with -verify-clients or it will run with it by default

same question... Do you have any answer, bro?

@Houiin commented on GitHub (Oct 26, 2024): > OH! Got it 🤣 BTW, can I set the embedded DERP running with `-verify-clients` or it will run with it by default same question... Do you have any answer, bro?

adam referenced this issue

2025-12-29 02:29:49 +01:00

[PR #290] [MERGED] Add generate private-key command #1363

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#290