From 252c68c50a5f6b667f2bc1528b0b022d8a8afbb0 Mon Sep 17 00:00:00 2001 From: Ward Vandewege Date: Fri, 23 Apr 2021 16:54:35 -0400 Subject: [PATCH] Add HTTPS support for the web endpoint with manually configured certificate/key files. --- app.go | 17 ++++++++++++++++- cmd/headscale/headscale.go | 4 ++++ config.json.example | 4 +++- 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/app.go b/app.go index 3466a396..7391dd19 100644 --- a/app.go +++ b/app.go @@ -3,6 +3,7 @@ package headscale import ( "fmt" "os" + "strings" "sync" "github.com/gin-gonic/gin" @@ -22,6 +23,9 @@ type Config struct { DBname string DBuser string DBpass string + + TLSCertPath string + TLSKeyPath string } // Headscale represents the base app of the service @@ -68,6 +72,17 @@ func (h *Headscale) Serve() error { r.GET("/register", h.RegisterWebAPI) r.POST("/machine/:id/map", h.PollNetMapHandler) r.POST("/machine/:id", h.RegistrationHandler) - err := r.Run(h.cfg.Addr) + var err error + if h.cfg.TLSCertPath == "" { + if !strings.HasPrefix(h.cfg.ServerURL, "http://") { + fmt.Println("WARNING: listening without TLS but ServerURL does not start with http://") + } + err = r.Run(h.cfg.Addr) + } else { + if !strings.HasPrefix(h.cfg.ServerURL, "https://") { + fmt.Println("WARNING: listening with TLS but ServerURL does not start with https://") + } + err = r.RunTLS(h.cfg.Addr, h.cfg.TLSCertPath, h.cfg.TLSKeyPath) + } return err } diff --git a/cmd/headscale/headscale.go b/cmd/headscale/headscale.go index 4c967fd7..8e8c0059 100644 --- a/cmd/headscale/headscale.go +++ b/cmd/headscale/headscale.go @@ -311,7 +311,11 @@ func getHeadscaleApp() (*headscale.Headscale, error) { DBname: viper.GetString("db_name"), DBuser: viper.GetString("db_user"), DBpass: viper.GetString("db_pass"), + + TLSCertPath: absPath(viper.GetString("tls_cert_path")), + TLSKeyPath: absPath(viper.GetString("tls_key_path")), } + h, err := headscale.NewHeadscale(cfg) if err != nil { return nil, err diff --git a/config.json.example b/config.json.example index 6b4a62ab..faee7a80 100644 --- a/config.json.example +++ b/config.json.example @@ -7,5 +7,7 @@ "db_port": 5432, "db_name": "headscale", "db_user": "foo", - "db_pass": "bar" + "db_pass": "bar", + "tls_cert_path": "", + "tls_key_path": "" }