congsh/Arch1Panel
1
0
Fork 0
mirror of https://github.com/arch3rPro/1Panel-Appstore.git synced 2026-04-24 22:37:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(tailscale): 添加 Tailscale 应用配置和文档

Browse Source 
添加 Tailscale 应用的完整配置,包括:
- 基础数据配置 (data.yml)
- Docker Compose 部署文件
- 详细的中英文使用文档
- 应用 logo 图片

支持通过认证密钥或交互式登录两种认证方式,并提供子网路由、出口节点等高级功能配置
This commit is contained in:
arch3rPro
2026-04-24 11:54:16 +08:00
parent b8cffca85a
commit ce660b2674
8 changed files with 433 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
apps/tailscale/README_en.md Normal file
View File

@@ -0,0 +1,112 @@
# Tailscale
The easiest, most secure way to use WireGuard. Tailscale enables you to create secure mesh networks that connect your devices together, no matter where they are located.
## Features
- **WireGuard-based**: Uses modern WireGuard protocol for high performance and strong security
- **Automatic NAT Traversal**: Automatically handles complex network environments for direct device connections
- **Zero Configuration**: No manual setup required, just login and use
- **End-to-End Encryption**: All communications are encrypted end-to-end
- **Multi-Platform Support**: Supports Linux, Windows, macOS, iOS, Android and more
- **Subnet Routing**: Route entire subnets to your Tailscale network
- **Magic DNS**: Automatically assigns friendly DNS names to devices
- **Access Control**: Fine-grained access control policies
## Usage Instructions
### Authentication Methods
Tailscale supports two authentication methods:
#### Method 1: Using Auth Key (Recommended)
1. Visit [Tailscale Admin Console](https://login.tailscale.com/admin/settings/keys)
2. Click "Generate auth key" to create an authentication key
3. Copy the generated key and fill it in the "Tailscale Auth Key" field during deployment
4. Authentication completes automatically after deployment
**Note**: Auth keys have an expiration time, please use them as soon as possible after generation.
#### Method 2: Interactive Login
1. Leave the "Tailscale Auth Key" field empty during deployment
2. After deployment, click the "Terminal" button for the "Tailscale" container in 1Panel
3. Execute the following command in the terminal:
```bash
tailscale up
```
4. The command will output an authentication URL, copy it to your browser
5. Log in to your Tailscale account and authorize the device
6. After successful authentication, the container will automatically connect to the Tailscale network
### Deployment Parameters
- **Tailscale Auth Key** (Optional): Authentication key from admin console, leave empty for interactive login
- **Userspace Mode**:
- `false` (Recommended): Use kernel networking mode for better performance
- `true`: Use userspace networking mode for better compatibility
- **Subnet Routes** (Optional): Subnets to advertise, e.g., `192.168.1.0/24,10.0.0.0/8`
- **Accept DNS**: Whether to accept Tailscale DNS configuration
- **Extra Args** (Optional): Additional arguments for tailscale up command, e.g., `--accept-routes`
### Post-Deployment Steps
1. After deployment, visit [Tailscale Admin Console](https://login.tailscale.com/admin/machines) to check device status
2. Install Tailscale clients on other devices and login with the same account
3. Devices can access each other via Tailscale IP or MagicDNS names
### Advanced Configuration
#### Configure Subnet Router
If you want to route your local network to Tailscale:
1. Fill in the subnets to advertise in `Subnet Routes` parameter, e.g., `192.168.1.0/24`
2. Approve the subnet route in admin console after deployment
3. Other Tailscale devices can then access devices in that subnet
#### Configure Exit Node
Configure Tailscale as an exit node to allow other devices to access the internet through it:
1. Add `--advertise-exit-node` to `Extra Args` parameter
2. Approve the exit node in admin console after deployment
3. Other devices can choose to use this exit node
#### First-Time Authentication Only
If you want to use the auth key only on first startup and use existing state on subsequent starts:
- Set environment variable `TS_AUTH_ONCE=true` (needs to be manually added in docker-compose.yml)
### Data Directory
Application data is stored in `./data/var/lib` directory, containing Tailscale state information. This directory is automatically mounted to `/var/lib` in the container.
## Environment Variables
- `TS_AUTHKEY`: Tailscale authentication key (optional, supports interactive login)
- `TS_USERSPACE`: Whether to use userspace networking mode
- `TS_STATE_DIR`: State file storage directory (fixed to /var/lib)
- `TS_ROUTES`: Subnet routes to advertise
- `TS_ACCEPT_DNS`: Whether to accept Tailscale DNS configuration
- `TS_EXTRA_ARGS`: Additional arguments for tailscale up command
- `TS_AUTH_ONCE`: Whether to authenticate only on first start (default false)
## Notes
- Requires `privileged` mode and `NET_ADMIN`, `SYS_MODULE` capabilities
- Uses `host` network mode to directly manage network interfaces
- Requires access to `/dev/net/tun` device
- A valid auth key or interactive login is required for first run
- Recommended to allow UDP port 41641 (WireGuard default port) in firewall
- Container restart policy is fixed to `always`, managed by 1Panel
## Links
- Website: https://tailscale.com
- GitHub: https://github.com/tailscale/tailscale
- Documentation: https://tailscale.com/kb
- Admin Console: https://login.tailscale.com/admin
- Downloads: https://tailscale.com/download