Here is the method to set up a custom DERP server on Ubuntu without the need for a domain name and SSL certificate, but requiring a public IP (the network server will provide a public IP, such as AWS, Alibaba Cloud, etc.):
apt update && apt install -y wget git openssl curl sudo vim systemctl cron
- Check the latest version of go here
wget https://golang.google.cn/dl/go1.21.3.linux-amd64.tar.gz
and replace 1.21.3 with the latest version numberrm -rf /usr/local/go && tar -C /usr/local -xzf go1.21.3.linux-amd64.tar.gz
to replace the default system go- Modify the system variable
export PATH=$PATH:/usr/local/go/bin
- If you are in China, add go source:
- Install DERPER
go install tailscale.com/cmd/derper@main
- Go to the folder
~/go/pkg/mod/[tailscale]/cmd/derper
, then modify the filevim cert.go
and delete the validation-related content: - Compile DERPER:
go build -o /etc/derp/derper
- Generate a self-signed SSL certificate
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/derp/derp.test.com.key -out /etc/derp/derp.test.com.crt -subj "/CN=derp.test.com" -addext "subjectAltName=DNS:derp.test.com"
- Create a system service
vim /etc/systemd/system/derp.service
: 12345 is the port number of the DERP node, which needs to be exposed to the public network using the TCP protocol. You can also set your preferred port number. Port 3478 needs to be exposed using the UDP protocol, and this port number cannot be changed as it is required for the stun service. -
After running the above commands, DERP should be displayed as active. Then open
https://IP:PORT
in a browser, and you will see: - Open the Tailscale Admin Console, click on
Access Controls
, and copy the following content abovessh
: - Check if the DERP node is working by running
tailscale netcheck
on another device. Wow, the speed of the nodes in my house is slower than the default. - The DERPER service will always crash, so for safety reasons, we need to restart the service periodically.
crontab
is the best choice. - Run
crontab -e
and paste0 */12 * * * systemctl start derp
inside. The DERPER service will restart every 12 hours. Then pressESC
, enter:wq
to exit.