# Cron Job: Tailscale Funnel 外网访问修复 **Job ID:** d80e27fb6e52 **Run Time:** 2026-05-19 10:01:28 **Schedule:** 0 10 * * * ## Prompt [IMPORTANT: The user has invoked the "minimax-search" skill, indicating they want you to follow its instructions. The full skill content is loaded below.] --- name: minimax-search description: MiniMax Token Plan 网络搜索 - 当需要搜索中文内容、中国相关主题,或 Tavily 不可用时使用 triggers: - 搜索中文内容 - 搜索中国相关新闻 - MiniMax 相关搜索 - Tavily 额度用尽 --- # MiniMax 搜索技能 ## API 端点 - URL: `POST https://api.minimaxi.com/v1/coding_plan/search` - 认证: `Authorization: Bearer {MINIMAX_API_KEY}` ## 请求格式 ```python import requests api_key = "sk-cp-..." # MiniMax Token Plan Key url = "https://api.minimaxi.com/v1/coding_plan/search" headers = { "Authorization": f"Bearer {api_key}", "Content-Type": "application/json" } payload = {"q": "搜索查询词"} response = requests.post(url, headers=headers, json=payload) data = response.json() for item in data.get("organic", []): print(f"标题: {item['title']}") print(f"链接: {item['link']}") print(f"摘要: {item['snippet']}") ``` ## 路由策略 - 默认搜索: Tavily (`web.search_backend: tavily`) - 中文/中国内容: MiniMax `/v1/coding_plan/search` - 用户指定: MiniMax The user has provided the following instruction alongside the skill invocation: [IMPORTANT: You are running as a scheduled cron job. DELIVERY: Your final response will be automatically delivered to the user — do NOT use send_message or try to deliver the output yourself. Just produce your report/output as your final response and the system handles the rest. SILENT: If there is genuinely nothing new to report, respond with exactly "[SILENT]" (nothing else) to suppress delivery. Never combine [SILENT] with content — either report your findings normally, or say [SILENT] and nothing more.] 继续完成上次未完成的任务:修复 Tailscale Funnel 外网访问问题。 **背景:** - Tailscale 运行在 userspace-networking 模式,Socket: /tmp/tailscaled.sock - Funnel 已配置:https://kuhnn-lenovo-ideapad-710s-13isk.tail95fef0.ts.net -> localhost:5679 - Funnel 状态显示 "tailnet only",表示只对 Tailscale 内网开放 - 问题:公网无法访问,原因是 systemd-resolved 不认识 .ts.net 域名,DNS 解析失败 **待完成的工作:** 1. 配置 systemd-resolved 将 .ts.net 域名转发给 Tailscale MagicDNS (100.100.100.100) - 命令:`sudo resolvectl dns tailscale0 100.100.100.100` - 命令:`sudo resolvectl domain tailscale0 tail95fef0.ts.net` - 或者修改 /etc/systemd/resolved.conf 2. 重启 systemd-resolved:`sudo systemctl restart systemd-resolved` 3. 验证 DNS 解析:`resolvectl query kuhnn-lenovo-ideapad-710s-13isk.tail95fef0.ts.net` 4. 测试 Funnel:curl https://kuhnn-lenovo-ideapad-710s-13isk.tail95fef0.ts.net 5. 如果 Funnel 仍不工作,检查是否需要调整 Funnel 策略或端口配置 **注意:** - 需要 sudo 权限执行 resolvectl 和修改 resolved.conf - 如果用户空间模式限制 Funnel 公网访问,可能需要改用 TUN 模式 - 完成后告知用户结果 用户是 K.W.,用中文交流。请用中文回复。 ## Response **问题分析:** Cron 环境无法使用 sudo(无交互式终端),因此无法启动 tailscaled 或修改 DNS 配置。 --- ## 需要手动完成的步骤 请在您的终端执行以下命令: ### 1. 启动 Tailscaled(如未运行) ```bash sudo tailscaled --socket=/tmp/tailscaled.sock ``` ### 2. 连接 Tailscale(如未登录) ```bash tailscale --socket=/tmp/tailscaled.sock up ``` ### 3. 配置 Funnel ```bash tailscale --socket=/tmp/tailscaled.sock funnel enable tailscale --socket=/tmp/tailscaled.sock funnel 5679 ``` ### 4. 配置 systemd-resolved 转发 .ts.net 域名 编辑 `/etc/systemd/resolved.conf`: ```bash sudo nano /etc/systemd/resolved.conf ``` 添加/修改: ``` DNS=100.100.100.100 Domains=~tail95fef0.ts.net ``` 或者使用命令: ```bash sudo resolvectl dns tailscale0 100.100.100.100 sudo resolvectl domain tailscale0 tail95fef0.ts.net ``` ### 5. 重启 systemd-resolved ```bash sudo systemctl restart systemd-resolved ``` ### 6. 验证 DNS 解析 ```bash resolvectl query kuhnn-lenovo-ideapad-710s-13isk.tail95fef0.ts.net ``` ### 7. 测试 Funnel ```bash curl -v https://kuhnn-lenovo-ideapad-710s-13isk.tail95fef0.ts.net ``` --- **关键点:** Funnel 显示 "tailnet only" 是因为 userspace-networking 模式下,Funnel 可能无法正确绑定公网端口。如果上述步骤完成后公网仍无法访问,可能需要切换到 **TUN 模式**(需要 root 权限重新配置)。 完成后请告诉我结果,我会继续协助排查。