Quickstart script

[prom3theu5]

Headscale Quickstart script

Would it be beneficial to include quick start docker scripting that setups up a base instance of headscale, containerised along with headscale-ui, and expose them through Caddy?

I have one I use here: https://github.com/SimCubeLtd/headscale-quickstart, which when running will allow you to be setup in about 2 mins

It's interactive similar to the Netmaker quick-start, only it deploys 3 containers: Headscale, Headscale-ui and Caddy, and I massively prefer this project over netmaker.

Base config is UI and Headscale running on http, with them both exposed through Caddy which will setup TLS with a requested cert at startup (based on either the custom email address you add during the script execution that it will ask you for, or the random email address it automatically generates during install - This SSL cert comes from ZeroSSL, but it could come from lets encrypt too)

sudo wget -qO ./headscale-quickstart.sh https://raw.githubusercontent.com/SimCubeLtd/headscale-quickstart/main/headscale-quickstart.sh && sudo chmod +x ./headscale-quickstart.sh && sudo ./headscale-quickstart.sh

After running, you'd copy and past the create apikey command, and then paste that api key into the web dashboard settings page

[kradalby]

This is out of scope for this project, we do not support Docker or Reverse proxies (caddy).

[prom3theu5]

Strange as you have a k3s example lol Not everyone wants to have a droplet running a k8s runtime

no drama :P

[kradalby]

Those examples are unsupported and community organised, but I agree, it was a week moment.

Happy for you to contribute your script to the unsupported section, but we often find that we end up supporting them, and we are therefore sceptical.

[PizzaProgram]

Get an API key:

After the script finished, an API key must be created to be able to log in from the UI.

• The format is: docker exec <headscale container> headscale apikeys create -e <expire-interval>

So for this docker you need to run this line on the server to get one:

• docker exec headscale headscale apikeys create -e 9999d (9999d = 27 years)

Additional infos:

• This auto-install script is creating a docker for THIS UI . (Not the most-contributed one.)

• You need to create both api.<yourdomain> and dashboard.<yourdomain> domains, because * wildcard may not work with your DNS provider

• The ZeroSSL may not be able to create / process your SSL by Caddy, because it needs the ZeroSSL API Key, which you can get if you log in to zeroSSL Developer menu , copy and insert to caddyfile at: cert_issuer zerossl <your-API-key>

• I've also added EAB too to make sure it works:

  {
  cert_issuer zerossl <zero-ssl-api-key>
  # ZeroSSL account
  acme_ca https://acme.zerossl.com/v2/DV90
  email info@my-email-address.xyz
  acme_eab {
      key_id <zero-ssl-key_id>
      mac_key <zero-ssl-mac_key>
  }
  }

[PizzaProgram]

Personal experience:

• This script did everything in 1 minute !! AWESOME 👍 (I've tried to install headscale + UI + Caddy and configure them manually for a week long before, but did not succeed.)

Recommendation for improvements:

1. The script should ask for if not generating a random-domain.

2. For me: the final "Headscale setup is now complete. ... " part did not show. (After showing "Testing Caddy setup (please be patient, this may take 1-2 minutes)" ... the script exited immediately) But it is working!

3. Should call the docker exec headscale headscale apikeys create -e 9999d line itself to generate the necessary API key.

4. Maybe the other UI would be better.

   • or both ? +1 docker would not hurt.