This config is based on our previous post How to setup headscale server in 5 minutes using docker-compose and our Traefik configuration with Cloudflare wildcard certs (see Simple Traefik docker-compose setup with Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 challenges)
version: '3.5' services: headscale: image: headscale/headscale:latest volumes: - ./config:/etc/headscale/ - ./data:/var/lib/headscale ports: # - 27896:8080 - 9090:9090 - 3478:3478/udp command: headscale serve restart: unless-stopped depends_on: - postgres labels: - "traefik.enable=true" - "traefik.http.routers.headscale.rule=Host(`headscale.mydomain.com`)" - "traefik.http.routers.headscale.entrypoints=websecure" - "traefik.http.routers.headscale.tls.certresolver=cloudflare" - "traefik.http.routers.headscale.tls.domains[0].main=mydomain.com" - "traefik.http.routers.headscale.tls.domains[0].sans=*.mydomain.com" - "traefik.http.services.headscale.loadbalancer.server.port=8080" postgres: image: postgres:14 restart: unless-stopped volumes: - ./pg_data:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - POSTGRES_DB=${POSTGRES_DB} - POSTGRES_USER=${POSTGRES_USER}