Merge branch 'main' into patch-1
This commit is contained in:
commit
40e0ae99da
5 changed files with 18 additions and 3 deletions
10
CHANGELOG.md
10
CHANGELOG.md
|
@ -2,6 +2,14 @@
|
||||||
|
|
||||||
## 0.17.0 (2022-XX-XX)
|
## 0.17.0 (2022-XX-XX)
|
||||||
|
|
||||||
|
- Add ability to connect to PostgreSQL over TLS/SSL [#745](https://github.com/juanfont/headscale/pull/745)
|
||||||
|
|
||||||
|
## 0.16.3 (2022-08-17)
|
||||||
|
|
||||||
|
### Changes
|
||||||
|
|
||||||
|
- Fix issue with OIDC authentication [#747](https://github.com/juanfont/headscale/pull/747)
|
||||||
|
|
||||||
## 0.16.2 (2022-08-14)
|
## 0.16.2 (2022-08-14)
|
||||||
|
|
||||||
### Changes
|
### Changes
|
||||||
|
@ -125,7 +133,7 @@ This is a part of aligning `headscale`'s behaviour with Tailscale's upstream beh
|
||||||
- OpenID Connect users will be mapped per namespaces
|
- OpenID Connect users will be mapped per namespaces
|
||||||
- Each user will get its own namespace, created if it does not exist
|
- Each user will get its own namespace, created if it does not exist
|
||||||
- `oidc.domain_map` option has been removed
|
- `oidc.domain_map` option has been removed
|
||||||
- `strip_email_domain` option has been added (see [config-example.yaml](./config_example.yaml))
|
- `strip_email_domain` option has been added (see [config-example.yaml](./config-example.yaml))
|
||||||
|
|
||||||
### Changes
|
### Changes
|
||||||
|
|
||||||
|
|
6
app.go
6
app.go
|
@ -129,12 +129,16 @@ func NewHeadscale(cfg *Config) (*Headscale, error) {
|
||||||
switch cfg.DBtype {
|
switch cfg.DBtype {
|
||||||
case Postgres:
|
case Postgres:
|
||||||
dbString = fmt.Sprintf(
|
dbString = fmt.Sprintf(
|
||||||
"host=%s dbname=%s user=%s sslmode=disable",
|
"host=%s dbname=%s user=%s",
|
||||||
cfg.DBhost,
|
cfg.DBhost,
|
||||||
cfg.DBname,
|
cfg.DBname,
|
||||||
cfg.DBuser,
|
cfg.DBuser,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if !cfg.DBssl {
|
||||||
|
dbString += " sslmode=disable"
|
||||||
|
}
|
||||||
|
|
||||||
if cfg.DBport != 0 {
|
if cfg.DBport != 0 {
|
||||||
dbString += fmt.Sprintf(" port=%d", cfg.DBport)
|
dbString += fmt.Sprintf(" port=%d", cfg.DBport)
|
||||||
}
|
}
|
||||||
|
|
|
@ -121,6 +121,7 @@ db_path: /var/lib/headscale/db.sqlite
|
||||||
# db_name: headscale
|
# db_name: headscale
|
||||||
# db_user: foo
|
# db_user: foo
|
||||||
# db_pass: bar
|
# db_pass: bar
|
||||||
|
# db_ssl: false
|
||||||
|
|
||||||
### TLS configuration
|
### TLS configuration
|
||||||
#
|
#
|
||||||
|
|
|
@ -47,6 +47,7 @@ type Config struct {
|
||||||
DBname string
|
DBname string
|
||||||
DBuser string
|
DBuser string
|
||||||
DBpass string
|
DBpass string
|
||||||
|
DBssl bool
|
||||||
|
|
||||||
TLS TLSConfig
|
TLS TLSConfig
|
||||||
|
|
||||||
|
@ -506,6 +507,7 @@ func GetHeadscaleConfig() (*Config, error) {
|
||||||
DBname: viper.GetString("db_name"),
|
DBname: viper.GetString("db_name"),
|
||||||
DBuser: viper.GetString("db_user"),
|
DBuser: viper.GetString("db_user"),
|
||||||
DBpass: viper.GetString("db_pass"),
|
DBpass: viper.GetString("db_pass"),
|
||||||
|
DBssl: viper.GetBool("db_ssl"),
|
||||||
|
|
||||||
TLS: GetTLSConfig(),
|
TLS: GetTLSConfig(),
|
||||||
|
|
||||||
|
|
2
oidc.go
2
oidc.go
|
@ -318,7 +318,7 @@ func extractIDTokenClaims(
|
||||||
idToken *oidc.IDToken,
|
idToken *oidc.IDToken,
|
||||||
) (*IDTokenClaims, error) {
|
) (*IDTokenClaims, error) {
|
||||||
var claims IDTokenClaims
|
var claims IDTokenClaims
|
||||||
if err := idToken.Claims(claims); err != nil {
|
if err := idToken.Claims(&claims); err != nil {
|
||||||
log.Error().
|
log.Error().
|
||||||
Err(err).
|
Err(err).
|
||||||
Caller().
|
Caller().
|
||||||
|
|
Loading…
Reference in a new issue