@
asd999cxcx #7 derper 会校验 SSL 证书和实际访问的 host 能不能对上,不管是自签的证书还是可信任的证书只要能对上就能用。域名不能访问的话,那猜测就是证书的问题了(对不上的话 derper 会直接 drop connection ,我猜日志里 connection was forcibly closed 就是这个原因)。建议你直接暴露 deprer 的端口,不走 nginx 的反代。贴个我的配置
$ cat /etc/systemd/system/tailscale-derp.service
[Unit]
Description=Tailscale derp service
After=network.target
Wants=network-online.target
[Service]
EnvironmentFile=/home/sheey/derp/.env
ExecStart=/home/sheey/go/bin/derper \
-c /home/sheey/derp/derper.conf \
-a :34567 -http-port -1 \
-hostname ${DERP_HOSTNAME} \
--certmode manual \
-certdir /home/sheey/.cache/tailscale/derper-certs \
--verify-clients
Restart=always
User=root
[Install]
WantedBy=multi-user.target
"derpMap": {
// "OmitDefaultRegions": true,
"Regions": {
"900": {
"RegionID": 900,
"RegionCode": "cdu",
"RegionName": "Chengdu",
"Nodes":[
{
"Name":" 900a",
"RegionID": 900,
"DERPPort": 34567,
"STUNPort": 3478,
"HostName": "", // $DERP_HOSTNAME
"IPv4": "",
// "InsecureForTests": true
}
]
}
}
}