Headscale docker-compose config for Traefik HTTPS reverse proxy

This config is based on our previous post How to setup headscale server in 5 minutes using docker-compose and our Traefik configuration with Cloudflare wildcard certs (see Simple Traefik docker-compose setup with Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 challenges)

version: '3.5'
services:
  headscale:
    image: headscale/headscale:latest
    volumes:
      - ./config:/etc/headscale/
      - ./data:/var/lib/headscale
    ports:
      # - 27896:8080
      - 9090:9090
      - 3478:3478/udp
    command: headscale serve
    restart: unless-stopped
    depends_on:
      - postgres
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.headscale.rule=Host(`headscale.mydomain.com`)"
      - "traefik.http.routers.headscale.entrypoints=websecure"
      - "traefik.http.routers.headscale.tls.certresolver=cloudflare"
      - "traefik.http.routers.headscale.tls.domains[0].main=mydomain.com"
      - "traefik.http.routers.headscale.tls.domains[0].sans=*.mydomain.com"
      - "traefik.http.services.headscale.loadbalancer.server.port=8080"

  postgres:
    image: postgres:14
    restart: unless-stopped
    volumes:
      - ./pg_data:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}

 

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow