Compare commits

...

10 Commits

Author SHA1 Message Date
Juan Font f491db232b Merge pull request #55 from cure/letsencrypt-more-flexible-config
Turn the combination of TLS-ALPN-01 and listen_addr on a port other than
2021-07-17 11:01:08 +02:00
Ward Vandewege 9a24340bd4 Turn the combination of TLS-ALPN-01 and listen_addr on a port other than
443 into a warning, not an error, refs #53.
2021-07-16 22:02:05 -04:00
Juan Font 6f20a1fc68 Merge pull request #51 from tianon/typo
Fix minor typo
2021-07-16 18:04:46 +02:00
Tianon Gravi 243b961cbe Fix minor typo
> Error: unknown command "namespace" for "headscale"
2021-07-16 15:07:13 +00:00
Juan Font Alonso 5748744134 Use ubuntu 18.04 as build env 2021-07-12 17:04:28 +02:00
Juan Font 31556e1ac0 Merge pull request #48 from juanfont/better-profile-info
Improving namespace/user support
2021-07-11 16:44:16 +02:00
Juan Font Alonso 0159649d0a Send the namespace name as user to the clients 2021-07-11 16:39:19 +02:00
Juan Font Alonso cf9d920e4a Minor typo 2021-07-11 15:10:37 +02:00
Juan Font Alonso 7d46dfe012 Only load ACLs if a path is present 2021-07-11 15:10:11 +02:00
Juan Font Alonso eabb1ce881 Fix minor typo on the register webpage 2021-07-11 15:05:32 +02:00
9 changed files with 28 additions and 20 deletions
+1 -1
View File
@@ -7,7 +7,7 @@ on:
jobs:
goreleaser:
runs-on: ubuntu-latest
runs-on: ubuntu-18.04 # due to CGO we need to user an older version
steps:
-
name: Checkout
+1 -2
View File
@@ -62,8 +62,7 @@ archives:
- linux-armhf
- linux-amd64
name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
format: zip
# wrap_in_directory: true
format: binary
checksum:
name_template: 'checksums.txt'
+1 -1
View File
@@ -62,7 +62,7 @@ Suggestions/PRs welcomed!
4. Create a namespace (a namespace is a 'tailnet', a group of Tailscale nodes that can talk to each other)
```shell
headscale namespace create myfirstnamespace
headscale namespaces create myfirstnamespace
```
5. Run the server
+12 -5
View File
@@ -46,7 +46,7 @@ func (h *Headscale) RegisterWebAPI(c *gin.Context) {
<p>
<code>
<b>headscale -n NAMESPACE node register %s</b>
<b>headscale -n NAMESPACE nodes register %s</b>
</code>
</p>
@@ -76,7 +76,7 @@ func (h *Headscale) RegistrationHandler(c *gin.Context) {
}
var m Machine
if result := h.db.First(&m, "machine_key = ?", mKey.HexString()); errors.Is(result.Error, gorm.ErrRecordNotFound) {
if result := h.db.Preload("Namespace").First(&m, "machine_key = ?", mKey.HexString()); errors.Is(result.Error, gorm.ErrRecordNotFound) {
log.Println("New Machine!")
m = Machine{
Expiry: &req.Expiry,
@@ -200,7 +200,7 @@ func (h *Headscale) PollNetMapHandler(c *gin.Context) {
}
var m Machine
if result := h.db.First(&m, "machine_key = ?", mKey.HexString()); errors.Is(result.Error, gorm.ErrRecordNotFound) {
if result := h.db.Preload("Namespace").First(&m, "machine_key = ?", mKey.HexString()); errors.Is(result.Error, gorm.ErrRecordNotFound) {
log.Printf("Ignoring request, cannot find machine with key %s", mKey.HexString())
c.String(http.StatusUnauthorized, "")
return
@@ -357,16 +357,23 @@ func (h *Headscale) getMapResponse(mKey wgkey.Key, req tailcfg.MapRequest, m Mac
log.Printf("Cannot fetch peers: %s", err)
return nil, err
}
profile := tailcfg.UserProfile{
ID: tailcfg.UserID(m.NamespaceID),
LoginName: m.Namespace.Name,
DisplayName: m.Namespace.Name,
}
resp := tailcfg.MapResponse{
KeepAlive: false,
Node: node,
Peers: *peers,
DNS: []netaddr.IP{},
SearchPaths: []string{},
Domain: "foobar@example.com",
Domain: "headscale.net",
PacketFilter: *h.aclRules,
DERPMap: h.cfg.DerpMap,
UserProfiles: []tailcfg.UserProfile{},
UserProfiles: []tailcfg.UserProfile{profile},
}
var respBody []byte
+2 -2
View File
@@ -78,7 +78,7 @@ func NewHeadscale(cfg Config) (*Headscale, error) {
case "sqlite3":
dbString = cfg.DBpath
default:
return nil, errors.New("Unsupported DB")
return nil, errors.New("unsupported DB")
}
h := Headscale{
@@ -175,7 +175,7 @@ func (h *Headscale) Serve() error {
}()
err = s.ListenAndServeTLS("", "")
} else {
return errors.New("Unknown value for TLSLetsEncryptChallengeType")
return errors.New("unknown value for TLSLetsEncryptChallengeType")
}
} else if h.cfg.TLSCertPath == "" {
if !strings.HasPrefix(h.cfg.ServerURL, "http://") {
+8 -4
View File
@@ -48,7 +48,8 @@ func LoadConfig(path string) error {
}
if (viper.GetString("tls_letsencrypt_hostname") != "") && (viper.GetString("tls_letsencrypt_challenge_type") == "TLS-ALPN-01") && (!strings.HasSuffix(viper.GetString("listen_addr"), ":443")) {
errorText += "Fatal config error: when using tls_letsencrypt_hostname with TLS-ALPN-01 as challenge type, listen_addr must end in :443\n"
// this is only a warning because there could be something sitting in front of headscale that redirects the traffic (e.g. an iptables rule)
log.Println("Warning: when using tls_letsencrypt_hostname with TLS-ALPN-01 as challenge type, headscale must be reachable on port 443, i.e. listen_addr should probably end in :443")
}
if (viper.GetString("tls_letsencrypt_challenge_type") != "HTTP-01") && (viper.GetString("tls_letsencrypt_challenge_type") != "TLS-ALPN-01") {
@@ -121,9 +122,12 @@ func getHeadscaleApp() (*headscale.Headscale, error) {
}
// We are doing this here, as in the future could be cool to have it also hot-reload
err = h.LoadACLPolicy(absPath(viper.GetString("acl_policy_path")))
if err != nil {
log.Printf("Could not load the ACL policy: %s", err)
if viper.GetString("acl_policy_path") != "" {
err = h.LoadACLPolicy(absPath(viper.GetString("acl_policy_path")))
if err != nil {
log.Printf("Could not load the ACL policy: %s", err)
}
}
return h, nil
+1 -2
View File
@@ -126,6 +126,5 @@ func (*Suite) TestTLSConfigValidation(c *check.C) {
configYaml = []byte("---\nserver_url: \"http://127.0.0.1:8000\"\ntls_letsencrypt_hostname: \"example.com\"\ntls_letsencrypt_challenge_type: \"TLS-ALPN-01\"")
writeConfig(c, tmpDir, configYaml)
err = cli.LoadConfig(tmpDir)
c.Assert(err, check.NotNil)
c.Assert(err, check.ErrorMatches, "Fatal config error: when using tls_letsencrypt_hostname with TLS-ALPN-01 as challenge type, listen_addr must end in :443.*")
c.Assert(err, check.IsNil)
}
-1
View File
@@ -154,7 +154,6 @@ func (m Machine) toNode() (*tailcfg.Node, error) {
}
func (h *Headscale) getPeers(m Machine) (*[]*tailcfg.Node, error) {
machines := []Machine{}
if err := h.db.Where("namespace_id = ? AND machine_key <> ? AND registered",
m.NamespaceID, m.MachineKey).Find(&machines).Error; err != nil {
+2 -2
View File
@@ -106,10 +106,10 @@ func (h *Headscale) SetMachineNamespace(m *Machine, namespaceName string) error
func (n *Namespace) toUser() *tailcfg.User {
u := tailcfg.User{
ID: tailcfg.UserID(n.ID),
LoginName: "",
LoginName: n.Name,
DisplayName: n.Name,
ProfilePicURL: "",
Domain: "",
Domain: "headscale.net",
Logins: []tailcfg.LoginID{},
Created: time.Time{},
}