Headscale docker-compose config for Traefik HTTPS reverse proxy
This config is based on our previous post How to setup headscale server in 5 minutes using docker-compose and our Traefik configuration with Cloudflare wildcard certs (seeĀ Simple Traefik docker-compose setup with Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 challenges)
services:
headscale:
image: headscale/headscale:latest
volumes:
- ./config:/etc/headscale/
- ./data:/var/lib/headscale
ports:
# - 27896:8080
- 9090:9090
- 3478:3478/udp
command: serve
restart: unless-stopped
depends_on:
- postgres
labels:
- "traefik.enable=true"
- "traefik.http.routers.headscale.rule=Host(`headscale.mydomain.com`)"
- "traefik.http.routers.headscale.entrypoints=websecure"
- "traefik.http.routers.headscale.tls.certresolver=cloudflare"
- "traefik.http.routers.headscale.tls.domains[0].main=mydomain.com"
- "traefik.http.routers.headscale.tls.domains[0].sans=*.mydomain.com"
- "traefik.http.services.headscale.loadbalancer.server.port=8080"
postgres:
image: postgres:14
restart: unless-stopped
volumes:
- ./pg_data:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}