Headscale

Description / name	Input element
Container Registry	GitHub Container Registry
Container Configuration Root Path
Timezone	UTC
User ID
Group ID
Headscale Host Port
Headscale /config Path

An open source, self-hosted implementation of the Tailscale control server.

Port	8080
Registry	ghcr.io/daemonless/headscale
Daemonless	daemonless/headscale
Source	juanfont/headscale
Website	headscale.net

Version Tags

Tag	Description	Best For
latest	Built from the official upstream FreeBSD release binary.	Most users. Matches Linux Docker behavior.
pkg	Installed from the FreeBSD quarterly package repository.	Alternative build.
pkg-latest	Installed from the FreeBSD latest package repository.	Alternative build.

Root Privileges Required

Podman on FreeBSD currently requires root. All commands must be run as root (or via doas/sudo).

Before deploying, ensure your host environment is ready. See the Quick Start Guide for host setup instructions.

Deployment

Podman Compose AppJail Director Podman CLI Ansible

services:
  headscale:
    image: ghcr.io/daemonless/headscale:latest
    container_name: headscale
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    volumes:
      - "/path/to/containers/headscale:/config"
    ports:
      - 8080:8080
      - 3478:3478
    restart: unless-stopped

Download compose.yaml

DIRECTOR_PROJECT=headscale
PUID=1000
PGID=1000
TZ=UTC

options:
  - virtualnet: ':<random> default'
  - nat:
services:
  headscale:
    name: headscale
    options:
      - container: 'boot args:--pull'
    oci:
      user: root
      environment:
        - PUID: !ENV '${PUID}'
        - PGID: !ENV '${PGID}'
        - TZ: !ENV '${TZ}'
    volumes:
      - HEADSCALE_CONFIG_PATH: /config
volumes:
  HEADSCALE_CONFIG_PATH:
    device: '/path/to/containers/headscale'

ARG tag=latest

OPTION overwrite=force
OPTION from=ghcr.io/daemonless/headscale:${tag}

Download Headscale Appjail (.zip)

podman run -d --name headscale \
  -p 8080:8080 \
  -p 3478:3478 \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=UTC \
  -v /path/to/containers/headscale:/config \
  ghcr.io/daemonless/headscale:latest

Download run.sh

- name: Deploy headscale
  containers.podman.podman_container:
    name: headscale
    image: ghcr.io/daemonless/headscale:latest
    state: started
    restart_policy: always
    env:
      PUID: "1000"
      PGID: "1000"
      TZ: "UTC"
    ports:
      - "8080:8080"
      - "3478:3478"
    volumes:
      - "/path/to/containers/headscale:/config"

Download headscale-deploy.yaml

Interactive Configuration

Parameters

Environment Variables

Variable	Default	Description
PUID	1000	User ID for the application process
PGID	1000	Group ID for the application process
TZ	UTC	Timezone for the container

Volumes

Path	Description
/config	Configuration directory

Ports

Port	Protocol	Description
8080	TCP	Control server (HTTP)
3478	UDP	Embedded DERP STUN (UDP)

Implementation Details

• Architectures: amd64
• User: bsd (UID/GID set via PUID/PGID). Defaults to 1000:1000.
• Base: Built on ghcr.io/daemonless/base (FreeBSD 15.0).

---

Need help? Join our Discord community.