Do not offer the option to be DERP insecure
Websockets, in which DERP is based, requires a TLS certificate. At the same time, if we use a certificate it must be valid... otherwise Tailscale wont connect (does not have an Insecure option). So there is no option to expose insecure here
This commit is contained in:
parent
758b1ba1cb
commit
df37d1a639
3 changed files with 8 additions and 15 deletions
16
app.go
16
app.go
|
@ -122,7 +122,6 @@ type OIDCConfig struct {
|
|||
|
||||
type DERPConfig struct {
|
||||
ServerEnabled bool
|
||||
ServerInsecure bool
|
||||
URLs []url.URL
|
||||
Paths []string
|
||||
AutoUpdate bool
|
||||
|
@ -280,11 +279,10 @@ func NewHeadscale(cfg Config) (*Headscale, error) {
|
|||
Avoid: false,
|
||||
Nodes: []*tailcfg.DERPNode{
|
||||
{
|
||||
Name: "999a",
|
||||
RegionID: 999,
|
||||
HostName: host,
|
||||
DERPPort: port,
|
||||
InsecureForTests: cfg.DERP.ServerInsecure,
|
||||
Name: "999a",
|
||||
RegionID: 999,
|
||||
HostName: host,
|
||||
DERPPort: port,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -516,9 +514,9 @@ func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *gin.Engine {
|
|||
router.GET("/swagger/v1/openapiv2.json", SwaggerAPIv1)
|
||||
|
||||
if h.cfg.DERP.ServerEnabled {
|
||||
router.Any("/derp", h.EmbeddedDERPHandler)
|
||||
router.Any("/derp/probe", h.EmbeddedDERPProbeHandler)
|
||||
router.Any("/bootstrap-dns", h.EmbeddedDERPBootstrapDNSHandler)
|
||||
router.Any("/derp", h.DERPHandler)
|
||||
router.Any("/derp/probe", h.DERPProbeHandler)
|
||||
router.Any("/bootstrap-dns", h.DERPBootstrapDNSHandler)
|
||||
}
|
||||
|
||||
api := router.Group("/api")
|
||||
|
|
|
@ -118,7 +118,6 @@ func LoadConfig(path string) error {
|
|||
|
||||
func GetDERPConfig() headscale.DERPConfig {
|
||||
enabled := viper.GetBool("derp.server.enabled")
|
||||
insecure := viper.GetBool("derp.server.insecure")
|
||||
|
||||
urlStrs := viper.GetStringSlice("derp.urls")
|
||||
|
||||
|
@ -142,7 +141,6 @@ func GetDERPConfig() headscale.DERPConfig {
|
|||
|
||||
return headscale.DERPConfig{
|
||||
ServerEnabled: enabled,
|
||||
ServerInsecure: insecure,
|
||||
URLs: urls,
|
||||
Paths: paths,
|
||||
AutoUpdate: autoUpdate,
|
||||
|
|
|
@ -57,12 +57,9 @@ ip_prefixes:
|
|||
derp:
|
||||
server:
|
||||
# If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
|
||||
# The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
|
||||
enabled: false
|
||||
|
||||
# Insecure mode is recommended only for tests. It indicates the tailscale clients
|
||||
# to use insecure connections to this server.
|
||||
insecure: false
|
||||
|
||||
# List of externally available DERP maps encoded in JSON
|
||||
urls:
|
||||
- https://controlplane.tailscale.com/derpmap/default
|
||||
|
|
Loading…
Reference in a new issue