Compare commits

...

5 commits

Author SHA1 Message Date
Kristoffer Dalby
68627fa177
Merge 137f0e3e12 into 6275399327 2024-11-18 21:28:36 +01:00
Nathan Sweet
6275399327
Update tls.md to mention using the full cert chain (#2243)
Some checks failed
Build / build (push) Has been cancelled
Build documentation / build (push) Has been cancelled
Tests / test (push) Has been cancelled
Build documentation / deploy (push) Has been cancelled
2024-11-18 06:12:12 +00:00
nblock
29119bb7f4
Misc doc fixes (#2240)
Some checks are pending
Build / build (push) Waiting to run
Build documentation / build (push) Waiting to run
Build documentation / deploy (push) Blocked by required conditions
Tests / test (push) Waiting to run
* Link back to node registration docs
* adjust wording in apple docs
* Mention client specific page to check if headscale works

Ref: #2238
2024-11-18 05:46:58 +01:00
github-actions[bot]
93ba21ede5
flake.lock: Update (#2239)
Some checks are pending
Build / build (push) Waiting to run
Build documentation / build (push) Waiting to run
Build documentation / deploy (push) Blocked by required conditions
Tests / test (push) Waiting to run
2024-11-17 19:38:50 +00:00
Kristoffer Dalby
137f0e3e12
rename dockerfile to integration to avoid confusion
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2024-11-04 10:05:21 -06:00
8 changed files with 25 additions and 20 deletions

View file

@ -45,11 +45,11 @@ headscale server.
ACLs have to be written in [huJSON](https://github.com/tailscale/hujson). ACLs have to be written in [huJSON](https://github.com/tailscale/hujson).
When registering the servers we will need to add the flag When [registering the servers](../usage/getting-started.md#register-a-node) we
`--advertise-tags=tag:<tag1>,tag:<tag2>`, and the user that is will need to add the flag `--advertise-tags=tag:<tag1>,tag:<tag2>`, and the user
registering the server should be allowed to do it. Since anyone can add tags to that is registering the server should be allowed to do it. Since anyone can add
a server they can register, the check of the tags is done on headscale server tags to a server they can register, the check of the tags is done on headscale
and only valid tags are applied. A tag is valid if the user that is server and only valid tags are applied. A tag is valid if the user that is
registering it is allowed to do it. registering it is allowed to do it.
To use ACLs in headscale, you must edit your `config.yaml` file. In there you will find a `policy.path` parameter. This will need to point to your ACL file. More info on how these policies are written can be found [here](https://tailscale.com/kb/1018/acls/). To use ACLs in headscale, you must edit your `config.yaml` file. In there you will find a `policy.path` parameter. This will need to point to your ACL file. More info on how these policies are written can be found [here](https://tailscale.com/kb/1018/acls/).

View file

@ -9,6 +9,8 @@ tls_cert_path: ""
tls_key_path: "" tls_key_path: ""
``` ```
The certificate should contain the full chain, else some clients, like the Tailscale Android client, will reject it.
## Let's Encrypt / ACME ## Let's Encrypt / ACME
To get a certificate automatically via [Let's Encrypt](https://letsencrypt.org/), set `tls_letsencrypt_hostname` to the desired certificate hostname. This name must resolve to the IP address(es) headscale is reachable on (i.e., it must correspond to the `server_url` configuration parameter). The certificate and Let's Encrypt account credentials will be stored in the directory configured in `tls_letsencrypt_cache_dir`. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from. To get a certificate automatically via [Let's Encrypt](https://letsencrypt.org/), set `tls_letsencrypt_hostname` to the desired certificate hostname. This name must resolve to the IP address(es) headscale is reachable on (i.e., it must correspond to the `server_url` configuration parameter). The certificate and Let's Encrypt account credentials will be stored in the directory configured in `tls_letsencrypt_cache_dir`. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.

View file

@ -60,7 +60,7 @@ Install the official Tailscale tvOS client from the [App Store](https://apps.app
### Configuring the headscale URL ### Configuring the headscale URL
- Go Settings (the apple tvOS settings) > Apps > Tailscale - Open Settings (the Apple tvOS settings) > Apps > Tailscale
- Under `ALTERNATE COORDINATION SERVER URL`, select `URL` - Under `ALTERNATE COORDINATION SERVER URL`, select `URL`
- Enter the URL of your headscale instance (e.g `https://headscale.example.com`) and press `OK` - Enter the URL of your headscale instance (e.g `https://headscale.example.com`) and press `OK`
- Return to the tvOS Home screen - Return to the tvOS Home screen

View file

@ -9,6 +9,8 @@ This page helps you get started with headscale and provides a few usage examples
installation instructions. installation instructions.
* The configuration file exists and is adjusted to suit your environment, see * The configuration file exists and is adjusted to suit your environment, see
[Configuration](../ref/configuration.md) for details. [Configuration](../ref/configuration.md) for details.
* Headscale is reachable from the Internet. Verify this by opening client specific setup instructions in your
browser, e.g. https://headscale.example.com/windows
* The Tailscale client is installed, see [Client and operating system support](../about/clients.md) for more * The Tailscale client is installed, see [Client and operating system support](../about/clients.md) for more
information. information.

View file

@ -5,11 +5,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1726560853, "lastModified": 1731533236,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -20,11 +20,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1730958623, "lastModified": 1731763621,
"narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=", "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "85f7e662eda4fa3a995556527c87b2524b691933", "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -223,7 +223,7 @@ func (s *AuthOIDCScenario) runMockOIDC(accessTTL time.Duration) (*types.OIDCConf
} }
headscaleBuildOptions := &dockertest.BuildOptions{ headscaleBuildOptions := &dockertest.BuildOptions{
Dockerfile: "Dockerfile.debug", Dockerfile: hsic.IntegrationTestDockerFileName,
ContextDir: dockerContextPath, ContextDir: dockerContextPath,
} }

View file

@ -35,12 +35,13 @@ import (
) )
const ( const (
hsicHashLength = 6 hsicHashLength = 6
dockerContextPath = "../." dockerContextPath = "../."
aclPolicyPath = "/etc/headscale/acl.hujson" aclPolicyPath = "/etc/headscale/acl.hujson"
tlsCertPath = "/etc/headscale/tls.cert" tlsCertPath = "/etc/headscale/tls.cert"
tlsKeyPath = "/etc/headscale/tls.key" tlsKeyPath = "/etc/headscale/tls.key"
headscaleDefaultPort = 8080 headscaleDefaultPort = 8080
IntegrationTestDockerFileName = "Dockerfile.integration"
) )
var errHeadscaleStatusCodeNotOk = errors.New("headscale status code not ok") var errHeadscaleStatusCodeNotOk = errors.New("headscale status code not ok")
@ -260,7 +261,7 @@ func New(
} }
headscaleBuildOptions := &dockertest.BuildOptions{ headscaleBuildOptions := &dockertest.BuildOptions{
Dockerfile: "Dockerfile.debug", Dockerfile: IntegrationTestDockerFileName,
ContextDir: dockerContextPath, ContextDir: dockerContextPath,
} }