Renamed configuration items of the DERP server
This commit is contained in:
parent
09d78c7a05
commit
758b1ba1cb
3 changed files with 47 additions and 20 deletions
48
app.go
48
app.go
|
@ -13,6 +13,7 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
"os/signal"
|
||||||
"sort"
|
"sort"
|
||||||
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"syscall"
|
"syscall"
|
||||||
|
@ -120,7 +121,8 @@ type OIDCConfig struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type DERPConfig struct {
|
type DERPConfig struct {
|
||||||
EmbeddedDERP bool
|
ServerEnabled bool
|
||||||
|
ServerInsecure bool
|
||||||
URLs []url.URL
|
URLs []url.URL
|
||||||
Paths []string
|
Paths []string
|
||||||
AutoUpdate bool
|
AutoUpdate bool
|
||||||
|
@ -144,7 +146,7 @@ type Headscale struct {
|
||||||
privateKey *key.MachinePrivate
|
privateKey *key.MachinePrivate
|
||||||
|
|
||||||
DERPMap *tailcfg.DERPMap
|
DERPMap *tailcfg.DERPMap
|
||||||
EmbeddedDERPServer *EmbeddedDERPServer
|
DERPServer *DERPServer
|
||||||
|
|
||||||
aclPolicy *ACLPolicy
|
aclPolicy *ACLPolicy
|
||||||
aclRules []tailcfg.FilterRule
|
aclRules []tailcfg.FilterRule
|
||||||
|
@ -180,7 +182,6 @@ func LookupTLSClientAuthMode(mode string) (tls.ClientAuthType, bool) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewHeadscale returns the Headscale app.
|
|
||||||
func NewHeadscale(cfg Config) (*Headscale, error) {
|
func NewHeadscale(cfg Config) (*Headscale, error) {
|
||||||
privKey, err := readOrCreatePrivateKey(cfg.PrivateKeyPath)
|
privKey, err := readOrCreatePrivateKey(cfg.PrivateKeyPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -241,30 +242,49 @@ func NewHeadscale(cfg Config) (*Headscale, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.DERP.EmbeddedDERP {
|
if cfg.DERP.ServerEnabled {
|
||||||
embeddedDERPServer, err := app.NewEmbeddedDERPServer()
|
embeddedDERPServer, err := app.NewDERPServer()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
app.EmbeddedDERPServer = embeddedDERPServer
|
app.DERPServer = embeddedDERPServer
|
||||||
|
|
||||||
// If we are using the embedded DERP, there is no reason to use Tailscale's DERP infrastructure
|
|
||||||
serverURL, err := url.Parse(app.cfg.ServerURL)
|
serverURL, err := url.Parse(app.cfg.ServerURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
var host string
|
||||||
|
var port int
|
||||||
|
host, portStr, err := net.SplitHostPort(serverURL.Host)
|
||||||
|
if err != nil {
|
||||||
|
if serverURL.Scheme == "https" {
|
||||||
|
host = serverURL.Host
|
||||||
|
port = 443
|
||||||
|
} else {
|
||||||
|
host = serverURL.Host
|
||||||
|
port = 80
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
port, err = strconv.Atoi(portStr)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
app.DERPMap = &tailcfg.DERPMap{
|
app.DERPMap = &tailcfg.DERPMap{
|
||||||
Regions: map[int]*tailcfg.DERPRegion{
|
Regions: map[int]*tailcfg.DERPRegion{
|
||||||
1: {
|
999: {
|
||||||
RegionID: 1,
|
RegionID: 999,
|
||||||
RegionCode: "headscale",
|
RegionCode: "headscale",
|
||||||
RegionName: "Headscale Embedded DERP",
|
RegionName: "Headscale Embedded DERP",
|
||||||
Avoid: false,
|
Avoid: false,
|
||||||
Nodes: []*tailcfg.DERPNode{
|
Nodes: []*tailcfg.DERPNode{
|
||||||
{
|
{
|
||||||
Name: "1a",
|
Name: "999a",
|
||||||
RegionID: 1,
|
RegionID: 999,
|
||||||
HostName: serverURL.Host,
|
HostName: host,
|
||||||
|
DERPPort: port,
|
||||||
|
InsecureForTests: cfg.DERP.ServerInsecure,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -495,7 +515,7 @@ func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *gin.Engine {
|
||||||
router.GET("/swagger", SwaggerUI)
|
router.GET("/swagger", SwaggerUI)
|
||||||
router.GET("/swagger/v1/openapiv2.json", SwaggerAPIv1)
|
router.GET("/swagger/v1/openapiv2.json", SwaggerAPIv1)
|
||||||
|
|
||||||
if h.cfg.DERP.EmbeddedDERP {
|
if h.cfg.DERP.ServerEnabled {
|
||||||
router.Any("/derp", h.EmbeddedDERPHandler)
|
router.Any("/derp", h.EmbeddedDERPHandler)
|
||||||
router.Any("/derp/probe", h.EmbeddedDERPProbeHandler)
|
router.Any("/derp/probe", h.EmbeddedDERPProbeHandler)
|
||||||
router.Any("/bootstrap-dns", h.EmbeddedDERPBootstrapDNSHandler)
|
router.Any("/bootstrap-dns", h.EmbeddedDERPBootstrapDNSHandler)
|
||||||
|
@ -516,7 +536,7 @@ func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *gin.Engine {
|
||||||
func (h *Headscale) Serve() error {
|
func (h *Headscale) Serve() error {
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
if h.cfg.DERP.EmbeddedDERP {
|
if h.cfg.DERP.ServerEnabled {
|
||||||
go h.ServeSTUN()
|
go h.ServeSTUN()
|
||||||
} else {
|
} else {
|
||||||
// Fetch an initial DERP Map before we start serving
|
// Fetch an initial DERP Map before we start serving
|
||||||
|
|
|
@ -117,11 +117,8 @@ func LoadConfig(path string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetDERPConfig() headscale.DERPConfig {
|
func GetDERPConfig() headscale.DERPConfig {
|
||||||
if viper.GetBool("derp.embedded_derp") {
|
enabled := viper.GetBool("derp.server.enabled")
|
||||||
return headscale.DERPConfig{
|
insecure := viper.GetBool("derp.server.insecure")
|
||||||
EmbeddedDERP: true,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
urlStrs := viper.GetStringSlice("derp.urls")
|
urlStrs := viper.GetStringSlice("derp.urls")
|
||||||
|
|
||||||
|
@ -144,6 +141,8 @@ func GetDERPConfig() headscale.DERPConfig {
|
||||||
updateFrequency := viper.GetDuration("derp.update_frequency")
|
updateFrequency := viper.GetDuration("derp.update_frequency")
|
||||||
|
|
||||||
return headscale.DERPConfig{
|
return headscale.DERPConfig{
|
||||||
|
ServerEnabled: enabled,
|
||||||
|
ServerInsecure: insecure,
|
||||||
URLs: urls,
|
URLs: urls,
|
||||||
Paths: paths,
|
Paths: paths,
|
||||||
AutoUpdate: autoUpdate,
|
AutoUpdate: autoUpdate,
|
||||||
|
|
|
@ -55,6 +55,14 @@ ip_prefixes:
|
||||||
# headscale needs a list of DERP servers that can be presented
|
# headscale needs a list of DERP servers that can be presented
|
||||||
# to the clients.
|
# to the clients.
|
||||||
derp:
|
derp:
|
||||||
|
server:
|
||||||
|
# If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# Insecure mode is recommended only for tests. It indicates the tailscale clients
|
||||||
|
# to use insecure connections to this server.
|
||||||
|
insecure: false
|
||||||
|
|
||||||
# List of externally available DERP maps encoded in JSON
|
# List of externally available DERP maps encoded in JSON
|
||||||
urls:
|
urls:
|
||||||
- https://controlplane.tailscale.com/derpmap/default
|
- https://controlplane.tailscale.com/derpmap/default
|
||||||
|
|
Loading…
Reference in a new issue