diff --git a/CHANGELOG.md b/CHANGELOG.md index 6fc0e59..cf0afb7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - Add ability to specify config location via env var `HEADSCALE_CONFIG` [#674](https://github.com/juanfont/headscale/issues/674) - Target Go 1.19 for Headscale [#778](https://github.com/juanfont/headscale/pull/778) - Target Tailscale v1.30.0 to build Headscale [#780](https://github.com/juanfont/headscale/pull/780) +- Give a warning when running Headscale with reverse proxy improperly configured for WebSockets [#788](https://github.com/juanfont/headscale/pull/788) ## 0.16.4 (2022-08-21) diff --git a/derp_server.go b/derp_server.go index 6fe897b..fa2b27f 100644 --- a/derp_server.go +++ b/derp_server.go @@ -99,10 +99,13 @@ func (h *Headscale) DERPHandler( req *http.Request, ) { log.Trace().Caller().Msgf("/derp request from %v", req.RemoteAddr) - up := strings.ToLower(req.Header.Get("Upgrade")) - if up != "websocket" && up != "derp" { - if up != "" { - log.Warn().Caller().Msgf("Weird websockets connection upgrade: %q", up) + upgrade := strings.ToLower(req.Header.Get("Upgrade")) + + if upgrade != "websocket" && upgrade != "derp" { + if upgrade != "" { + log.Warn(). + Caller(). + Msg("No Upgrade header in DERP server request. If headscale is behind a reverse proxy, make sure it is configured to pass WebSockets through.") } writer.Header().Set("Content-Type", "text/plain") writer.WriteHeader(http.StatusUpgradeRequired) diff --git a/noise.go b/noise.go index 45bff7b..f6fb364 100644 --- a/noise.go +++ b/noise.go @@ -23,6 +23,19 @@ func (h *Headscale) NoiseUpgradeHandler( ) { log.Trace().Caller().Msgf("Noise upgrade handler for client %s", req.RemoteAddr) + upgrade := req.Header.Get("Upgrade") + if upgrade == "" { + // This probably means that the user is running Headscale behind an + // improperly configured reverse proxy. TS2021 requires WebSockets to + // be passed to Headscale. Let's give them a hint. + log.Warn(). + Caller(). + Msg("No Upgrade header in TS2021 request. If headscale is behind a reverse proxy, make sure it is configured to pass WebSockets through.") + http.Error(writer, "Internal error", http.StatusInternalServerError) + + return + } + noiseConn, err := controlhttp.AcceptHTTP(req.Context(), writer, req, *h.noisePrivateKey) if err != nil { log.Error().Err(err).Msg("noise upgrade failed")