Tailscale does not require a domain name and SSL certificate, it self-hosts DERP relay service.

Here is the method to set up a custom DERP server on Ubuntu without the need for a domain name and SSL certificate, but requiring a public IP (the network server will provide a public IP, such as AWS, Alibaba Cloud, etc.):

apt update && apt install -y wget git openssl curl sudo vim systemctl cron
Check the latest version of go here
wget https://golang.google.cn/dl/go1.21.3.linux-amd64.tar.gz and replace 1.21.3 with the latest version number
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.21.3.linux-amd64.tar.gz to replace the default system go
Modify the system variable export PATH=$PATH:/usr/local/go/bin

If you are in China, add go source:

go env -w GO111MODULE=on
go env -w GOPROXY=https://goproxy.cn,direct

Install DERPER go install tailscale.com/cmd/derper@main
Go to the folder ~/go/pkg/mod/[tailscale]/cmd/derper, then modify the file vim cert.go and delete the validation-related content:
```
if hi.ServerName != m.hostname {
   return nil, fmt.Errorf("cert mismatch with hostname: %q", hi.ServerName)
}
```
Compile DERPER: go build -o /etc/derp/derper
Generate a self-signed SSL certificate openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /etc/derp/derp.test.com.key -out /etc/derp/derp.test.com.crt -subj "/CN=derp.test.com" -addext "subjectAltName=DNS:derp.test.com"
Create a system service vim /etc/systemd/system/derp.service:
```
[Unit]

Description=TS Derper

After=network.target

Wants=network.target

[Service]

User=root

Restart=always

ExecStart=/etc/derp/derper -hostname derp.test.com -a :12345 -http-port 33446 -certmode manual -certdir /etc/derp --verify-clients

RestartSec=5

StartLimitInterval=0

[Install]

WantedBy=multi-user.target
```
12345 is the port number of the DERP node, which needs to be exposed to the public network using the TCP protocol. You can also set your preferred port number. Port 3478 needs to be exposed using the UDP protocol, and this port number cannot be changed as it is required for the stun service.
```
systemctl enable derp
systemctl start derp
systemctl status derp
```
After running the above commands, DERP should be displayed as active. Then open https://IP:PORT in a browser, and you will see:
```
DERP
This is a Tailscale DERP server
```

Open the Tailscale Admin Console, click on Access Controls, and copy the following content above ssh:

"derpMap": {
   "OmitDefaultRegions": true, // If true, do not use Tailscale's default DERP nodes
   "Regions": {
      "900": {  // Can be any number greater than 900
         "RegionID":   900, // Same as above
         "RegionCode": "myDerp",
         "Nodes": [
            {
               "Name":             "1",
               "RegionID":         900, // Same as above
               "HostName":         "xxx.xxx.xxx.xxx", // Your IP
               "DERPPort":         12345, // Your port
               "InsecureForTests": true, // Must be true to skip certificate verification
            },
         ],
      },
   },
},

Check if the DERP node is working by running tailscale netcheck on another device.

Report:
 * UDP: false
 * IPv4: (no addr found)
 * IPv6: no, but OS has support
 * MappingVariesByDestIP:
 * HairPinning:
 * PortMapping:
 * CaptivePortal: false
 * Nearest DERP: Amsterdam
 * DERP latency:
       - ams: 12ms    (Amsterdam)
       - lhr: 13ms    (London)
       - hans: 13.1ms  ()

Wow, the speed of the nodes in my house is slower than the default.

The DERPER service will always crash, so for safety reasons, we need to restart the service periodically. crontab is the best choice.

systemctl start cron
systemctl enable cron
systemctl status cron

Run crontab -e and paste 0 */12 * * * systemctl start derp inside. The DERPER service will restart every 12 hours. Then press ESC, enter :wq to exit.