Skip to content

Commit f8733ad

Browse files
fedefreuerouterino
fedefreue
authored and
routerino
committed
Adding NGINX Proxy Manager and config.yaml changes
1 parent cd316c1 commit f8733ad

File tree

2 files changed

+32
-1
lines changed

2 files changed

+32
-1
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ services:
3030
# - 9443:443
3131
```
3232

33-
Headscale UI serves on port 443 and uses a self signed cert by default.
33+
Headscale UI serves on port 443 and uses a self signed cert by default. You will need to add a `config.yaml` file under your `container-config` folder so that `headscale` has all of the required settings declared. An example from the official `headscale` repo is [here](https://github.com/juanfont/headscale/blob/main/config-example.yaml).
3434

3535
### Additional Docker Settings
3636
The docker container lets you set the following settings:

documentation/configuration.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,3 +51,34 @@ services:
5151
- /var/run/docker.sock:/var/run/docker.sock:ro
5252
- ./traefik/certificates:/certificates
5353
```
54+
55+
# NGINX Proxy Manager Configuration
56+
57+
If running Headscale and Headscale UI outside of a consolidated docker-compose file (as above), NGINX Proxy Manager is another easy way to run all three. NGINX Proxy Manager is an easy way to run Headscale and Headscale UI behind a reverse proxy that can manager SSL certs automatically. This assumes the following:
58+
59+
1. Headscale is set up on your Docker host (or another location you can route to) per the instructions [here](https://github.com/juanfont/headscale).
60+
2. NGINX Proxy Manager is running and you can use it to generate SSL certificates. More information on NGINX Proxy Manager are [here](https://github.com/NginxProxyManager/nginx-proxy-manager).
61+
62+
Use this simplified docker-compose file to run headscale-ui:
63+
64+
```yaml
65+
version: '3.5'
66+
services:
67+
headscale-ui:
68+
image: ghcr.io/gurucomputing/headscale-ui:latest
69+
restart: unless-stopped
70+
container_name: headscale-ui
71+
ports:
72+
- 8443:443 # Use the port of your choice, but map it to 443 on the container
73+
```
74+
75+
Once all three services are running, set up Headscale and Headscale UI _by creating a proxy host_:
76+
77+
1. Details: Enter the FQDN you will be using for Headscale and Headscale UI, and enable Websockets Support and Block Common Exploits.
78+
2. SSL: Select or create the SSL certificate you'll be using for the entire FQDN where both will run. Make sure to enable Force SSL, HTTP/2 Support, HSTS and HSTS Subdomains.
79+
3. Advanced: In the text box, add the following to manage the Headscale UI path properly:
80+
```json
81+
location /web/ {
82+
proxy_pass https://132.145.201.160:8443/web/;
83+
}
84+
```

0 commit comments

Comments
 (0)