From f76fe705e3b81a2bc59c93abdb436b68f9a32295 Mon Sep 17 00:00:00 2001 From: fede <63209974+fedefreue@users.noreply.github.com> Date: Tue, 24 Jan 2023 09:07:09 -0500 Subject: [PATCH 1/2] Adding NGINX Proxy Manager and config.yaml changes --- README.md | 2 +- documentation/configuration.md | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f0643c2..e632f71 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ services: # - 9443:443 ``` -Headscale UI serves on port 443 and uses a self signed cert by default. +Headscale UI serves on port 443 and uses a self signed cert by default. You will need to add a `config.yaml` file under your `container-config` folder so that `headscale` has all of the required settings declared. An example from the official `headscale` repo is [here](https://github.com/juanfont/headscale/blob/main/config-example.yaml). ### Additional Docker Settings The docker container lets you set the following settings: diff --git a/documentation/configuration.md b/documentation/configuration.md index f56fbef..94764aa 100644 --- a/documentation/configuration.md +++ b/documentation/configuration.md @@ -51,3 +51,34 @@ services: - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik/certificates:/certificates ``` + +# NGINX Proxy Manager Configuration + +If running Headscale and Headscale UI outside of a consolidated docker-compose file (as above), NGINX Proxy Manager is another easy way to run all three. NGINX Proxy Manager is an easy way to run Headscale and Headscale UI behind a reverse proxy that can manager SSL certs automatically. This assumes the following: + +1. Headscale is set up on your Docker host (or another location you can route to) per the instructions [here](https://github.com/juanfont/headscale). +2. NGINX Proxy Manager is running and you can use it to generate SSL certificates. More information on NGINX Proxy Manager are [here](https://github.com/NginxProxyManager/nginx-proxy-manager). + +Use this simplified docker-compose file to run headscale-ui: + +```yaml +version: '3.5' +services: + headscale-ui: + image: ghcr.io/gurucomputing/headscale-ui:latest + restart: unless-stopped + container_name: headscale-ui + ports: + - 8443:443 # Use the port of your choice, but map it to 443 on the container +``` + +Once all three services are running, set up Headscale and Headscale UI _by creating a proxy host_: + +1. Details: Enter the FQDN you will be using for Headscale and Headscale UI, and enable Websockets Support and Block Common Exploits. +2. SSL: Select or create the SSL certificate you'll be using for the entire FQDN where both will run. Make sure to enable Force SSL, HTTP/2 Support, HSTS and HSTS Subdomains. +3. Advanced: In the text box, add the following to manage the Headscale UI path properly: + ```json + location /web/ { + proxy_pass https://132.145.201.160:8443/web/; + } + ``` \ No newline at end of file From c397493eec59612103253ab67205428baf8861b1 Mon Sep 17 00:00:00 2001 From: fede <63209974+fedefreue@users.noreply.github.com> Date: Tue, 24 Jan 2023 09:15:14 -0500 Subject: [PATCH 2/2] Additional update --- documentation/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/configuration.md b/documentation/configuration.md index 94764aa..a25adee 100644 --- a/documentation/configuration.md +++ b/documentation/configuration.md @@ -79,6 +79,6 @@ Once all three services are running, set up Headscale and Headscale UI _by creat 3. Advanced: In the text box, add the following to manage the Headscale UI path properly: ```json location /web/ { - proxy_pass https://132.145.201.160:8443/web/; + proxy_pass https://XXX.XXX.XXX.XXXX:port/web/; } ``` \ No newline at end of file