This repository contains the configuration files for deploying a self-hosted Headscale control server with Traefik as a reverse proxy and Cloudflare for TLS.
- A Linux VPS or local server.
- Docker and Docker Compose installed.
- A domain name (FQDN) pointing to your server IP.
-
Clone the repository
git clone https://github.com/tkjskanesga/headscale-config.git ./headscale cd headscale -
Configure Headscale: Edit
headscale/config/config.ymland update theserver_urlwith your domain:# # https://myheadscale.example.com:443 # server_url: http://127.0.0.1:8080 # > Change this! like https://tailscale.example.com # Address to listen to / bind to on
View more configuration on original repository
-
Configure Traefik: Edit
traefik/traefik.ymland set your email address for TLS certificate registration. -
Set Cloudflare Secrets: Go to the
secrets/folder and update the following files:cloudflare_email: Enter your Cloudflare account email.cloudflare_api: Enter your Cloudflare API Token (Global or Scoped).
-
Deploy.
docker-compose up -d
-
Setup Dashboard & API: Access your dashboard to set up your username and password. If you need an API key for the dashboard/integration, run:
docker exec -it headscale headscale apikey create -expiration 7510d # 7510 days
-
Done! 🎉