Make config example "local dev first"
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
parent
2d79179141
commit
9790831afb
1 changed files with 18 additions and 7 deletions
|
@ -38,7 +38,10 @@ grpc_allow_insecure: false
|
||||||
# Private key used to encrypt the traffic between headscale
|
# Private key used to encrypt the traffic between headscale
|
||||||
# and Tailscale clients.
|
# and Tailscale clients.
|
||||||
# The private key file will be autogenerated if it's missing.
|
# The private key file will be autogenerated if it's missing.
|
||||||
private_key_path: /var/lib/headscale/private.key
|
#
|
||||||
|
# For production:
|
||||||
|
# /var/lib/headscale/private.key
|
||||||
|
private_key_path: ./private.key
|
||||||
|
|
||||||
# The Noise section includes specific configuration for the
|
# The Noise section includes specific configuration for the
|
||||||
# TS2021 Noise protocol
|
# TS2021 Noise protocol
|
||||||
|
@ -47,7 +50,10 @@ noise:
|
||||||
# traffic between headscale and Tailscale clients when
|
# traffic between headscale and Tailscale clients when
|
||||||
# using the new Noise-based protocol. It must be different
|
# using the new Noise-based protocol. It must be different
|
||||||
# from the legacy private key.
|
# from the legacy private key.
|
||||||
private_key_path: /var/lib/headscale/noise_private.key
|
#
|
||||||
|
# For production:
|
||||||
|
# private_key_path: /var/lib/headscale/noise_private.key
|
||||||
|
private_key_path: ./noise_private.key
|
||||||
|
|
||||||
# List of IP prefixes to allocate tailaddresses from.
|
# List of IP prefixes to allocate tailaddresses from.
|
||||||
# Each prefix consists of either an IPv4 or IPv6 address,
|
# Each prefix consists of either an IPv4 or IPv6 address,
|
||||||
|
@ -119,7 +125,10 @@ node_update_check_interval: 10s
|
||||||
|
|
||||||
# SQLite config
|
# SQLite config
|
||||||
db_type: sqlite3
|
db_type: sqlite3
|
||||||
db_path: /var/lib/headscale/db.sqlite
|
|
||||||
|
# For production:
|
||||||
|
# db_path: /var/lib/headscale/db.sqlite
|
||||||
|
db_path: ./db.sqlite
|
||||||
|
|
||||||
# # Postgres config
|
# # Postgres config
|
||||||
# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
|
# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
|
||||||
|
@ -156,7 +165,9 @@ tls_client_auth_mode: relaxed
|
||||||
|
|
||||||
# Path to store certificates and metadata needed by
|
# Path to store certificates and metadata needed by
|
||||||
# letsencrypt
|
# letsencrypt
|
||||||
tls_letsencrypt_cache_dir: /var/lib/headscale/cache
|
# For production:
|
||||||
|
# tls_letsencrypt_cache_dir: /var/lib/headscale/cache
|
||||||
|
tls_letsencrypt_cache_dir: ./cache
|
||||||
|
|
||||||
# Type of ACME challenge to use, currently supported types:
|
# Type of ACME challenge to use, currently supported types:
|
||||||
# HTTP-01 or TLS-ALPN-01
|
# HTTP-01 or TLS-ALPN-01
|
||||||
|
@ -222,9 +233,9 @@ dns_config:
|
||||||
base_domain: example.com
|
base_domain: example.com
|
||||||
|
|
||||||
# Unix socket used for the CLI to connect without authentication
|
# Unix socket used for the CLI to connect without authentication
|
||||||
# Note: for local development, you probably want to change this to:
|
# Note: for production you will want to set this to something like:
|
||||||
# unix_socket: ./headscale.sock
|
# unix_socket: /var/run/headscale.sock
|
||||||
unix_socket: /var/run/headscale.sock
|
unix_socket: ./headscale.sock
|
||||||
unix_socket_permission: "0770"
|
unix_socket_permission: "0770"
|
||||||
#
|
#
|
||||||
# headscale supports experimental OpenID connect support,
|
# headscale supports experimental OpenID connect support,
|
||||||
|
|
Loading…
Reference in a new issue