以下命令均使用root身份运行

安装golang
1、下载、安装

wget https://go.dev/dl/go1.17.6.linux-amd64.tar.gz
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.17.6.linux-amd64.tar.gz

2、添加环境变量

export PATH=$PATH:/usr/local/go/bin
source $HOME/.profile

3、验证是否成功安装

go version
go version go1.17.6 linux/amd64

安装Derper服务
1、下载、安装

go install tailscale.com/cmd/derper@main

2、验证是否成功安装

/root/go/bin/derper -h
Usage of ./go/bin/derper:
  -a string
        server address (default ":443")
  -bootstrap-dns-names string
        optional comma-separated list of hostnames to make available at /bootstrap-dns
  -c string
        config file path
#以下省略

3、测试启动服务

/root/go/bin/derper -c=$HOME/derper.conf -hostname=yourhostname.com -stun
#如有以下返回信息，即说明derper服务启动成功了，derper会自动为您的域名申请letsencrypte的ssl证书
2021/09/18 15:04:31 derper: serving on :443 with TLS
2021/09/18 15:04:31 running STUN server on [::]:3478

如果443端口已被其它服务占用，则可以使用自定义端口,但SSL证书需自行提前准备好：

/root/go/bin/derper -c=$HOME/derper.conf -http-port -1 -a ":12345" -hostname "your.domain.net" --stun -certmode manual -certdir /etc/certs/
#同样的，当看到以下返回信息，则说明derper服务启动成功
2021/09/18 15:32:09 derper: serving on :12345 with TLS
2021/09/18 15:32:09 running STUN server on [::]:3478

4、守护进程

vim /etc/systemd/system/derp.service
[Unit]
Description=Tailscale DERP Server
After=network.target

[Service]
User=root
Restart=always
RestartSec=5
ExecStart= /root/go/bin/derper -c=$HOME/derper.conf -http-port -1 -a ":12345" -hostname "your.domain.net" --stun -certmode manual -certdir /etc/certs/

[Install]
WantedBy=multi-user.target

5、启动服务

systemctl enable --now derp.service
#查看返回结果
systemctl status derp.service
● derp.service - Tailscale DERP Server
   Loaded: loaded (/etc/systemd/system/derp.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-01-12 16:20:50 HKT; 1 day 20h ago
 Main PID: 748 (derper)
    Tasks: 4
   Memory: 10.3M
      CPU: 3.502s
   CGroup: /system.slice/derp.service

6、配置控制台节点信息

// Example/default ACLs for unrestricted connections.
{
  // Declare static groups of users beyond those in the identity service.
  "groups": {
    "group:example": [ "user1@example.com", "user2@example.com" ],
  },
  // Declare convenient hostname aliases to use in place of IP addresses.
  "hosts": {
    "example-host-1": "100.100.100.100",
  },
  // Access control lists.
  "acls": [
    // Match absolutely everything. Comment out this section if you want
    // to define specific ACL restrictions.
    { "action": "accept", "users": ["*"], "ports": ["*:*"] },
  ],
	"derpMap": {
		"OmitDefaultRegions": true, //只使用自建中继
		"Regions": {
			"901": {
				"RegionID": 901,
				"RegionCode": "myderp1",
				"Nodes": [
					{
						"Name": "1",
						"RegionID": 901,
						"HostName": "your1.domain.net"
						//"DERPPort": 12345
					}
				]
			},
			"900": {
				"RegionID": 900,
				"RegionCode": "myderp2",
				"Nodes": [
					{
						"Name": "1",
						"RegionID": 900,
						"HostName": "your2.domain.net",
						"DERPPort": 12345
					}
				]
			}
		}
	}


}