The advanced integration methods unlock the full capabilities of Headplane. This is the closest you can get to the SaaS experience if you were paying for Tailscale.
The advanced integration allows you to manage the Headscale configuration via
the Headplane UI. When the configuration is available for editing, the DNS
and Settings
tabs will become available. When using the Docker or Kubernetes
integration, changes to the configuration file will be automatically applied
to Headscale.
By default, the configuration file is read from
/etc/headscale/config.yaml
. This can be overridden by setting theCONFIG_FILE
environment variable. Any variables includingHEADSCALE_URL
,OIDC_CLIENT_ID
,OIDC_ISSUER
, andOIDC_CLIENT_SECRET
will take priority over the configuration file.
The advanced integration allows you to manage the ACLs via the Headplane UI.
When the ACL file is available for editing, the Access Controls
tab will
become available. All of the integrations support automatic reloading of the
ACLs when the file is changed.
By default, the ACL file is read from
/etc/headscale/acl_policy.json
. Ifpolicy.path
is set andpolicy.mode
is set tofile
, the ACL file will be read from the path specified in the configuration file instead.
Requirements:
- Headscale 0.23 or newer
- Headscale and Headplane need a Reverse Proxy (NGINX, Traefik, Caddy, etc)
Currently there are 3 integration providers that can do this for you:
Once configured, the Headplane UI will be available at the /admin
path
of the server you deployed it on. This is currently not configurable unless
you build the Docker image yourself or run the Node.js server directly.
Additionally, if you require access to health information for either Docker
or Kubernetes, the /admin/healthz
path will be available. This is useful for
monitoring services like Prometheus or Grafana.