Tạo giao đồ họa mạng Headscale trên Grafana nhờ exporter mới hỗ trợ toàn bộ các node, user và khóa. Cài đặt dễ dàng qua Prometheus và dashboard. [Nguồn: r/selfhosted]
#selfhosted #Grafana #Headscale #TailNet #Linux #TechVie
*No URLs, only essential info within 500 chars.*
https://www.reddit.com/r/selfhosted/comments/1pieayd/visualizing_your_headscale_network_in_grafana/
Headscale cảnh báo sức khỏe (#Headscale) #Selfhosted Một người dùng trải nghiệm Headscale, có thể kết nối điện thoại và laptop nhưng ứng dụng Android hiện lỗi. Hỏi lỗi do cấu hình sai hay bình thường? #CảnhBáoSứcKhỏe #ThiếtLậpMạng
https://www.reddit.com/r/selfhosted/comments/1phsulw/headscale_health_warnings/
#Câu hỏi về thiết lập mạng nội bộ an toàn với HeadScale và Caddy #HeadScale #Caddy #WireGuard
Bạn có thể sử dụng HeadScale (Tailscale miễn phí) để kết nối thiết bị nội bộ qua HTTPS/Caddy hoặc phân tách đường hầm WireGuard? Đề xuất giải pháp không cần IP công cộng hoặc port-forwarding rủi ro. #SelfHosting #DNS #AnToanMang
.Tags: #Headscale #Tailscale #WireGuard #Caddy #SelfHost #NetworkSetup #DNS #InformationSecurity #TechSupport #NoPublicIP #InternalNetwork
#selfhosting #WireGuard #Headscale #Caddy #ThiếtLậpMạng
Có thể thiết lập HeadScale/Tailscale để truy cập dịch vụ nội bộ trực tiếp từ điện thoại Android mà không làm công khai cổng? Bạn cần:
- Tự cấu hình HeadScale qua WireGuard (yêu cầu IP công khai hoặc Dynamic DNS).
- Kết hợp Caddy làm reverse proxy HTTPS cho dịch vụ nội bộ (trường hợp dùng IP công khai).
- Sử dụng split tunneling WireGuard để hạn chế lưu lượng.
NẾU KHÔNG CÓ IP CÔNG KHAI thì cần dùng dịch vụ tunneling thứ 3 (ngrok,
@tac @david Avec ou sans #Headscale, #Tailscale permet ne granularité dans les permissions. Par exemple, il sera possible d’autoriser le SSH qu’à certaines personnes.
Pour ce qui est protéger les resources privées, j’ai mis deux reverse proxy et des VLANs séparés pour mes services publics et privés. J’ai aussi mis #crowdsec et des règles de firewall.
Certes, très overkill pour mon homelab personnel 😊
@david Pour ton information, j’utilise #pocketid pour l'authentification dans Headscale. C’est un SSO léger qui n’utilise pas de mot de passe, mais seulement des passkeys.
J’ai écrit un billet de blog sur son installation, mais je n’ai pas encore abordé son implémentation dans #headscale.
https://www.lucasjanin.com/2025/06/02/pocket-id-installation-bare-metal-sur-debian
@david Depuis plus d’un an, j’utilise #headscale une implémentation open source auto-hébergé du contrôleur de #tailscale. Cela demande un peu plus de temps mais c’est cela permet de ne pas dépendre des serveurs de Tailscale.
J’ai écrit une série de billets sur mon blog à ce sujet
https://www.lucasjanin.com/2025/01/03/headscale-et-tailscale-dans-un-enviroment-auto-heberge/
Die Kollegen von #Digitec bauen sich aus Open-Source-Komponenten ihre eigene Netzwerkinfrastruktur. Ohne #SaaS und Co.
Mit #Proxmox, #OpenWRT, #Tailscale, #Headscale, #Terraform und #Ansible.
#DigitecGalaxus #DigitaleSouveränität
[Edit: Mangels Artikel-Preview ein Screenshot davon reingepastet]
https://www.digitec.ch/de/page/digitale-souveraenitaet-warum-wir-unseren-devs-mehr-vertrauen-als-big-tech-40316
I must say the #tailscale #mullvad combo is pretty decent.
The fact that #headscale exists is assuring.
I finally updated my #wireguard network, some nodes were missing. I use #tailscale + #headscale 99% of the time these days, but it is always good to have an alternative if I lock myself out for some reason.
Alternatively, I considered #Tailscale / #Headscale .
I prefer to stay with #AlgoVPN IKE2 for now over WireGuard.
The problem is, that too much of Tailscale depends on a vendor. And my exit strategy from Cloudflare is to be in control.
arg je me prend la tête avec Tailscale.com pour créer un nouveau compte hors GAFAM en utilisant OpenID vers #codeberg (la migration d'un compte gmail vers OIDC n'étant pas possible), ça fini par marcher mais je découvre ensuite qu'il faut un compte payant 😭
Le plan personnel avec 3 users a disparu ...
La flemme de migrer vers #headscale https://headscale.net/stable/
@jamie check out #Headscale the #Foss implementation of the tailscale control server.
@yojimbo @zkat I'll just mention that it is possible to run your own control plane for #Tailscale by way of #HeadScale or #IonScale
I really wish I understood how #headscale works. It seems like magic for #selfhosted services where I don’t want to depend on a 3rd party. Tailscale is an awesome service, but I like having a ripcord in case it starts to sour.
Anyone out there have any thoughts on headscale-admin vs headplane?
https://github.com/GoodiesHQ/headscale-admin
Successfully set up a secondary Adguard home and Headscale Derp Server with this dead simple tutorial.
wiki.serversatho.me/en/headscale
Can go to sleep now . Got #immich and #headscale / #tailscale working. I am using a #hetzner arm server . For 5 Euros a month ! Doing my first sync. Performance is outstanding ! Sadly I never thought that I require a gpu in my #homelab . Now I consider to buy a cpu with an igpu to make the machine learning part work. Can I run it without a gpu or does it make no sense ? #
Ghaa, this is so frustrating. I've got a LAN, a #tailscale node in the LAN, another tailscale node elsewhere (remotely). I can ssh into the remote tailscale host from the local host that has the tailscale daemon running, but not from other machines in the LAN.
I have another LAN, very similar to the first LAN. I can ssh into the remote tailscale host just fine from any host in that second LAN.
The #headscale policies are the same for both LANs. I'm sure something is different, but after many hours trying to debug I can't find it.
Tcpdump shows traffic is going out on the tailscale interface on the local host that has the tailscale daemon running in the first LAN, but it's not coming out on the other end.
I'm sure it is some little stupid thing I'm not seeing, but ghaaaaaaaaaaa.
Current status: debating on if I want a VPS or metal for my upcoming #Headscale deploy
