How to Host Headscale on a Linux Server with Podman Quadlets (Part 1)
roguesecurity.dev
My strategy for self-hosting a tailscale control-plane server using headscale, deployed with podman quadlets (Part 1)

Shameless self-plug here. I wrote a blog post to document my methodology after having some issues with publicly available examples of using Podman and traefik in a best-practices config. Hopefully this finds the one other person that was in my shoes and helps them out. Super happy for feedback if others care to share.

  • deadcatbounce@reddthat.comEnglish
    3·
    2 days ago

    Excuse the ignorance, what am I actually reading about here?

    I read the first few paragraphs and an out of my league.

    What are ‘we’ trying to achieve?

    • StarkZarn@infosec.pubOPEnglish
      2·
      1 day ago

      The other poster here is correct, this is just an account of my journey through self hosting traefik, and ultimately headscale, without the hurdles along the way. I tried to include a few links to unclear terms along the way in the narrative, maybe those would help you figure things out. Unfortunately I can’t write for an audience of everyone, but hopefully you can still gain some value or learn some new things! Thank you for the feedback.

      • deadcatbounce@reddthat.comEnglish
        2·
        14 hours ago

        Wasn’t being critical at all. Not expecting you to write for anyone.

        I wondered what this actually provides. If you were explaining to someone with a good knowledge of the world, not grandma!!

        • StarkZarn@infosec.pubOPEnglish
          1·
          10 hours ago

          No worries, and I’ll accept criticism too, that’s how you improve.

          Anyway, this is effectively giving you tailscale, a remote access mesh VPN solution, but with total control and ownership of the control plane server, instead of relying on the opaque tailscale owned and controlled infra. I touched on it briefly again the ‘DERP Config’ section of part 2: https://roguesecurity.dev/blog/headscale-quadlet-part2#DERP Config

          • deadcatbounce@reddthat.comEnglish
            1·
            1 hour ago

            I’m not criticising you. I cannot validity criticise you, even if I was so inclined (I’m not), because I cannot proficiently grasp the subject matter. I would like to understand, NOT criticise. You’ve written an engaging piece which is opaque to me; apparently a contradiction. Hopefully I’ve rephrased that enough times to get across that no criticism is intended. 😁

            I don’t know the product names. I don’t tend to be focused on product names because they come and go. Your first message didn’t help me.

            Your last precis is just what I needed. Ideal. Thank-you. I now know what you’re trying to achieve.

    • mitram2@lemm.eeEnglish
      3·
      2 days ago

      Just a guide on how OP selfhosts headscale using postman with a few nice features enabled