From 4ee5f15f3045091ec285a094cf81c75b6a3789e2 Mon Sep 17 00:00:00 2001
From: Nite07 <admin@nite07.com>
Date: Tue, 7 May 2024 12:59:33 +0800
Subject: [PATCH] :wrench: Modify Dockerfile

---
 Dockerfile | 12 ++++++++----
 README.md  | 47 +++++++++++++++++++++++++++--------------------
 2 files changed, 35 insertions(+), 24 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ae2c204..c6a7a4c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM golang:latest AS builder
 WORKDIR /app
 
 # https://tailscale.com/kb/1118/custom-derp-servers/
-RUN go install tailscale.com/cmd/derper@main
+RUN CGO_ENABLED=0 GOOS=linux go install -tags netgo -ldflags '-w -extldflags "-static"' tailscale.com/cmd/derper@main
 
 FROM alpine:latest
 WORKDIR /app
@@ -10,17 +10,21 @@ WORKDIR /app
 RUN apk --no-cache add ca-certificates
 RUN mkdir /app/certs
 
-ENV DERP_DOMAIN example.com
+ENV DERP_HOSTNAME example.com
+ENV DERP_CERTMODE letsencrypt
+ENV DERP_ADDR :443
 
 COPY --from=builder /go/bin/derper .
 
 EXPOSE 80 443 3478
+
 VOLUME ["/app/certs"]
 
-CMD /app/derper --hostname=$DERP_DOMAIN \
+CMD /app/derper --hostname=$DERP_HOSTNAME \
+    --a=$DERP_ADDR \
     --certdir=/app/certs \
     --verify-clients=true \
-    --certmode manual
+    --certmode=$DERP_CERTMODE
 
 # derper --help
 # 使用方法说明:
diff --git a/README.md b/README.md
index f714ab7..3090ba9 100644
--- a/README.md
+++ b/README.md
@@ -1,33 +1,40 @@
+# Environment Variables
+
+| Name          | Description                                                                          | Default Value |
+| ------------- | ------------------------------------------------------------------------------------ | ------------- |
+| DERP_HOSTNAME | Specifies the domain for the DERP server.                                            | `example.com` |
+| DERP_CERTMODE | Determines the SSL/TLS certificate management mode. Options: `manual`, `letsencrypt` | `letsencrypt` |
+| DERP_ADDR     | Sets the server address and port to bind to.                                         | `:443`        |
+
+# Volumes
+
+| Name       | Description                                      |
+| ---------- | ------------------------------------------------ |
+| /app/certs | Directory where SSL/TLS certificates are stored. |
+
 # Usage
 
+## Running Directly with SSL/TLS
+
 ```shell
 docker run -d --name derper \
-  -p 80:80 -p 443:443 -p 3478:3478 \
+  -p 443:443 -p 3478:3478 \
   -e DERP_DOMAIN=example.com \
+  -e DERP_CERTMODE=manual \
   -v /path/to/certs:/app/certs \
   nite07/tailscale-derp-docker:latest
 ```
 
-## Docker Compose
+## Running Behind a Reverse Proxy
 
-```yaml
-version: "3.8"
-services:
-  derper:
-    container_name: derper
-    ports:
-      - 80:80
-      - 443:443
-      - 3478:3478
-    environment:
-      - DERP_DOMAIN=example.com
-    volumes:
-      - /path/to/certs:/app/certs
-    image: nite07/tailscale-derp-docker:latest
+```shell
+docker run -d --name derper \
+  -p 8080:80 -p 3478:3478 \
+  -e DERP_DOMAIN=example.com \
+  -e DERP_ADDR=:80 \
+  nite07/tailscale-derp-docker:latest
 ```
 
-# Env
+## Adding DERP servers to your tailnet
 
-| Name        | Description        |
-| ----------- | ------------------ |
-| DERP_DOMAIN | The domain to use. |
+reference: https://tailscale.com/kb/1118/custom-derp-servers#step-2-adding-derp-servers-to-your-tailnet