快捷使用
https://www.escapelife.site/posts/bb022c74.html
https://blog.l3zc.com/2025/04/tailscale-setup-recap/ tailscale 自建DERP
Tailscale 原理
https://www.bilibili.com/video/BV13P411q7Cy
Tailscale 配置
https://www.bilibili.com/video/BV1Wh411A73b
云原生实验室,有很多 wireguard 与 tailscale 的教程
https://icloudnative.io/
访问权限管理
{
// 1. 定义用户组,下例子中使用自动创建组,可以 根据实际情况定义组
"groups": {
"group:admin": ["x@x.com"],
},
// 2. 定义哪些组可以设置哪些标签, 下面是自动创建组中的管理员有权限设置标签
"tagOwners": {
"tag:client": ["autogroup:admin"],
"tag:server": ["autogroup:admin"],
"tag:gpu-server": ["autogroup:admin"],
"tag:xapi": ["autogroup:admin"],
},
// 3. 给机器打上标签
// 定义哪些标签的机器 可以访问哪些地址
// 可以直接访问 ssh
"acls": [
{
"action": "accept",
"src": ["tag:xwx", "tag:xwx-notebook"],
"dst": ["*:22"],
},
// 访问 openweb ui 访问
{
"action": "accept",
"src": ["tag:xapi"],
"dst": ["tag:gpu-server:3001"],
},
],
// 可以使用 tailscale ssh user@my-server 访问远程
// Define users and devices that can use Tailscale SSH.
"ssh": [
// Allow all users to SSH into their own devices in check mode.
// Comment this section out if you want to define specific restrictions.
{
"action": "check",
"src": ["autogroup:member"],
"dst": ["autogroup:self"],
"users": ["autogroup:nonroot", "root"],
},
],
}