Deploy Headscale using a "serverless" immutable docker image with real-time Litestream database backup and (by default) inbuilt Caddy SSL termination, using a miniscule Alpine Linux base image. Provides a stateless headscale-admin panel at /admin/.
| Tool | Version |
|---|---|
Alpine Linux |
v3.21.3 |
Headscale |
v0.25.1 |
Headscale-Admin |
v0.25.5 |
Litestream |
v0.3.13 |
Caddy |
v2.9.1 |
Because of the mix of upstream tools included, this project will be tagged using semantic versioning - YYYY.MM.REVISION.
All development should be done against the develop branch, main is deemed "stable".
- Cloudflare DNS for ACME
DNS-01authentication (Can be deliberately disabled to useHTTP-01authentication instead, or HTTPS can be disabled entirely if you plan to use an external termination point.) - S3(Alike)/Azure for Litestream (Can be deliberately disabled for full ephemerality, or if you plan to use persistent storage)
Populate your environment variables according to templates/secrets.template.env
The container entrypoint script will guide you on any errors.
Once app is deployed and green, generate an API Key in order to use the admin interface.
headscale apikeys createNavigate to the admin gui on /admin/ and set up your groups, ACLs, tags etc.
Now that Headscale is running, to have a 100% reproducible setup we need to ensure that private noise key generated during installation is persisted. Within the same console from previous step, print out the server's key:
cat /data/noise_private.keyThen set HEADSCALE_NOISE_PRIVATE_KEY to the value obtained above.
Note that applying this will cause your application to restart, but afterwards no other change will be necessary.
- Azure Container Apps
- Fly.io
- ??? Let us know!