From 2262188d8a97c977b34bc660761aeb76a68d1869 Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Sun, 4 Sep 2022 16:05:21 +0200 Subject: [PATCH] Warn when Headscale is running behind a wrongly configured proxy --- noise.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/noise.go b/noise.go index 45bff7b..493ef78 100644 --- a/noise.go +++ b/noise.go @@ -23,6 +23,19 @@ func (h *Headscale) NoiseUpgradeHandler( ) { log.Trace().Caller().Msgf("Noise upgrade handler for client %s", req.RemoteAddr) + upgrade := req.Header.Get("Upgrade") + if upgrade == "" { + // This probably means that the user is running Headscale behind an + // improperly configured reverse proxy. TS2021 requires WebSockets to + // be passed to Headscale. Let's give them a hint. + log.Warn(). + Caller(). + Msg("No Upgrade header found in TS2021 request. If running headscale behind a reverse proxy, make sure it is configured to pass WebSockets through.") + http.Error(writer, "Internal error", http.StatusInternalServerError) + + return + } + noiseConn, err := controlhttp.AcceptHTTP(req.Context(), writer, req, *h.noisePrivateKey) if err != nil { log.Error().Err(err).Msg("noise upgrade failed")