search

fredliang44 / derper-docker

tailscale‘s selfhosted derp-server docker image
https://tailscale.com/kb/1118/custom-derp-servers/
GNU General Public License v3.0
294 stars 75 forks source link

Issue with `DERP_VERIFY_CLIENTS` #12

Open YueMiyuki opened 5 months ago

YueMiyuki commented 5 months ago

When I enable DERP_VERIFY_CLIENTS and mount the tailscale socket, the log spams:

2024/05/09 13:53:09 derp: 192.168.1.1:33204: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:11 derp: 182.239.114.237:18604: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:22 derp: 39.144.44.249:28107: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:31 derp: 39.144.44.249:28110: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:33 derp: 182.239.114.237:5269: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:33 derp: 39.144.44.249:28111: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:34 derp: 182.239.114.237:5270: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:35 derp: 192.168.1.1:37602: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:46 derp: 39.144.44.249:28120: client 6e6f64656b65793a64623934633866613833303739363332653562646639383030353137623437353539326435376261623463653038343435346162643339646366313763653763 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:48 derp: 192.168.1.1:58130: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:49 derp: 182.239.114.237:18606: client 6e6f64656b65793a64316361636365353235343863303031393437336361393230636439633832616334366630383866323937383536386166326232383666303835656239333662 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:53:56 derp: 192.168.1.1:58136: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:54:04 derp: 192.168.1.1:41912: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused
2024/05/09 13:54:12 derp: 192.168.1.1:54770: client 6e6f64656b65793a38363561646163373162613765313461366266646161616666393336356338303233633966353363386134646532386637613536316262306532313562623331 rejected: failed to query local tailscaled status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: connection refused

Local tailscale is up and running

Command for starting the container:

 docker run -d -p 80:80 -p 443:443 -p 3478:3478/udp --name derper --restart=unless-stopped -v ./derper/certs:/app/certs -v /var/run/tailscale/tailscaled.sock:/var/run/tailscale/tailscaled.sock -e DERP_ADDR=":443" -e DERP_VERIFY_CLIENTS=true -e DERP_DOMAIN="derper.my-domain" fredliang/derper
YueMiyuki commented 5 months ago

Also having these problems even without Verify clients.... Pls help :(

image

lingbaoboy commented 4 months ago

一样的问题,目前使用高位端口就当加密了

northsea4 commented 4 months ago

根据我这前些天瞎折腾所得:

  1. 必须映射tailscaled.sock到容器,我映射的是目录: /var/run/tailscale:/var/run/tailscale
  2. 如果主机的tailscaled服务重启了,容器也需要重启
  3. 我没有遇到connection refused,但遇到了invalid 'addr' parameterhttps://github.com/tailscale/tailscale/issues/12465 ,我认为是已安装的tailscale版本不支持验证nodekey:xxx这种凭据信息,于是我直接clone了tailscale仓库并自行编译了tailscale和tailscaled,测试可行。不过说明一下,我使用的是 yangchuansheng/ip_derper
northsea4 commented 4 months ago

测试tailscale是否支持验证nodekey:xxx:

curl --unix-socket /var/run/tailscale/tailscaled.sock "http://local-tailscaled.sock/localapi/v0/whois?addr=nodekey%3Axxx"

如果支持验证,则结果为 invalid nodekey in 'addr' parameter,否则会是 invalid 'addr' parameter。 如果替换 xxx 为真实且有效的设备的key,则会显示设备信息(json)。

Calcifer97 commented 4 months ago

根据我这前些天瞎折腾所得:

  1. 必须映射tailscaled.sock到容器,我映射的是目录: /var/run/tailscale:/var/run/tailscale
  2. 如果主机的tailscaled服务重启了,容器也需要重启
  3. 我没有遇到connection refused,但遇到了invalid 'addr' parametercmd/tailscaled, derper: add cheaper derp --verify-clients lookup method tailscale/tailscale#12465 ,我认为是已安装的tailscale版本不支持验证nodekey:xxx这种凭据信息,于是我直接clone了tailscale仓库并自行编译了tailscale和tailscaled,测试可行。不过说明一下,我使用的是 yangchuansheng/ip_derper

我也遇到了这个问题,我使用了旧版的ip_derper可以运行了,应该需要等待tailscaled更新下

Calcifer97 commented 4 months ago

https://github.com/tailscale/tailscale/issues/12558