Also see our guide on How to setup headscale server in 5 minutes using docker-compose
Assuming you are running your headscale server at https://headscale.mydomain.com and you have already created a namespace named mynamespace, use one of the following methods:
Pre-Authkeys method (recommended)
First, create a pre-authkey token which is valid for 24h on the server:
headscale preauthkeys create -e 24h -n mynamespace
or (docker-compose version)
docker-compose exec headscale headscale preauthkeys create -e 24h -n mynamespace
This will generate a pre-auth key such as 3215a1ce7967c11e8ea844b3e199d3c46f9f5e7b660b48fb which you can send to the user.
Now login on the client using
tailscale up --login-server https://headscale.mydomain.com --authkey 3215a1ce7967c11e8ea844b3e199d3c46f9f5e7b660b48fb
Direct login method
tailscale up --login-server https://headscale.mydomain.com
On the client, this will show you an URL to access using your browser on the headscale server. This will in turn give you a command that you need to run on the host running the headscale container. If running headscale using docker-compose, prepend docker-compose exec headscale to the command and replace NAMESPACE by the name of your namespace.
The only reason why this method is not recommended by me is because it requires back-and-forth interaction between the user and the administrator which I don’t consider practical.