方案:使用Docker搭建,公网IP
Dockerfile
1.2.3.4:替换成公网IP
20010:替换成自定义端口
bash
# 构建阶段:编译 derper
FROM golang:1.25-alpine AS builder
WORKDIR /app
# 设置国内 Go 模块代理
ENV GOPROXY=https://goproxy.cn,direct
# 安装 git
RUN apk add --no-cache git
# 下载并编译 derper
RUN go install tailscale.com/cmd/derper@main && \
# 验证是否生成成功
if [ ! -f /go/bin/derper ]; then \
echo "Error: derper binary not found!"; \
exit 1; \
fi
# 运行阶段
FROM alpine:3.20
WORKDIR /app
# 安装 openssl 用于生成自签证书
RUN apk add --no-cache openssl
# 复制编译好的 derper
COPY --from=builder /go/bin/derper /app/derper
# 创建证书目录
RUN mkdir -p /etc/derp/certs && chmod 755 /etc/derp/certs
# 生成自签证书(使用公网IP)
RUN openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-keyout /etc/derp/certs/derp.key -out /etc/derp/certs/derp.crt \
-subj "/CN=1.2.3.4" -addext "subjectAltName=IP:1.2.3.4" && \
# 验证证书是否生成成功
if [ ! -f /etc/derp/certs/derp.crt ] || [ ! -f /etc/derp/certs/derp.key ]; then \
echo "Error: Certificate files not found!"; \
exit 1; \
fi
# 暴露端口
EXPOSE 20010/tcp
# 启动命令
CMD ["/app/derper", "--hostname=1.2.3.4", "--certmode=manual", "--certdir=/etc/derp/certs", "--a=:20010"]docker-compose.yml
bash
version: '3'
services:
my_derp:
build: ./
container_name: my_derp
network_mode: host
restart: always配置Tailscale
登录https://login.tailscale.com/admin/acls/file,配置Access controls,使用"JSON editor",配置如下:
bash
"derpMap": {
"OmitDefaultRegions": true,
"Regions": {
"901": {
"RegionID": 901,
"RegionCode": "Myself",
"RegionName": "Myself Derper",
"Nodes": [
{
"Name":"901a",
"RegionID":901,
"DERPPort":20010,
"IPv4":"公网IP",
"InsecureForTests": true,
},
],
},
},
},验证方法
1、网页访问:https://公网IP:端口,看是否能访问
2、命令行:tailscale netcheck