mirror of
https://anongit.gentoo.org/git/repo/gentoo.git
synced 2025-07-23 23:48:22 +02:00
Add DERP (Designated Encrypted Relay for Packets) server for tailnet devices, which quite useful if connecting to official one is either slow or unstable. Link: https://tailscale.com/kb/1232/derp-servers Closes: https://bugs.gentoo.org/951451 Closes: https://github.com/gentoo/gentoo/pull/41165 Signed-off-by: Yixun Lan <dlan@gentoo.org>
48 lines
1.4 KiB
Text
48 lines
1.4 KiB
Text
# executing user
|
|
DERPER_USER=derper
|
|
|
|
# executing group
|
|
DERPER_GROUP=derper
|
|
|
|
# Home dir for derper
|
|
HOMEDIR=/var/lib/derper
|
|
|
|
# server HTTPS listen address, in form ":port", "ip:port", or for IPv6 "[ip]:port".
|
|
# If the IP is omitted, it defaults to all interfaces.
|
|
# If you want to listen to 443 or other well-known port
|
|
# you should set the executing user to the 'root'
|
|
ADDR=":9781"
|
|
|
|
# The port on which to serve HTTP.
|
|
# -1 means disabled
|
|
HTTP_PORT="-1"
|
|
|
|
# servername for TLS cert
|
|
HOSTNAME="derp.example.com"
|
|
|
|
# mode for getting a cert.
|
|
# If you want to change to the 'letsencrypt' mode,
|
|
# the DERP server should be listened on 443 port, and
|
|
# the http port 80 should be listened also at the first time
|
|
CERTMODE="manual"
|
|
# cert dir
|
|
# when in the 'manual' mode, the default cert file and private key
|
|
# will be read via path:
|
|
# CERTDIR/HOSTNAME.crt
|
|
# CERTDIR/HOSTNAME.key
|
|
# and all non [a-zA-Z0-9\.-] characters will be removed
|
|
# from the HOSTNAME
|
|
CERTDIR="/var/lib/derper/certs"
|
|
# The custom cert and key file path,
|
|
# simplify the certificate deployment process in manual mode,
|
|
# the two files will overwrite the default cert and key files
|
|
# everytime when derper service starts.
|
|
#CERTFILE=
|
|
#KEYFILE=
|
|
|
|
# extra arguments passed to the derper
|
|
# run derper --help to get help
|
|
# -verify-clients
|
|
# verify clients to this DERP server through a local tailscaled instance.
|
|
FLAGS="-verify-clients"
|
|
|