Mirrors/headscale-webui
1
0
Fork 1
mirror of https://github.com/iFargle/headscale-webui.git synced 2026-03-21 23:24:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b80b81dfdee82b7ec710ddf4a2daecc2927dc64a
headscale-webui/README.md

85 lines
3.3 KiB
Markdown
Raw Blame History

# headscale-webui
## This is a simple front-end for a Headscale server
#### PR's, questions, bug-fixes, feature requests are welcome!
---
Allows you to do the following:
1. Enable/Disable routes and exit nodes
2. Add, move, rename, and remove machines
3. Add and remove users/namespaces
4. Add and expire PreAuth keys
5. Add and remove machine tags
6. View machine details
* Hostname
* User associated with the machine
* IP addresses in the Tailnet
* Last seen by the control server
* Last update with the control server
* Creation date
* PreAuth key associated with the machine
* Enable / disable routes and exit nodes
* Add and delete machine tags
7. Basic authentication (See Docker Compose changes below)
---
# Installation:
## Docker Compose changes:
1. Change the following variables in docker-compose.yml:
1. TZ - Change to your timezone. Example: Asia/Tokyo
2. HS_SERVER - Change to your headscale's URL
3. BASE_PATH - This will be the path your server is served on. Because the Windows Tailscale GUI expects <HS_SERVER/admin>, I usually put this as "/admin"
4. KEY - Your encryption key to store your headscale API key on disk. Generate a new one with "openssl rand -base64 32". Do not forget the quotations around the key when entering.
5. AUTH_TYPE - Set to either "Basic" or "OIDC" for password authentication
6. AUTH_USER - Username for Basic auth Can be removed if AUTH_TYPE is not "Basic"
7. AUTH_PASS - Password for Basic auth. Can be removed if AUTH_TYPE is not "Basic"
2. You will also need to change the volumes:
1. /data - Where your encryption key will reside. Can be anywhere writable by UID 1000
2. /etc/headscale/ - This is your Headscale configuration file.
3. Make sure the host path for /data is readable and writable to UID 1000, otherwise writing the key to disk will fail.
## Traefik example with SSL:
* docker-compose labels:
```
labels:
# Traefik Configs
- "traefik.enable=true"
- "traefik.http.routers.headscale-webui.entrypoints=web-secure"
- "traefik.http.routers.headscale-webui.rule=Host(`headscale.$DOMAIN`) && (PathPrefix(`/$BASE_PATH/`) || PathPrefix(`/$BASE_PATH`))"
- "traefik.http.services.headscale-webui.loadbalancer.server.port=5000"
- "traefik.http.routers.headscale-webui.tls.certresolver=letsencrypt"
```
* Replace $DOMAIN with your domain and update $BASE_PATH to your BASE_PATH.
* If you do not need SSL, remove the tls.certresolver=letsencrypt line
## Nginx example:
* Thanks to @qiangyt for their contributions!
* nginx reverse proxy config:
```
location /admin {
proxy_pass http://127.0.0.1:5000/admin;
proxy_http_version 1.1;
proxy_set_header Host $server_name;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
auth_basic "Administrator's Area";
auth_basic_user_file /etc/nginx/htpasswd;
}
```
---
# Screenshots:
Overview Page:
![Overview](screenshots/overview.png)
Users Page:
![Users](screenshots/users.png)
New Machine Modal:
![Add a new machine](screenshots/add-machine.png)
Machines Page:
![Machine Details](screenshots/machines.png)
Settings Page showing an API Key Test:
![API Key Test](screenshots/settings.png)
Reference in New Issue View Git Blame Copy Permalink