Apply suggestions from code review
Thanks for the pointers! Co-authored-by: Juan Font <juanfontalonso@gmail.com>
This commit is contained in:
parent
31662bcd28
commit
45df6e77ff
1 changed files with 8 additions and 4 deletions
|
@ -1,9 +1,13 @@
|
||||||
# Running behind a reverse proxy
|
# Running headscale behind a reverse proxy
|
||||||
|
|
||||||
Running Headscale behind a reverse proxy is suitable for container-based deployments. This is especially useful on a server were port 443 is already being used for other web services.
|
Running headscale behind a reverse proxy is useful when running multiple applications on the same server, and you want to reuse the same external IP and port - usually tcp/443 for HTTPS.
|
||||||
|
|
||||||
### WebSockets
|
### WebSockets
|
||||||
The reverse proxy _must_ be configured to support websockets if you are running headscale 0.17.x+ and tailscale v1.30+.
|
The reverse proxy MUST be configured to support WebSockets, as it is needed for clients running Tailscale v1.30+.
|
||||||
|
|
||||||
|
WebSockets support is required when using the headscale embedded DERP server. In this case, you will also need to expose the UDP port used for STUN (by default, udp/3478). Please check our [config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### TLS
|
### TLS
|
||||||
Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file.
|
Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file.
|
||||||
|
|
Loading…
Reference in a new issue