用于 Traefik HTTPS 反向代理的 Headscale docker-compose 配置

此配置基于我们之前的文章如何使用 docker-compose 在 5 分钟内设置 headscale 服务器和我们的 Traefik 配置与 Cloudflare 通配符证书(参见简单 Traefik docker-compose 设置与 Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 挑战

headscale-docker-compose.yml
services:
  headscale:
    image: headscale/headscale:latest
    volumes:
      - ./config:/etc/headscale/
      - ./data:/var/lib/headscale
    ports:
      # - 27896:8080
      - 9090:9090
      - 3478:3478/udp
    command: serve
    restart: unless-stopped
    depends_on:
      - postgres
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.headscale.rule=Host(`headscale.mydomain.com`)"
      - "traefik.http.routers.headscale.entrypoints=websecure"
      - "traefik.http.routers.headscale.tls.certresolver=cloudflare"
      - "traefik.http.routers.headscale.tls.domains[0].main=mydomain.com"
      - "traefik.http.routers.headscale.tls.domains[0].sans=*.mydomain.com"
      - "traefik.http.services.headscale.loadbalancer.server.port=8080"

  postgres:
    image: postgres:14
    restart: unless-stopped
    volumes:
      - ./pg_data:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}

Check out similar posts by category: Headscale, Networking, VPN