TL; DR
-
确保你拥有一台延迟带宽综合表现优于官方 Tailscale Derp 服务器的服务器(通常是
hkg,sin,tok)。这台服务器需要公网 IP+ 任意两个开放端口。 -
参考我的增加了
DERP_STUN_PORT环境变量配置项的 patch:GitHub - yao-yun/ip_derper at feat/dockerfile_stun_port_env,构建自己的 yangchuansheng/ip_derper 镜像并部署在你的小鸡上,设置DERP_ADDR=:<port>DERP_HTTP_PORT=-11、DERP_STUN_PORT=<port>三个环境变量,并暴露至对应外部端口。 -
在你的 Tailscale 面板 ACL 规则中新增如下字段,以分发你新增的额外 Derp 服务器配置到你所有的 Tailscale 节点上:
"derpMap": { "OmitDefaultRegions": false, "Regions": { "901": { "RegionID": 901, "RegionCode": "some_code", "RegionName": "some human readable name", "Nodes": [ { "Name": "901a", "RegionID": 901, "DERPPort": <your derp port>, "STUNPort": <your stun port>, "HostName": "<your server ip>", "InsecureForTests": true, // so your self-signed ip ssl cert won't be rejected // but no worries, your traffic is already encrypted e2e // by you tailscale client. It just anyone watching will // find out your are using a custom derp. }, ], }, }, }, -
在任意 Tailscale 设备上运行
tailscale netcheck,如一切正常,你将能在结果中看到你的 Derp 延迟最低:2Report: * Time: 2025-01-30T11:45:20.058829032Z * UDP: true * IPv4: yes, 114.514.191.810:2100 * IPv6: no, but OS has support * MappingVariesByDestIP: true * PortMapping: UPnP * CaptivePortal: false * Nearest DERP: <Your derp server name> * DERP latency: - <code>: 59.7ms <Your derp server name> // - hkg: 69.1ms (Hong Kong) - sin: 89.4ms (Singapore) - tok: 104.8ms (Tokyo) - syd: 187ms (Sydney) - nue: 248.1ms (Nuremberg) - lhr: 251.5ms (London)
正文
WIP, maybe never.