diff --git a/cmd/headscale/cli/utils.go b/cmd/headscale/cli/utils.go index 662196e7..05b2f54a 100644 --- a/cmd/headscale/cli/utils.go +++ b/cmd/headscale/cli/utils.go @@ -48,7 +48,8 @@ func LoadConfig(path string) error { } if (viper.GetString("tls_letsencrypt_hostname") != "") && (viper.GetString("tls_letsencrypt_challenge_type") == "TLS-ALPN-01") && (!strings.HasSuffix(viper.GetString("listen_addr"), ":443")) { - errorText += "Fatal config error: when using tls_letsencrypt_hostname with TLS-ALPN-01 as challenge type, listen_addr must end in :443\n" + // this is only a warning because there could be something sitting in front of headscale that redirects the traffic (e.g. an iptables rule) + log.Println("Warning: when using tls_letsencrypt_hostname with TLS-ALPN-01 as challenge type, headscale must be reachable on port 443, i.e. listen_addr should probably end in :443") } if (viper.GetString("tls_letsencrypt_challenge_type") != "HTTP-01") && (viper.GetString("tls_letsencrypt_challenge_type") != "TLS-ALPN-01") { diff --git a/cmd/headscale/headscale_test.go b/cmd/headscale/headscale_test.go index 838852c2..dc131715 100644 --- a/cmd/headscale/headscale_test.go +++ b/cmd/headscale/headscale_test.go @@ -126,6 +126,5 @@ func (*Suite) TestTLSConfigValidation(c *check.C) { configYaml = []byte("---\nserver_url: \"http://127.0.0.1:8000\"\ntls_letsencrypt_hostname: \"example.com\"\ntls_letsencrypt_challenge_type: \"TLS-ALPN-01\"") writeConfig(c, tmpDir, configYaml) err = cli.LoadConfig(tmpDir) - c.Assert(err, check.NotNil) - c.Assert(err, check.ErrorMatches, "Fatal config error: when using tls_letsencrypt_hostname with TLS-ALPN-01 as challenge type, listen_addr must end in :443.*") + c.Assert(err, check.IsNil) }