I'm working on a new blog post about my deployment of #Headscale and #Tailscale in my #homelab for early 2025. I will discuss the differences between a #VPN server and Tailscale, Headscale, Docker Compose configuration, #Headplane, access control through ACL configuration, integration with Nginx Proxy Manager, and more. Please note that I will not cover OIDC authentication yet.
Let me know if you have any specific questions or other topics you would like me to address.
[#]selfhosted #selfhosting
=> More informations about this toot | More toots from lucas3d@mastodon.social
Je finalise un nouveau billet en français pour mon blog sur mon déploiement de #Headscale et #Tailscale dans mon #homelab. #selfhosted #selfhosting #VPN et Tailscale, Headscale, Docker Compose, #Headplane, contrôle d'accès via ACL, intégration avec Nginx Proxy Manager, et plus encore. Je ne couvrirai pas encore l'authentification OIDC.
Faites-moi savoir si vous avez des questions spécifiques ou d'autres sujets que vous aimeriez que j'aborde.
[#]selfhosted #selfhosting
=> More informations about this toot | More toots from lucas3d@mastodon.social
Mon explortation avec #Headscale et #Tailscale est documenté sur mon blog. J'y discute des différences entre un serveur #VPN et Tailscale, Headscale, la configuration de Docker Compose, l'interface #Headplane, le contrôle d'accès via #ACL, l'intégration avec #NginxProxyManager, les nœuds de sortie, les routes et l'installation sur macOS, iOS, Linux, Debian, Proxmox LXC, #Synology NAS et #HomeAssistant.
[#]selfhosted #selfhosting
https://www.lucasjanin.com/2025/01/03/headscale-et-tailscale
=> More informations about this toot | More toots from lucas3d@mastodon.social
My journey with #Headscale and #Tailscale is documented on my blog. I discuss the differences between a #VPN server and Tailscale, Headscale, Docker Compose configuration, #Headplane interface, access control through #ACL, integration with #NginxProxyManager, exit nodes, routes, and installation on macOS, iOS, Linux, Debian, Proxmox LXC, #Synology NAS, and #HomeAssistant.
Note that I will not cover OIDC authentication at this time.
[#]selfhosted #selfhosting #homelab
https://www.lucasjanin.com/2025/01/03/headscale-tailscale/
=> More informations about this toot | More toots from lucas3d@mastodon.social
I updated my #Headscale and #Tailscale blog post with additional information about the Nginx Proxy Manager section (PiHole with wildcard DNS) and an improved ACL diagram that I believe is clearer and more accurate.
English: https://www.lucasjanin.com/2025/01/03/headscale-tailscale-in-a-self-hosted-environment
Français: https://www.lucasjanin.com/2025/01/03/headscale-et-tailscale-dans-un-enviroment-auto-heberge
[#]VPN #Headplane #ACL #NginxProxyManager #Synology #HomeAssistant #selfhosted #selfhosting #homelab
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d Impatient de te lire, tellement que j'ai cru qu'il était publié et j'ai cherché partout 🤣
Rien à voir, au passage j'ai enfin cliqué sur ton lien IMDB, tu as participé à bon nombre de trucs que j'adore !!!
=> More informations about this toot | More toots from lolopb@mastodon.social
@lolopb C’est un teaser pour faire remonter la sauce :-). Il devrait être en ligne cette semaine.
Merci du compliment ! Mais en tant que superviseur, je trouve plus intéressant de travailler sur des projets plus petits mais avec davantage de liberté artistique.
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d Ah sûrement, je me suis contenté de regarder rapidement ce que je connaissais dans la liste 😇
=> More informations about this toot | More toots from lolopb@mastodon.social
@lucas3d looking forward to reading your post! I've been considering using Tailscale as well ... Currently managing #Wireguard for my #homelab (for remote access) manually.
=> More informations about this toot | More toots from ansper08@alphapi.me
@ansper08 By the end of this week, Headscale/Tailscale is the next level compared to WireGuard :-)
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d @ansper08 Will it be published on both English and French at the same time?
=> More informations about this toot | More toots from C_Duv@piaille.fr
@C_Duv @ansper08 It will be published in French first (my native language) and in English the day after (may be shorter depending on my free time).
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d @C_Duv @ansper08 I've been using Tailscale+Headscale for a while AND I'm learning French. Looking forward to reading your post first in French to practice, then in English to see how you implemented ACLs and UI, because I'd probably understand just about 20% of the French🇫🇷 post 😄
=> More informations about this toot | More toots from kiraso@mastodon.online
@lucas3d looking forward to this!
=> More informations about this toot | More toots from beyondwatts@beyondwatts.social
@lucas3d I'm also running a headscale server and enjoying it!
I also implemented oidc with pocket id and this is so cool. Now you can add a new node just with one CLI command and 2 clicks in the browser and authenticate via passkey.
=> More informations about this toot | More toots from 2b@todon.nl
@2b This looks fantastic!
Is there any documentation showing this setup process?
How many nodes do you have on your Tailnet?
On my side, there are only 25.
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d
I'm also running something about 25-30 nodes. For this setup I just go trough the github of pocket-id
https://github.com/stonith404/pocket-id
Its straight forward
And the headplane oidc docker setup is also preconfigured here
https://github.com/tale/headplane/blob/main/docs/integration/Docker.md
=> More informations about this toot | More toots from 2b@todon.nl
@2b Thanks a lot for your advice!
I added this to my long to-do list :-)
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d wow, very extensive!! Merci beaucoup! Will look at it during the weekend. #headscale #Tailscale #homelab
=> More informations about this toot | More toots from ansper08@alphapi.me
@ansper08 Thanks. Happy to help!
Ping me if you need any clarification.
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d are you hosting #headscale inside the homelab or outside?
=> More informations about this toot | More toots from beyondwatts@beyondwatts.social
@beyondwatts My #Headscale runs locally in a Proxmox VM in my homelab. Some people mentioned is safer to do it on a VPS. I will investigate this option, but I love to be fully local :-)
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d
Is head scale a good solution for business/Small office use?
=> More informations about this toot | More toots from alavi@techhub.social
@alavi Yes, perfectly! You can implement OIDC authentication for easy management in your environment. FYI, this part not yet covered by my post.
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d This is really interesting! I'd love to dive deeper into the concept of ACLs with tags and users, but I feel a bit stuck in understanding the whole process. So far, the only ACL I’ve configured is for Tailscale SSH, which lets me easily access all my servers via SSH without the hassle of setting up keys and port forwarding. Do you use Tailscale SSH?
=> More informations about this toot | More toots from 2b@todon.nl
@2b Yes, ACLs can be complicated. But if you follow my example to add tags to nodes and use them to allow specific connections in your Tailnet, it’s a very simple use of ACLs. It works and is easy to configure.
I'm not using Tailscale SSH because many of my services aren't part of my tailnet, so I prefer managed but hands-on, so I have the same methodology for all my services.
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d merci, ça va me permettre de comprendre ce que sont Headscale et Tailscale 👍
=> More informations about this toot | More toots from C_Duv@piaille.fr
@C_Duv Heureux de faire connaître cette solution à d'autres personnes !
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d Hi Lucas, you got some very clean and detailed graphics regarding your network layout. Would you mind sharing what you use to create them?
=> More informations about this toot | More toots from cardes@metalhead.club
@cardes Hi Sebastian, thanks for the compliment. I’m using Freeform, an Apple application available on. macOS, iPadOS and iOS.
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d Love it.
2 notes: move headscale on a VPS with static IP and move away from NPM if possible.
=> More informations about this toot | More toots from pax0707@mastodon.social
@lucas3d And zabbix proxy on that same VPS for remote monitoring. Very useful
=> More informations about this toot | More toots from pax0707@mastodon.social
@pax0707 Thanks for the advice.
What’s the monthly cost of a VPS running just Headscale and a Zabbix agent?
I suppose you don't like NPM for security reasons?
=> More informations about this toot | More toots from lucas3d@mastodon.social
@lucas3d I’ve been running on Oracle cloud free tier.
For free.
For years.
You might wanna transfer to pay as you go model or risk getting randomly disabled. Aaaand be vigilant to not get out of free range or risk costs.
And yeah - read way to many security horror stories with it to run it in my environment as internet facing service. Pure nginx and certbot for handling certs.
=> More informations about this toot | More toots from pax0707@mastodon.social
@pax0707 I don't like the uncertainty of the monthly price, but I’m investigating the VPS solution.
I will check about pure Nginx with Certbot; self-hosting is a long journey...
=> More informations about this toot | More toots from lucas3d@mastodon.social This content has been proxied by September (ba2dc).Proxy Information
text/gemini
