juanfont/headscale - Detailed Review#

1. Overview & GitHub Stats#

URL: https://github.com/juanfont/headscale
Stars: 30667

2. Project Description#

Headscale is an open-source, self-hosted implementation of the Tailscale control server. It allows users to create and manage their own private networks using the Tailscale client, without relying on Tailscale’s cloud infrastructure. This provides greater control, privacy, and customization for individuals and organizations looking to deploy secure mesh networks.

3. What Software Does It Replace?#

Headscale serves as a self-hosted alternative to:

Tailscale’s official control server (SaaS version)
Commercial VPN solutions like OpenVPN Access Server or WireGuard managed services
Other proprietary mesh networking solutions that require cloud dependencies

4. Core Functionality#

Key features of Headscale include:

User and machine management: Register and manage users and devices within your network.
Access control lists (ACLs): Define fine-grained policies for network traffic.
DNS configuration: Integrate custom DNS settings for your private network.
Multi-platform support: Compatible with Tailscale clients on Linux, macOS, Windows, iOS, and Android.
API-driven: Provides a REST API for automation and integration with other tools.

5. Pros and Cons#

Pros:

Complete control over your network infrastructure.
Enhanced privacy since no data is sent to third-party servers.
Cost-effective for organizations with many devices.
Active open-source community with regular updates.

Cons:

Requires technical knowledge to set up and maintain.
Self-hosting responsibilities include security, updates, and backups.
Lacks some enterprise features available in Tailscale’s paid plans.

6. Detailed Installation Guide (Self-host)#

Follow these steps to deploy Headscale on an Ubuntu server:

Prerequisites#

Ubuntu 22.04 LTS or later
Docker and Docker Compose installed
A domain name pointed to your server’s IP (optional but recommended for HTTPS)

Step 1: Install Docker and Docker Compose#

1
sudo apt update && sudo apt install -y docker.io docker-compose
2
sudo systemctl enable --now docker

Step 2: Create a Directory for Headscale#

1
mkdir headscale && cd headscale

Step 3: Create a Docker Compose File#

Create a docker-compose.yml file with the following content:

1
version: '3.8'
2
services:
3
  headscale:
4
    image: headscale/headscale:latest
5
    container_name: headscale
6
    volumes:
7
      - ./config:/etc/headscale
8
      - ./data:/var/lib/headscale
9
    ports:
10
      - "8080:8080"
11
    restart: unless-stopped

Step 4: Generate Configuration#

1
docker run --rm -it -v $(pwd)/config:/etc/headscale headscale/headscale:latest generate

Step 5: Edit Configuration#

Edit config/config.yaml to set your server URL and other preferences. For example:

1
server_url: http://your-domain.com:8080

Step 6: Start Headscale#

1
docker-compose up -d

Step 7: Create a User and Pre-Auth Key#

1
docker exec headscale headscale users create myuser
2
docker exec headscale headscale preauthkeys create --user myuser --reusable --expiration 24h

Step 8: Connect Clients#

Use the pre-auth key to connect Tailscale clients to your Headscale server. For example, on Linux:

1
tailscale up --login-server=http://your-server-ip:8080 --authkey=YOUR_AUTH_KEY

Your self-hosted Headscale instance is now running! For advanced configurations, such as HTTPS or database setup, refer to the official documentation.