An open source, self-hosted implementation of the Tailscale control server https://github.com/juanfont/headscale
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Kristoffer Dalby 5fe6538c02
Merge pull request #831 from kradalby/fix-https-listen
2 days ago
.github Merge branch 'main' into remove-sponsorship 7 days ago
cmd/headscale remove unnecessary checks on slices 5 days ago
docs Format reverse-proxy.md 1 week ago
gen add acl_tags to PreAuthKey proto 1 month ago
integration_test Add new config option to cli integration tests 2 days ago
proto Merge branch 'main' into preauthkey-tags 3 weeks ago
tests/acls Add test for autoApprovers feature 1 month ago
.dockerignore Added integration tests for the embedded DERP server 7 months ago
.envrc Add direnv flake support 6 months ago
.gitignore Ignore new dump file 4 months ago
.golangci.yaml fix: ignore exhaust linter 4 months ago
.goreleaser.yml Release using go 1.19 4 weeks ago
CHANGELOG.md Update changelog 2 days ago
CODE_OF_CONDUCT.md Prettier 1 month ago
Dockerfile Use Go 1.19 in Dockerfiles 4 weeks ago
Dockerfile.alpine Use Go 1.19 in Dockerfiles 4 weeks ago
Dockerfile.debug Use Go 1.19 in Dockerfiles 4 weeks ago
Dockerfile.tailscale Added default values in Dockerfile.tailscale 6 months ago
Dockerfile.tailscale-HEAD Minor changes to HEAD Dockerfile 1 month ago
LICENSE Initial commit 2 years ago
Makefile Include OIDC in the full execution 3 weeks ago
README.md use logo in readme correcly 3 weeks ago
acls.go Remove dependency on netaddr 3 weeks ago
acls_test.go Merge branch 'main' into preauthkey-tags 3 weeks ago
acls_types.go fix linting mistakes 3 weeks ago
api.go Pass the req context when pinging the DB 3 weeks ago
api_common.go Removed unused param after routes fix 1 week ago
api_key.go exported API errors 2 months ago
api_key_test.go Add api key data model and helpers 8 months ago
app.go Merge branch 'main' into fix-https-listen 2 days ago
app_test.go Use net/netip in derp server 4 weeks ago
buf.gen.yaml Create an initial gRPC service 11 months ago
config-example.yaml Add new option to config-example 2 days ago
config.go Preserve current behaviour with a config flag 2 days ago
db.go fix linting issues in preauthkey tags 3 weeks ago
derp-example.yaml Fix key name about derp port 6 months ago
derp.go Use library const for HTTP verbs 3 weeks ago
derp_server.go Also warn in DERP server if Websockets are not properly working 3 weeks ago
dns.go Port dns to net/netip 4 weeks ago
dns_test.go Merge branch 'main' into preauthkey-tags 3 weeks ago
flake.lock Nix update 2 days ago
flake.nix Revert overlay overlapping 2 days ago
go.mod Upgrade direct dependencies 3 weeks ago
go.sum Removed gin from go.sum (Github security notice) 1 week ago
grpcv1.go Merge branch 'main' into preauthkey-tags 5 days ago
grpcv1_test.go fix(grpc): add more checks for tag validation 2 months ago
integration_cli_test.go Merge branch 'main' into preauthkey-tags 7 days ago
integration_common_test.go Return stderr too in ExecuteCommand 7 days ago
integration_embedded_derp_test.go Return stderr too in ExecuteCommand 7 days ago
integration_general_test.go Return stderr too in ExecuteCommand 7 days ago
integration_oidc_test.go Return stderr too in ExecuteCommand 7 days ago
machine.go Merge branch 'main' into autoapprovers 7 days ago
machine_test.go fix autoapprover test following tagged authkey change 5 days ago
metrics.go Go format with shorter lines 11 months ago
namespaces.go exported API errors 2 months ago
namespaces_test.go Merge branch 'main' into preauthkey-tags 3 weeks ago
noise.go Minor message change 3 weeks ago
oidc.go Pass context in OIDC helpers 3 weeks ago
platform_config.go chore(all): apply formater 2 months ago
preauth_keys.go remove unnecessary checks on slices 5 days ago
preauth_keys_test.go fix linting issues in preauthkey tags 3 weeks ago
protocol_common.go Use oidc if it initialised, not if it is configured 2 days ago
protocol_common_poll.go Merge branch 'main' into autoapprovers 3 weeks ago
protocol_common_utils.go Return error on marshaling issues 3 weeks ago
protocol_legacy.go Fixed minor linting things 1 month ago
protocol_legacy_poll.go Only pass the context in pollmap, no req needed 3 weeks ago
protocol_noise.go Use common core for noise registration 1 month ago
protocol_noise_poll.go Only pass the context in pollmap, no req needed 3 weeks ago
routes.go Migrate routes to net/netip 4 weeks ago
routes_test.go Merge branch 'main' into preauthkey-tags 3 weeks ago
swagger.go Fix charset typo in swagger.go 1 month ago
utils.go Migrate utils to net/netip 4 weeks ago
utils_test.go Merge branch 'main' into preauthkey-tags 3 weeks ago

README.md

headscale logo

ci

An open source, self-hosted implementation of the Tailscale control server.

Join our Discord server for a chat.

Note: Always select the same GitHub tag as the released version you use to ensure you have the correct example configuration and documentation. The main branch might contain unreleased changes.

What is Tailscale

Tailscale is a modern VPN built on top of Wireguard. It works like an overlay network between the computers of your networks - using NAT traversal.

Everything in Tailscale is Open Source, except the GUI clients for proprietary OS (Windows and macOS/iOS), and the control server.

The control server works as an exchange point of Wireguard public keys for the nodes in the Tailscale network. It assigns the IP addresses of the clients, creates the boundaries between each user, enables sharing machines between users, and exposes the advertised routes of your nodes.

A Tailscale network (tailnet) is private network which Tailscale assigns to a user in terms of private users or an organisation.

Design goal

headscale aims to implement a self-hosted, open source alternative to the Tailscale control server. headscale has a narrower scope and an instance of headscale implements a single Tailnet, which is typically what a single organisation, or home/personal setup would use.

headscale uses terms that maps to Tailscale's control server, consult the glossary for explainations.

Support

If you like headscale and find it useful, there is a sponsorship and donation buttons available in the repo.

If you would like to sponsor features, bugs or prioritisation, reach out to one of the maintainers.

Features

  • Full "base" support of Tailscale's features
  • Configurable DNS
  • Node registration
    • Single-Sign-On (via Open ID Connect)
    • Pre authenticated key
  • Taildrop (File Sharing)
  • Access control lists
  • MagicDNS
  • Support for multiple IP ranges in the tailnet
  • Dual stack (IPv4 and IPv6)
  • Routing advertising (including exit nodes)
  • Ephemeral nodes
  • Embedded DERP server

Client OS support

OS Supports headscale
Linux Yes
OpenBSD Yes
FreeBSD Yes
macOS Yes (see /apple on your headscale for more information)
Windows Yes docs
Android Yes docs
iOS Not yet

Running headscale

Please have a look at the documentation under docs/.

Disclaimer

  1. We have nothing to do with Tailscale, or Tailscale Inc.
  2. The purpose of Headscale is maintaining a working, self-hosted Tailscale control panel.

Contributing

To contribute to headscale you would need the lastest version of Go and Buf(Protobuf generator).

We recommend using Nix to setup a development environment. This can be done with nix develop, which will install the tools and give you a shell. This guarantees that you will have the same dev env as headscale maintainers.

PRs and suggestions are welcome.

Code style

To ensure we have some consistency with a growing number of contributions, this project has adopted linting and style/formatting rules:

The Go code is linted with golangci-lint and formatted with golines (width 88) and gofumpt. Please configure your editor to run the tools while developing and make sure to run make lint and make fmt before committing any code.

The Proto code is linted with buf and formatted with clang-format.

The rest (Markdown, YAML, etc) is formatted with prettier.

Check out the .golangci.yaml and Makefile to see the specific configuration.

Install development tools

  • Go
  • Buf
  • Protobuf tools

Install and activate:

nix develop

Testing and building

Some parts of the project require the generation of Go code from Protobuf (if changes are made in proto/) and it must be (re-)generated with:

make generate

Note: Please check in changes from gen/ in a separate commit to make it easier to review.

To run the tests:

make test

To build the program:

nix build

or

make build

Contributors

Kristoffer
Kristoffer Dalby
Juan
Juan Font
Adrien
Adrien Raffin-Caboisse
Ward
Ward Vandewege
Jiang
Jiang Zhu
Nico/
Nico
e-zk/
e-zk
Justin
Justin Angel
Alessandro
Alessandro (Ale) Segala
unreality/
unreality
ohdearaugustin/
ohdearaugustin
Moritz
Moritz Poldrack
GrigoriyMikhalkin/
GrigoriyMikhalkin
Niek
Niek van der Maas
Eugen
Eugen Biegler
Azz/
Azz
Anton
Anton Schubert
Aaron
Aaron Bieber
Laurent
Laurent Marchaud
Fernando
Fernando De Lucchi
Hoàng
Hoàng Đức Hiếu
bravechamp/
bravechamp
Deon
Deon Thomas
ChibangLW/
ChibangLW
Mevan
Mevan Samaratunga
Michael
Michael G.
Paul
Paul Tötterman
Samuel
Samuel Lock
Stefan
Stefan Majer
Artem
Artem Klevtsov
Casey
Casey Marshall
Pavlos
Pavlos Vinieratos
Silver
Silver Bullet
Victor
Victor Freire
lachy2849/
lachy2849
thomas/
thomas
Abraham
Abraham Ingersoll
Antoine
Antoine POPINEAU
Aofei
Aofei Sheng
Arthur
Arthur Woimbée
Bryan
Bryan Stenson
Carson
Carson Yang
kundel/
kundel
Felix
Felix Kronlage-Dammers
Felix
Felix Yan
JJGadgets/
JJGadgets
Jamie
Jamie Greeff
Jim
Jim Tittsler
Pierre
Pierre Carru
Rasmus
Rasmus Moorats
rcursaru/
rcursaru
WhiteSource
WhiteSource Renovate
Ryan
Ryan Fowler
Shaanan
Shaanan Cohney
sophware/
sophware
Tanner/
Tanner
Teteros/
Teteros
The
The Gitter Badger
Tianon
Tianon Gravi
Tjerk
Tjerk Woudsma
Yang
Yang Bin
Yujie
Yujie Xia
Zakhar
Zakhar Bessarab
Ziyuan
Ziyuan Han
derelm/
derelm
henning
henning mueller
ignoramous/
ignoramous
lion24/
lion24
pernila/
pernila
Wakeful-Cloud/
Wakeful-Cloud
zy/
zy