headscale/development/setup/install/container/index.html

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="An open source, self-hosted implementation of the Tailscale control server."><meta name=author content="Headscale authors"><link href=https://juanfont.github.io/headscale/development/setup/install/container/ rel=canonical><link href=../community/ rel=prev><link href=../source/ rel=next><link rel=icon href=../../../assets/favicon.png><meta name=generator content="mkdocs-1.6.1, mkdocs-material-9.6.12"><title>Container - Headscale</title><link rel=stylesheet href=../../../assets/stylesheets/main.2afb09e1.min.css><link rel=stylesheet href=../../../assets/stylesheets/palette.06af60db.min.css><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"><style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style><script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script><meta property=og:type content=website><meta property=og:title content="Container - Headscale"><meta property=og:description content="An open source, self-hosted implementation of the Tailscale control server."><meta property=og:image content=https://juanfont.github.io/headscale/development/assets/images/social/setup/install/container.png><meta property=og:image:type content=image/png><meta property=og:image:width content=1200><meta property=og:image:height content=630><meta content=https://juanfont.github.io/headscale/development/setup/install/container/ property=og:url><meta name=twitter:card content=summary_large_image><meta name=twitter:title content="Container - Headscale"><meta name=twitter:description content="An open source, self-hosted implementation of the Tailscale control server."><meta name=twitter:image content=https://juanfont.github.io/headscale/development/assets/images/social/setup/install/container.png></head> <body dir=ltr data-md-color-scheme=default data-md-color-primary=white data-md-color-accent=indigo> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#running-headscale-in-a-container class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <div data-md-color-scheme=default data-md-component=outdated hidden> </div> <header class=md-header data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=../../.. title=Headscale class="md-header__button md-logo" aria-label=Headscale data-md-component=logo> <img src=../../../logo/headscale3-dots.svg alt=logo> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> Headscale </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> Container </span> </div> </div> </div> <form class=md-header__option data-md-component=palette> <input class=md-option data-md-color-media data-md-color-scheme=default data-md-color-primary=white data-md-color-accent=indigo aria-label="Switch to dark mode" type=radio name=__palette id=__palette_0> <label class="md-header__button md-icon" title="Switch to dark mode" for=__palette_1 hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0
</span><span id=__span-0-2><a id=__codelineno-0-2 name=__codelineno-0-2 href=#__codelineno-0-2></a><span class=nb>cd</span><span class=w> </span>./headscale
</span></code></pre></div> </li> <li> <p>Download the example configuration for your chosen version and save it as: <code>$(pwd)/config/config.yaml</code>. Adjust the configuration to suit your local environment. See <a href=../../../ref/configuration/ >Configuration</a> for details.</p> </li> <li> <p>Start headscale from within the previously created <code>./headscale</code> directory:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-1-1><a id=__codelineno-1-1 name=__codelineno-1-1 href=#__codelineno-1-1></a>docker<span class=w> </span>run<span class=w> </span><span class=se>\</span>
</span><span id=__span-1-2><a id=__codelineno-1-2 name=__codelineno-1-2 href=#__codelineno-1-2></a><span class=w>  </span>--name<span class=w> </span>headscale<span class=w> </span><span class=se>\</span>
</span><span id=__span-1-3><a id=__codelineno-1-3 name=__codelineno-1-3 href=#__codelineno-1-3></a><span class=w>  </span>--detach<span class=w> </span><span class=se>\</span>
</span><span id=__span-1-4><a id=__codelineno-1-4 name=__codelineno-1-4 href=#__codelineno-1-4></a><span class=w>  </span>--volume<span class=w> </span><span class=k>$(</span><span class=nb>pwd</span><span class=k>)</span>/config:/etc/headscale<span class=w> </span><span class=se>\</span>
</span><span id=__span-1-5><a id=__codelineno-1-5 name=__codelineno-1-5 href=#__codelineno-1-5></a><span class=w>  </span>--volume<span class=w> </span><span class=k>$(</span><span class=nb>pwd</span><span class=k>)</span>/lib:/var/lib/headscale<span class=w> </span><span class=se>\</span>
</span><span id=__span-1-6><a id=__codelineno-1-6 name=__codelineno-1-6 href=#__codelineno-1-6></a><span class=w>  </span>--volume<span class=w> </span><span class=k>$(</span><span class=nb>pwd</span><span class=k>)</span>/run:/var/run/headscale<span class=w> </span><span class=se>\</span>
</span><span id=__span-1-7><a id=__codelineno-1-7 name=__codelineno-1-7 href=#__codelineno-1-7></a><span class=w>  </span>--publish<span class=w> </span><span class=m>127</span>.0.0.1:8080:8080<span class=w> </span><span class=se>\</span>
</span><span id=__span-1-8><a id=__codelineno-1-8 name=__codelineno-1-8 href=#__codelineno-1-8></a><span class=w>  </span>--publish<span class=w> </span><span class=m>127</span>.0.0.1:9090:9090<span class=w> </span><span class=se>\</span>
</span><span id=__span-1-9><a id=__codelineno-1-9 name=__codelineno-1-9 href=#__codelineno-1-9></a><span class=w>  </span>headscale/headscale:&lt;VERSION&gt;<span class=w> </span><span class=se>\</span>
</span><span id=__span-1-10><a id=__codelineno-1-10 name=__codelineno-1-10 href=#__codelineno-1-10></a><span class=w>  </span>serve
</span></code></pre></div> <p>Note: use <code>0.0.0.0:8080:8080</code> instead of <code>127.0.0.1:8080:8080</code> if you want to expose the container externally.</p> <p>This command mounts the local directories inside the container, forwards port 8080 and 9090 out of the container so the headscale instance becomes available and then detaches so headscale runs in the background.</p> <p>A similar configuration for <code>docker-compose</code>:</p> <div class="language-yaml highlight"><span class=filename>docker-compose.yaml</span><pre><span></span><code><span id=__span-2-1><a id=__codelineno-2-1 name=__codelineno-2-1 href=#__codelineno-2-1></a><span class=nt>version</span><span class=p>:</span><span class=w> </span><span class=s>&quot;3.7&quot;</span>
</span><span id=__span-2-2><a id=__codelineno-2-2 name=__codelineno-2-2 href=#__codelineno-2-2></a>
</span><span id=__span-2-3><a id=__codelineno-2-3 name=__codelineno-2-3 href=#__codelineno-2-3></a><span class=nt>services</span><span class=p>:</span>
</span><span id=__span-2-4><a id=__codelineno-2-4 name=__codelineno-2-4 href=#__codelineno-2-4></a><span class=w>  </span><span class=nt>headscale</span><span class=p>:</span>
</span><span id=__span-2-5><a id=__codelineno-2-5 name=__codelineno-2-5 href=#__codelineno-2-5></a><span class=w>    </span><span class=nt>image</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">headscale/headscale:&lt;VERSION&gt;</span>
</span><span id=__span-2-6><a id=__codelineno-2-6 name=__codelineno-2-6 href=#__codelineno-2-6></a><span class=w>    </span><span class=nt>restart</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">unless-stopped</span>
</span><span id=__span-2-7><a id=__codelineno-2-7 name=__codelineno-2-7 href=#__codelineno-2-7></a><span class=w>    </span><span class=nt>container_name</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">headscale</span>
</span><span id=__span-2-8><a id=__codelineno-2-8 name=__codelineno-2-8 href=#__codelineno-2-8></a><span class=w>    </span><span class=nt>ports</span><span class=p>:</span>
</span><span id=__span-2-9><a id=__codelineno-2-9 name=__codelineno-2-9 href=#__codelineno-2-9></a><span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class=s>&quot;127.0.0.1:8080:8080&quot;</span>
</span><span id=__span-2-10><a id=__codelineno-2-10 name=__codelineno-2-10 href=#__codelineno-2-10></a><span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class=s>&quot;127.0.0.1:9090:9090&quot;</span>
</span><span id=__span-2-11><a id=__codelineno-2-11 name=__codelineno-2-11 href=#__codelineno-2-11></a><span class=w>    </span><span class=nt>volumes</span><span class=p>:</span>
</span><span id=__span-2-12><a id=__codelineno-2-12 name=__codelineno-2-12 href=#__codelineno-2-12></a><span class=w>      </span><span class=c1># Please set &lt;HEADSCALE_PATH&gt; to the absolute path</span>
</span><span id=__span-2-13><a id=__codelineno-2-13 name=__codelineno-2-13 href=#__codelineno-2-13></a><span class=w>      </span><span class=c1># of the previously created headscale directory.</span>
</span><span id=__span-2-14><a id=__codelineno-2-14 name=__codelineno-2-14 href=#__codelineno-2-14></a><span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">&lt;HEADSCALE_PATH&gt;/config:/etc/headscale</span>
</span><span id=__span-2-15><a id=__codelineno-2-15 name=__codelineno-2-15 href=#__codelineno-2-15></a><span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">&lt;HEADSCALE_PATH&gt;/lib:/var/lib/headscale</span>
</span><span id=__span-2-16><a id=__codelineno-2-16 name=__codelineno-2-16 href=#__codelineno-2-16></a><span class=w>      </span><span class="p p-Indicator">-</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">&lt;HEADSCALE_PATH&gt;/run:/var/run/headscale</span>
</span><span id=__span-2-17><a id=__codelineno-2-17 name=__codelineno-2-17 href=#__codelineno-2-17></a><span class=w>    </span><span class=nt>command</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">serve</span>
</span></code></pre></div> </li> <li> <p>Verify headscale is running:</p> <p>Follow the container logs:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-3-1><a id=__codelineno-3-1 name=__codelineno-3-1 href=#__codelineno-3-1></a>docker<span class=w> </span>logs<span class=w> </span>--follow<span class=w> </span>headscale
</span></code></pre></div> <p>Verify running containers:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-4-1><a id=__codelineno-4-1 name=__codelineno-4-1 href=#__codelineno-4-1></a>docker<span class=w> </span>ps
</span></code></pre></div> <p>Verify headscale is available:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-5-1><a id=__codelineno-5-1 name=__codelineno-5-1 href=#__codelineno-5-1></a>curl<span class=w> </span>http://127.0.0.1:9090/metrics
</span></code></pre></div> </li> <li> <p>Create a headscale user:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-6-1><a id=__codelineno-6-1 name=__codelineno-6-1 href=#__codelineno-6-1></a>docker<span class=w> </span><span class=nb>exec</span><span class=w> </span>-it<span class=w> </span>headscale<span class=w> </span><span class=se>\</span>
</span><span id=__span-6-2><a id=__codelineno-6-2 name=__codelineno-6-2 href=#__codelineno-6-2></a><span class=w>  </span>headscale<span class=w> </span>users<span class=w> </span>create<span class=w> </span>myfirstuser
</span></code></pre></div> </li> </ol> <h3 id=register-a-machine-normal-login>Register a machine (normal login)<a class=headerlink href=#register-a-machine-normal-login title="Permanent link">&para;</a></h3> <p>On a client machine, execute the <code>tailscale up</code> command to login:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-7-1><a id=__codelineno-7-1 name=__codelineno-7-1 href=#__codelineno-7-1></a>tailscale<span class=w> </span>up<span class=w> </span>--login-server<span class=w> </span>YOUR_HEADSCALE_URL
</span></code></pre></div> <p>To register a machine when running headscale in a container, take the headscale command and pass it to the container:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-8-1><a id=__codelineno-8-1 name=__codelineno-8-1 href=#__codelineno-8-1></a>docker<span class=w> </span><span class=nb>exec</span><span class=w> </span>-it<span class=w> </span>headscale<span class=w> </span><span class=se>\</span>
</span><span id=__span-8-2><a id=__codelineno-8-2 name=__codelineno-8-2 href=#__codelineno-8-2></a><span class=w>  </span>headscale<span class=w> </span>nodes<span class=w> </span>register<span class=w> </span>--user<span class=w> </span>myfirstuser<span class=w> </span>--key<span class=w> </span>&lt;YOUR_MACHINE_KEY&gt;
</span></code></pre></div> <h3 id=register-a-machine-using-a-pre-authenticated-key>Register a machine using a pre authenticated key<a class=headerlink href=#register-a-machine-using-a-pre-authenticated-key title="Permanent link">&para;</a></h3> <p>Generate a key using the command line:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-9-1><a id=__codelineno-9-1 name=__codelineno-9-1 href=#__codelineno-9-1></a>docker<span class=w> </span><span class=nb>exec</span><span class=w> </span>-it<span class=w> </span>headscale<span class=w> </span><span class=se>\</span>
</span><span id=__span-9-2><a id=__codelineno-9-2 name=__codelineno-9-2 href=#__codelineno-9-2></a><span class=w>  </span>headscale<span class=w> </span>preauthkeys<span class=w> </span>create<span class=w> </span>--user<span class=w> </span>myfirstuser<span class=w> </span>--reusable<span class=w> </span>--expiration<span class=w> </span>24h
</span></code></pre></div> <p>This will return a pre-authenticated key that can be used to connect a node to headscale with the <code>tailscale up</code> command:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-10-1><a id=__codelineno-10-1 name=__codelineno-10-1 href=#__codelineno-10-1></a>tailscale<span class=w> </span>up<span class=w> </span>--login-server<span class=w> </span>&lt;YOUR_HEADSCALE_URL&gt;<span class=w> </span>--authkey<span class=w> </span>&lt;YOUR_AUTH_KEY&gt;
</span></code></pre></div> <h2 id=debugging-headscale-running-in-docker>Debugging headscale running in Docker<a class=headerlink href=#debugging-headscale-running-in-docker title="Permanent link">&para;</a></h2> <p>The <code>headscale/headscale</code> Docker container is based on a "distroless" image that does not contain a shell or any other debug tools. If you need to debug headscale running in the Docker container, you can use the <code>-debug</code> variant, for example <code>headscale/headscale:x.x.x-debug</code>.</p> <h3 id=running-the-debug-docker-container>Running the debug Docker container<a class=headerlink href=#running-the-debug-docker-container title="Permanent link">&para;</a></h3> <p>To run the debug Docker container, use the exact same commands as above, but replace <code>headscale/headscale:x.x.x</code> with <code>headscale/headscale:x.x.x-debug</code> (<code>x.x.x</code> is the version of headscale). The two containers are compatible with each other, so you can alternate between them.</p> <h3 id=executing-commands-in-the-debug-container>Executing commands in the debug container<a class=headerlink href=#executing-commands-in-the-debug-container title="Permanent link">&para;</a></h3> <p>The default command in the debug container is to run <code>headscale</code>, which is located at <code>/ko-app/headscale</code> inside the container.</p> <p>Additionally, the debug container includes a minimalist Busybox shell.</p> <p>To launch a shell in the container, use:</p> <div class="language-text highlight"><pre><span></span><code><span id=__span-11-1><a id=__codelineno-11-1 name=__codelineno-11-1 href=#__codelineno-11-1></a>docker run -it headscale/headscale:x.x.x-debug sh
</span></code></pre></div> <p>You can also execute commands directly, such as <code>ls /ko-app</code> in this example:</p> <div class="language-text highlight"><pre><span></span><code><span id=__span-12-1><a id=__codelineno-12-1 name=__codelineno-12-1 href=#__codelineno-12-1></a>docker run headscale/headscale:x.x.x-debug ls /ko-app
</span></code></pre></div> <p>Using <code>docker exec -it</code> allows you to run commands in an existing container.</p> </article> </div> <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script> </div> <button type=button class="md-top md-icon" data-md-component=top hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg> Back to top </button> </main> <footer class=md-footer> <nav class="md-footer__inner md-grid" aria-label=Footer> <a href=../community/ class="md-footer__link md-footer__link--prev" aria-label="Previous: Community packages"> <div class="md-footer__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg> </div> <div class=md-footer__title> <span class=md-footer__direction> Previous </span> <div class=md-ellipsis> Community packages </div> </div> </a> <a href=../source/ class="md-footer__link md-footer__link--next" aria-label="Next: Build from source"> <div class=md-footer__title> <span class=md-footer__direction> Next </span> <div class=md-ellipsis> Build from source </div> </div> <div class="md-footer__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z"/></svg> </div> </a> </nav> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-copyright> <div class=md-copyright__highlight> Copyright &copy; 2025 Headscale authors </div> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> <div class=md-social> <a href=https://github.com/juanfont/headscale target=_blank rel=noopener title=github.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 496 512"><!-- Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg> </a> <a href=https://ko-fi.com/headscale target=_blank rel=noopener title=ko-fi.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M2 21h18v-2H2M20 8h-2V5h2m0-2H4v10a4 4 0 0 0 4 4h6a4 4 0 0 0 4-4v-3h2a2 2 0 0 0 2-2V5a2 2 0 0 0-2-2"/></svg> </a> <a href=https://github.com/juanfont/headscale/pkgs/container/headscale target=_blank rel=noopener title=github.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 640 512"><!-- Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https