devproje/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2024-11-26 08:53:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add notes to README.md about OIDC

Browse source
This commit is contained in:
Raal Goff 2021-10-10 22:52:30 +08:00
parent 74e6c1479e
commit 8843188b84
1 changed files with 39 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
README.md
View file

@ -28,6 +28,7 @@ Headscale implements this coordination server.
- [x] Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10) - [x] Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10)
- [x] DNS (passing DNS servers to nodes) - [x] DNS (passing DNS servers to nodes)
- [x] Share nodes between ~~users~~ namespaces - [x] Share nodes between ~~users~~ namespaces
- [x] SSO (via OIDC)
- [ ] MagicDNS / Smart DNS - [ ] MagicDNS / Smart DNS
## Client OS support ## Client OS support
@ -100,7 +101,21 @@ Suggestions/PRs welcomed!
docker exec <container_name> headscale create myfirstnamespace docker exec <container_name> headscale create myfirstnamespace
``` ```
5. Run the server 5. (Optional) Configure an OIDC Issuer
You can optionally configure an OIDC endpoint to which your users will be redirected to authenticate with headscale. In config.json set the following parameters:
```json
{
"oidc_issuer": "https://your-oidc.issuer.com/path",
"oidc_client_id": "your-oidc-client-id",
"oidc_client_secret": "your-oidc-client-secret"
}
```
If `oidc_issuer` is set, headscale will attempt to send your users to the OIDC server for authentication, otherwise it will give instructions on how to authorise clients via the CLI.
6. Run the server
```shell ```shell
headscale serve headscale serve
@ -114,7 +129,7 @@ Suggestions/PRs welcomed!
docker run -v $(pwd)/private.key:/private.key -v $(pwd)/config.json:/config.json -v $(pwd)/derp.yaml:/derp.yaml -v $(pwd)/db.sqlite:/db.sqlite -p 127.0.0.1:8080:8080 headscale/headscale:x.x.x headscale serve docker run -v $(pwd)/private.key:/private.key -v $(pwd)/config.json:/config.json -v $(pwd)/derp.yaml:/derp.yaml -v $(pwd)/db.sqlite:/db.sqlite -p 127.0.0.1:8080:8080 headscale/headscale:x.x.x headscale serve
``` ```
6. If you used tailscale.com before in your nodes, make sure you clear the tailscald data folder 7. If you used tailscale.com before in your nodes, make sure you clear the tailscald data folder
```shell ```shell
systemctl stop tailscaled systemctl stop tailscaled
@ -122,15 +137,15 @@ Suggestions/PRs welcomed!
systemctl start tailscaled systemctl start tailscaled
``` ```
7. Add your first machine 8. Add your first machine
```shell ```shell
tailscale up --login-server YOUR_HEADSCALE_URL tailscale up --login-server YOUR_HEADSCALE_URL
``` ```
8. Navigate to the URL you will get with `tailscale up`, where you'll find your machine key. 9. Navigate to the URL you will get with `tailscale up`, where you'll find your machine key. If OIDC is configured, once you login your user will be added to a namespace automatically, and you can skip step 10.
9. In the server, register your machine to a namespace with the CLI 10. In the server, register your machine to a namespace with the CLI
```shell ```shell
headscale -n myfirstnamespace nodes register YOURMACHINEKEY headscale -n myfirstnamespace nodes register YOURMACHINEKEY
``` ```
@ -218,6 +233,14 @@ Headscale's configuration file is named `config.json` or `config.yaml`. Headscal
The fields starting with `db_` are used for the PostgreSQL connection information. The fields starting with `db_` are used for the PostgreSQL connection information.
OpenID Connect settings:
```
"oidc_issuer": "https://your-oidc.issuer.com/path",
"oidc_client_id": "your-oidc-client-id",
"oidc_client_secret": "your-oidc-client-secret"
```
### Running the service via TLS (optional) ### Running the service via TLS (optional)
``` ```