Headscale - Is it ok to use the default config (just editing the address/domain name)? will that be secure enough? Also which ports to I need to forward to my raspberry pi headscale server?
Headscale - Is it ok to use the default config (just editing the address/domain name)? will that be secure enough? Also which ports to I need to forward to my raspberry pi headscale server?
Look at either putting it behind a reverse proxy or using the built in Let’s Encrypt / ACME configuration.
Suggested documentation:
The config linked to in their documentation states
# Address to listen to / bind to on the server # # For production: # listen_addr: 0.0.0.0:8080 listen_addr: 127.0.0.1:8080 # Address to listen to /metrics and /debug, you may want # to keep this endpoint private to your internal network metrics_listen_addr: 127.0.0.1:9090Port 8080 TCP is used for the connection, 9090 TCP is for metrics and not suggested to port forward. If you use a reverse proxy, you do not need to port forward to either of those ports directly, and instead to the reverse proxy.