mirror of
https://github.com/juanfont/headscale.git
synced 2024-11-26 08:53:05 +00:00
Compare commits
5 commits
3697b4d7b6
...
68627fa177
Author | SHA1 | Date | |
---|---|---|---|
|
68627fa177 | ||
|
6275399327 | ||
|
29119bb7f4 | ||
|
93ba21ede5 | ||
|
137f0e3e12 |
8 changed files with 25 additions and 20 deletions
|
@ -45,11 +45,11 @@ headscale server.
|
||||||
|
|
||||||
ACLs have to be written in [huJSON](https://github.com/tailscale/hujson).
|
ACLs have to be written in [huJSON](https://github.com/tailscale/hujson).
|
||||||
|
|
||||||
When registering the servers we will need to add the flag
|
When [registering the servers](../usage/getting-started.md#register-a-node) we
|
||||||
`--advertise-tags=tag:<tag1>,tag:<tag2>`, and the user that is
|
will need to add the flag `--advertise-tags=tag:<tag1>,tag:<tag2>`, and the user
|
||||||
registering the server should be allowed to do it. Since anyone can add tags to
|
that is registering the server should be allowed to do it. Since anyone can add
|
||||||
a server they can register, the check of the tags is done on headscale server
|
tags to a server they can register, the check of the tags is done on headscale
|
||||||
and only valid tags are applied. A tag is valid if the user that is
|
server and only valid tags are applied. A tag is valid if the user that is
|
||||||
registering it is allowed to do it.
|
registering it is allowed to do it.
|
||||||
|
|
||||||
To use ACLs in headscale, you must edit your `config.yaml` file. In there you will find a `policy.path` parameter. This will need to point to your ACL file. More info on how these policies are written can be found [here](https://tailscale.com/kb/1018/acls/).
|
To use ACLs in headscale, you must edit your `config.yaml` file. In there you will find a `policy.path` parameter. This will need to point to your ACL file. More info on how these policies are written can be found [here](https://tailscale.com/kb/1018/acls/).
|
||||||
|
|
|
@ -9,6 +9,8 @@ tls_cert_path: ""
|
||||||
tls_key_path: ""
|
tls_key_path: ""
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The certificate should contain the full chain, else some clients, like the Tailscale Android client, will reject it.
|
||||||
|
|
||||||
## Let's Encrypt / ACME
|
## Let's Encrypt / ACME
|
||||||
|
|
||||||
To get a certificate automatically via [Let's Encrypt](https://letsencrypt.org/), set `tls_letsencrypt_hostname` to the desired certificate hostname. This name must resolve to the IP address(es) headscale is reachable on (i.e., it must correspond to the `server_url` configuration parameter). The certificate and Let's Encrypt account credentials will be stored in the directory configured in `tls_letsencrypt_cache_dir`. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.
|
To get a certificate automatically via [Let's Encrypt](https://letsencrypt.org/), set `tls_letsencrypt_hostname` to the desired certificate hostname. This name must resolve to the IP address(es) headscale is reachable on (i.e., it must correspond to the `server_url` configuration parameter). The certificate and Let's Encrypt account credentials will be stored in the directory configured in `tls_letsencrypt_cache_dir`. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.
|
||||||
|
|
|
@ -60,7 +60,7 @@ Install the official Tailscale tvOS client from the [App Store](https://apps.app
|
||||||
|
|
||||||
### Configuring the headscale URL
|
### Configuring the headscale URL
|
||||||
|
|
||||||
- Go Settings (the apple tvOS settings) > Apps > Tailscale
|
- Open Settings (the Apple tvOS settings) > Apps > Tailscale
|
||||||
- Under `ALTERNATE COORDINATION SERVER URL`, select `URL`
|
- Under `ALTERNATE COORDINATION SERVER URL`, select `URL`
|
||||||
- Enter the URL of your headscale instance (e.g `https://headscale.example.com`) and press `OK`
|
- Enter the URL of your headscale instance (e.g `https://headscale.example.com`) and press `OK`
|
||||||
- Return to the tvOS Home screen
|
- Return to the tvOS Home screen
|
||||||
|
|
|
@ -9,6 +9,8 @@ This page helps you get started with headscale and provides a few usage examples
|
||||||
installation instructions.
|
installation instructions.
|
||||||
* The configuration file exists and is adjusted to suit your environment, see
|
* The configuration file exists and is adjusted to suit your environment, see
|
||||||
[Configuration](../ref/configuration.md) for details.
|
[Configuration](../ref/configuration.md) for details.
|
||||||
|
* Headscale is reachable from the Internet. Verify this by opening client specific setup instructions in your
|
||||||
|
browser, e.g. https://headscale.example.com/windows
|
||||||
* The Tailscale client is installed, see [Client and operating system support](../about/clients.md) for more
|
* The Tailscale client is installed, see [Client and operating system support](../about/clients.md) for more
|
||||||
information.
|
information.
|
||||||
|
|
||||||
|
|
12
flake.lock
12
flake.lock
|
@ -5,11 +5,11 @@
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726560853,
|
"lastModified": 1731533236,
|
||||||
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -20,11 +20,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730958623,
|
"lastModified": 1731763621,
|
||||||
"narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=",
|
"narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "85f7e662eda4fa3a995556527c87b2524b691933",
|
"rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -223,7 +223,7 @@ func (s *AuthOIDCScenario) runMockOIDC(accessTTL time.Duration) (*types.OIDCConf
|
||||||
}
|
}
|
||||||
|
|
||||||
headscaleBuildOptions := &dockertest.BuildOptions{
|
headscaleBuildOptions := &dockertest.BuildOptions{
|
||||||
Dockerfile: "Dockerfile.debug",
|
Dockerfile: hsic.IntegrationTestDockerFileName,
|
||||||
ContextDir: dockerContextPath,
|
ContextDir: dockerContextPath,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -35,12 +35,13 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
hsicHashLength = 6
|
hsicHashLength = 6
|
||||||
dockerContextPath = "../."
|
dockerContextPath = "../."
|
||||||
aclPolicyPath = "/etc/headscale/acl.hujson"
|
aclPolicyPath = "/etc/headscale/acl.hujson"
|
||||||
tlsCertPath = "/etc/headscale/tls.cert"
|
tlsCertPath = "/etc/headscale/tls.cert"
|
||||||
tlsKeyPath = "/etc/headscale/tls.key"
|
tlsKeyPath = "/etc/headscale/tls.key"
|
||||||
headscaleDefaultPort = 8080
|
headscaleDefaultPort = 8080
|
||||||
|
IntegrationTestDockerFileName = "Dockerfile.integration"
|
||||||
)
|
)
|
||||||
|
|
||||||
var errHeadscaleStatusCodeNotOk = errors.New("headscale status code not ok")
|
var errHeadscaleStatusCodeNotOk = errors.New("headscale status code not ok")
|
||||||
|
@ -260,7 +261,7 @@ func New(
|
||||||
}
|
}
|
||||||
|
|
||||||
headscaleBuildOptions := &dockertest.BuildOptions{
|
headscaleBuildOptions := &dockertest.BuildOptions{
|
||||||
Dockerfile: "Dockerfile.debug",
|
Dockerfile: IntegrationTestDockerFileName,
|
||||||
ContextDir: dockerContextPath,
|
ContextDir: dockerContextPath,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue