Self-hosted implementation of the Tailscale control server for a single WireGuard-based tailnet
- Stars40k
- Forks2.2k
- Open Issues113
BSD-3-Clause
- Go
- Nix
- Shell
About Headscale
Headscale is a self-hosted implementation of the Tailscale control server. It lets you run the coordination server for a Tailscale network yourself, instead of relying on the hosted Tailscale service. It is aimed at self-hosters, hobbyists, projects, labs, and small open-source organizations that want to run a single tailnet.
Tailscale builds a WireGuard-based overlay network between your computers using NAT traversal. As the control server, Headscale exchanges WireGuard public keys between nodes, assigns each client an IP address, sets boundaries between users, enables machine sharing between users, and exposes the advertised routes of your nodes. Standard Tailscale clients connect to it.
Headscale is not associated with Tailscale Inc. It implements a deliberately narrow scope: a single tailnet suited to personal use or a small organization. The maintainers do not support or encourage running it behind reverse proxies or in containers.
Key features
- Self-hosted Tailscale control server implementation
- WireGuard public key exchange for nodes
- Client IP address assignment
- User boundaries and machine sharing
- Advertised route exposure from nodes
Details
- First released
- 2020
- Self-hosting
- Self-hosted control server
- Scope
- Single Tailscale network
- Network
- WireGuard overlay with NAT traversal
- Use case
- Personal use · small organizations
- Containers
- Not supported or encouraged