headscale/CHANGELOG.md

286 lines
17 KiB
Markdown
Raw Normal View History

2021-11-29 12:31:19 -05:00
# CHANGELOG
2023-01-29 05:43:13 -05:00
## 0.20.0 (2023-x-x)
### Changes
- Fix wrong behaviour in exit nodes [#1159](https://github.com/juanfont/headscale/pull/1159)
2023-01-30 08:40:06 -05:00
- Align behaviour of `dns_config.restricted_nameservers` to tailscale [#1162](https://github.com/juanfont/headscale/pull/1162)
- Make OpenID Connect authenticated client expiry time configurable [#1191](https://github.com/juanfont/headscale/pull/1191)
- defaults to 180 days like Tailscale SaaS
- adds option to use the expiry time from the OpenID token for the node (see config-example.yaml)
- Set ControlTime in Map info sent to nodes [#1195](https://github.com/juanfont/headscale/pull/1195)
- Populate Tags field on Node updates sent [#1195](https://github.com/juanfont/headscale/pull/1195)
2023-01-29 05:43:13 -05:00
## 0.19.0 (2023-01-29)
### BREAKING
- Rename Namespace to User [#1144](https://github.com/juanfont/headscale/pull/1144)
- **BACKUP your database before upgrading**
- Command line flags previously taking `--namespace` or `-n` will now require `--user` or `-u`
2023-01-29 05:43:13 -05:00
## 0.18.0 (2023-01-14)
2022-12-05 16:40:21 -05:00
### Changes
- Reworked routing and added support for subnet router failover [#1024](https://github.com/juanfont/headscale/pull/1024)
- Added an OIDC AllowGroups Configuration options and authorization check [#1041](https://github.com/juanfont/headscale/pull/1041)
- Set `db_ssl` to false by default [#1052](https://github.com/juanfont/headscale/pull/1052)
- Fix duplicate nodes due to incorrect implementation of the protocol [#1058](https://github.com/juanfont/headscale/pull/1058)
2022-12-13 17:32:48 -05:00
- Report if a machine is online in CLI more accurately [#1062](https://github.com/juanfont/headscale/pull/1062)
2022-12-31 07:59:28 -05:00
- Added config option for custom DNS records [#1035](https://github.com/juanfont/headscale/pull/1035)
2023-01-03 09:28:45 -05:00
- Expire nodes based on OIDC token expiry [#1067](https://github.com/juanfont/headscale/pull/1067)
- Remove ephemeral nodes on logout [#1098](https://github.com/juanfont/headscale/pull/1098)
- Performance improvements in ACLs [#1129](https://github.com/juanfont/headscale/pull/1129)
- OIDC client secret can be passed via a file [#1127](https://github.com/juanfont/headscale/pull/1127)
## 0.17.1 (2022-12-05)
2022-12-03 09:57:01 -05:00
### Changes
- Correct typo on macOS standalone profile link [#1028](https://github.com/juanfont/headscale/pull/1028)
- Update platform docs with Fast User Switching [#1016](https://github.com/juanfont/headscale/pull/1016)
2022-12-03 09:57:01 -05:00
## 0.17.0 (2022-11-26)
2022-08-14 17:22:41 -04:00
2022-09-11 15:37:38 -04:00
### BREAKING
- `noise.private_key_path` has been added and is required for the new noise protocol.
2022-09-11 15:37:38 -04:00
- Log level option `log_level` was moved to a distinct `log` config section and renamed to `level` [#768](https://github.com/juanfont/headscale/pull/768)
2022-11-14 11:24:06 -05:00
- Removed Alpine Linux container image [#962](https://github.com/juanfont/headscale/pull/962)
2022-09-11 15:44:28 -04:00
### Important Changes
2022-09-11 15:37:38 -04:00
2022-08-21 06:32:01 -04:00
- Added support for Tailscale TS2021 protocol [#738](https://github.com/juanfont/headscale/pull/738)
- Add experimental support for [SSH ACL](https://tailscale.com/kb/1018/acls/#tailscale-ssh) (see docs for limitations) [#847](https://github.com/juanfont/headscale/pull/847)
- Please note that this support should be considered _partially_ implemented
- SSH ACLs status:
- Support `accept` and `check` (SSH can be enabled and used for connecting and authentication)
- Rejecting connections **are not supported**, meaning that if you enable SSH, then assume that _all_ `ssh` connections **will be allowed**.
- If you decied to try this feature, please carefully managed permissions by blocking port `22` with regular ACLs or do _not_ set `--ssh` on your clients.
- We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
- This feature should be considered dangerous and it is disabled by default. Enable by setting `HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1`.
### Changes
2022-08-22 08:20:20 -04:00
- Add ability to specify config location via env var `HEADSCALE_CONFIG` [#674](https://github.com/juanfont/headscale/issues/674)
2022-09-03 06:24:22 -04:00
- Target Go 1.19 for Headscale [#778](https://github.com/juanfont/headscale/pull/778)
2022-09-03 17:19:07 -04:00
- Target Tailscale v1.30.0 to build Headscale [#780](https://github.com/juanfont/headscale/pull/780)
2022-09-04 10:23:46 -04:00
- Give a warning when running Headscale with reverse proxy improperly configured for WebSockets [#788](https://github.com/juanfont/headscale/pull/788)
- Fix subnet routers with Primary Routes [#811](https://github.com/juanfont/headscale/pull/811)
2022-09-11 15:37:38 -04:00
- Added support for JSON logs [#653](https://github.com/juanfont/headscale/issues/653)
- Sanitise the node key passed to registration url [#823](https://github.com/juanfont/headscale/pull/823)
2022-09-23 04:13:48 -04:00
- Add support for generating pre-auth keys with tags [#767](https://github.com/juanfont/headscale/pull/767)
2022-09-23 04:08:59 -04:00
- Add support for evaluating `autoApprovers` ACL entries when a machine is registered [#763](https://github.com/juanfont/headscale/pull/763)
- Add config flag to allow Headscale to start if OIDC provider is down [#829](https://github.com/juanfont/headscale/pull/829)
- Fix prefix length comparison bug in AutoApprovers route evaluation [#862](https://github.com/juanfont/headscale/pull/862)
- Random node DNS suffix only applied if names collide in namespace. [#766](https://github.com/juanfont/headscale/issues/766)
- Remove `ip_prefix` configuration option and warning [#899](https://github.com/juanfont/headscale/pull/899)
- Add `dns_config.override_local_dns` option [#905](https://github.com/juanfont/headscale/pull/905)
- Fix some DNS config issues [#660](https://github.com/juanfont/headscale/issues/660)
2022-11-04 06:26:33 -04:00
- Make it possible to disable TS2019 with build flag [#928](https://github.com/juanfont/headscale/pull/928)
2022-11-15 09:41:46 -05:00
- Fix OIDC registration issues [#960](https://github.com/juanfont/headscale/pull/960) and [#971](https://github.com/juanfont/headscale/pull/971)
2022-11-07 15:10:06 -05:00
- Add support for specifying NextDNS DNS-over-HTTPS resolver [#940](https://github.com/juanfont/headscale/pull/940)
2022-11-24 09:33:19 -05:00
- Make more sslmode available for postgresql connection [#927](https://github.com/juanfont/headscale/pull/927)
2022-08-21 06:32:01 -04:00
2022-08-21 04:51:58 -04:00
## 0.16.4 (2022-08-21)
### Changes
2022-08-16 04:09:28 -04:00
- Add ability to connect to PostgreSQL over TLS/SSL [#745](https://github.com/juanfont/headscale/pull/745)
- Fix CLI registration of expired machines [#754](https://github.com/juanfont/headscale/pull/754)
2022-08-16 04:09:28 -04:00
2022-08-17 11:08:29 -04:00
## 0.16.3 (2022-08-17)
### Changes
- Fix issue with OIDC authentication [#747](https://github.com/juanfont/headscale/pull/747)
2022-08-14 17:22:41 -04:00
## 0.16.2 (2022-08-14)
### Changes
- Fixed bugs in the client registration process after migration to NodeKey [#735](https://github.com/juanfont/headscale/pull/735)
## 0.16.1 (2022-08-12)
### Changes
2022-07-25 04:35:21 -04:00
2022-08-10 05:04:42 -04:00
- Updated dependencies (including the library that lacked armhf support) [#722](https://github.com/juanfont/headscale/pull/722)
2022-08-04 04:51:06 -04:00
- Fix missing group expansion in function `excludeCorretlyTaggedNodes` [#563](https://github.com/juanfont/headscale/issues/563)
2022-08-12 03:31:11 -04:00
- Improve registration protocol implementation and switch to NodeKey as main identifier [#725](https://github.com/juanfont/headscale/pull/725)
- Add ability to connect to PostgreSQL via unix socket [#734](https://github.com/juanfont/headscale/pull/734)
2022-08-04 04:51:06 -04:00
2022-07-25 04:35:21 -04:00
## 0.16.0 (2022-07-25)
**Note:** Take a backup of your database before upgrading.
2022-06-08 12:12:56 -04:00
### BREAKING
- Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check [the new syntax](https://tailscale.com/kb/1018/acls/).
### Changes
2022-04-07 14:21:26 -04:00
2022-06-03 13:35:47 -04:00
- **Drop** armhf (32-bit ARM) support. [#609](https://github.com/juanfont/headscale/pull/609)
2022-04-06 17:41:13 -04:00
- Headscale fails to serve if the ACL policy file cannot be parsed [#537](https://github.com/juanfont/headscale/pull/537)
- Fix labels cardinality error when registering unknown pre-auth key [#519](https://github.com/juanfont/headscale/pull/519)
2022-04-10 16:47:35 -04:00
- Fix send on closed channel crash in polling [#542](https://github.com/juanfont/headscale/pull/542)
2022-04-30 10:50:55 -04:00
- Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes [#566](https://github.com/juanfont/headscale/pull/566)
2022-05-01 09:47:34 -04:00
- Add command for moving nodes between namespaces [#362](https://github.com/juanfont/headscale/issues/362)
- Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
2022-05-13 05:51:31 -04:00
- Add command to set tags on a node [#525](https://github.com/juanfont/headscale/issues/525)
- Add command to view tags of nodes [#356](https://github.com/juanfont/headscale/issues/356)
2022-05-14 08:36:04 -04:00
- Add --all (-a) flag to enable routes command [#360](https://github.com/juanfont/headscale/issues/360)
2022-05-30 07:27:57 -04:00
- Fix issue where nodes was not updated across namespaces [#560](https://github.com/juanfont/headscale/pull/560)
- Add the ability to rename a nodes name [#560](https://github.com/juanfont/headscale/pull/560)
- Node DNS names are now unique, a random suffix will be added when a node joins
- This change contains database changes, remember to **backup** your database before upgrading
2022-05-30 08:57:49 -04:00
- Add option to enable/disable logtail (Tailscale's logging infrastructure) [#596](https://github.com/juanfont/headscale/pull/596)
- This change disables the logs by default
2022-05-31 03:42:50 -04:00
- Use [Prometheus]'s duration parser, supporting days (`d`), weeks (`w`) and years (`y`) [#598](https://github.com/juanfont/headscale/pull/598)
2022-05-31 08:30:11 -04:00
- Add support for reloading ACLs with SIGHUP [#601](https://github.com/juanfont/headscale/pull/601)
2022-06-08 12:12:56 -04:00
- Use new ACL syntax [#618](https://github.com/juanfont/headscale/pull/618)
2022-06-05 11:15:21 -04:00
- Add -c option to specify config file from command line [#285](https://github.com/juanfont/headscale/issues/285) [#612](https://github.com/juanfont/headscale/pull/601)
2022-06-11 08:49:17 -04:00
- Add configuration option to allow Tailscale clients to use a random WireGuard port. [kb/1181/firewalls](https://tailscale.com/kb/1181/firewalls) [#624](https://github.com/juanfont/headscale/pull/624)
2022-06-12 09:18:49 -04:00
- Improve obtuse UX regarding missing configuration (`ephemeral_node_inactivity_timeout` not set) [#639](https://github.com/juanfont/headscale/pull/639)
2022-06-26 03:30:16 -04:00
- Fix nodes being shown as 'offline' in `tailscale status` [#648](https://github.com/juanfont/headscale/pull/648)
2022-06-26 03:29:33 -04:00
- Improve shutdown behaviour [#651](https://github.com/juanfont/headscale/pull/651)
2022-07-19 08:45:23 -04:00
- Drop Gin as web framework in Headscale [648](https://github.com/juanfont/headscale/pull/648) [677](https://github.com/juanfont/headscale/pull/677)
- Make tailnet node updates check interval configurable [#675](https://github.com/juanfont/headscale/pull/675)
2022-07-21 17:59:44 -04:00
- Fix regression with HTTP API [#684](https://github.com/juanfont/headscale/pull/684)
2022-07-22 16:47:37 -04:00
- nodes ls now print both Hostname and Name(Issue [#647](https://github.com/juanfont/headscale/issues/647) PR [#687](https://github.com/juanfont/headscale/pull/687))
2022-03-20 08:36:25 -04:00
## 0.15.0 (2022-03-20)
2021-12-24 10:46:04 -05:00
2022-02-28 17:50:35 -05:00
**Note:** Take a backup of your database before upgrading.
### BREAKING
2022-02-25 04:30:58 -05:00
- Boundaries between Namespaces has been removed and all nodes can communicate by default [#357](https://github.com/juanfont/headscale/pull/357)
- To limit access between nodes, use [ACLs](./docs/acls.md).
2022-03-02 07:22:29 -05:00
- `/metrics` is now a configurable host:port endpoint: [#344](https://github.com/juanfont/headscale/pull/344). You must update your `config.yaml` file to include:
```yaml
metrics_listen_addr: 127.0.0.1:9090
```
2022-02-25 04:30:58 -05:00
### Features
2022-02-27 03:08:29 -05:00
- Add support for writing ACL files with YAML [#359](https://github.com/juanfont/headscale/pull/359)
2022-03-01 15:16:33 -05:00
- Users can now use emails in ACL's groups [#372](https://github.com/juanfont/headscale/issues/372)
2022-03-02 04:53:07 -05:00
- Add shorthand aliases for commands and subcommands [#376](https://github.com/juanfont/headscale/pull/376)
2022-03-04 04:52:42 -05:00
- Add `/windows` endpoint for Windows configuration instructions + registry file download [#392](https://github.com/juanfont/headscale/pull/392)
2022-03-20 07:36:30 -04:00
- Added embedded DERP (and STUN) server into Headscale [#388](https://github.com/juanfont/headscale/pull/388)
2022-02-27 03:08:29 -05:00
2022-02-28 17:50:35 -05:00
### Changes
2022-02-25 03:44:16 -05:00
- Fix a bug were the same IP could be assigned to multiple hosts if joined in quick succession [#346](https://github.com/juanfont/headscale/pull/346)
2022-02-28 17:11:31 -05:00
- Simplify the code behind registration of machines [#366](https://github.com/juanfont/headscale/pull/366)
- Nodes are now only written to database if they are registrated successfully
2022-03-01 16:50:22 -05:00
- Fix a limitation in the ACLs that prevented users to write rules with `*` as source [#374](https://github.com/juanfont/headscale/issues/374)
2022-03-02 03:15:21 -05:00
- Reduce the overhead of marshal/unmarshal for Hostinfo, routes and endpoints by using specific types in Machine [#371](https://github.com/juanfont/headscale/pull/371)
2022-03-07 17:14:39 -05:00
- Apply normalization function to FQDN on hostnames when hosts registers and retrieve informations [#363](https://github.com/juanfont/headscale/issues/363)
2022-03-18 04:34:18 -04:00
- Fix a bug that prevented the use of `tailscale logout` with OIDC [#508](https://github.com/juanfont/headscale/issues/508)
2022-03-20 07:36:30 -04:00
- Added Tailscale repo HEAD and unstable releases channel to the integration tests targets [#513](https://github.com/juanfont/headscale/pull/513)
2022-02-25 03:44:16 -05:00
2022-02-28 17:50:35 -05:00
## 0.14.0 (2022-02-24)
2022-02-28 17:50:35 -05:00
**UPCOMING ### BREAKING
From the **next\*\* version (`0.15.0`), all machines will be able to communicate regardless of
2022-02-21 10:06:20 -05:00
if they are in the same namespace. This means that the behaviour currently limited to ACLs
will become default. From version `0.15.0`, all limitation of communications must be done
with ACLs.
This is a part of aligning `headscale`'s behaviour with Tailscale's upstream behaviour.
2022-02-28 17:50:35 -05:00
### BREAKING
2022-02-14 08:02:18 -05:00
- ACLs have been rewritten to align with the bevaviour Tailscale Control Panel provides. **NOTE:** This is only active if you use ACLs
- Namespaces are now treated as Users
- All machines can communicate with all machines by default
2022-02-21 10:06:20 -05:00
- Tags should now work correctly and adding a host to Headscale should now reload the rules.
- The documentation have a [fictional example](docs/acls.md) that should cover some use cases of the ACLs features
2022-02-28 17:50:35 -05:00
### Features
- Add support for configurable mTLS [docs](docs/tls.md#configuring-mutual-tls-authentication-mtls) [#297](https://github.com/juanfont/headscale/pull/297)
2022-02-28 17:50:35 -05:00
### Changes
- Remove dependency on CGO (switch from CGO SQLite to pure Go) [#346](https://github.com/juanfont/headscale/pull/346)
2022-02-18 13:54:27 -05:00
**0.13.0 (2022-02-18):**
2022-01-30 03:21:11 -05:00
2022-02-28 17:50:35 -05:00
### Features
2022-01-30 03:25:49 -05:00
2022-01-30 03:21:11 -05:00
- Add IPv6 support to the prefix assigned to namespaces
2022-01-25 17:11:15 -05:00
- Add API Key support
- Enable remote control of `headscale` via CLI [docs](docs/remote-cli.md)
- Enable HTTP API (beta, subject to change)
- OpenID Connect users will be mapped per namespaces
- Each user will get its own namespace, created if it does not exist
- `oidc.domain_map` option has been removed
2022-08-16 04:09:28 -04:00
- `strip_email_domain` option has been added (see [config-example.yaml](./config-example.yaml))
2022-01-30 03:21:11 -05:00
2022-02-28 17:50:35 -05:00
### Changes
2022-01-30 03:25:49 -05:00
- `ip_prefix` is now superseded by `ip_prefixes` in the configuration [#208](https://github.com/juanfont/headscale/pull/208)
2022-02-11 03:45:02 -05:00
- Upgrade `tailscale` (1.20.4) and other dependencies to latest [#314](https://github.com/juanfont/headscale/pull/314)
2022-02-11 05:56:46 -05:00
- fix swapped machine<->namespace labels in `/metrics` [#312](https://github.com/juanfont/headscale/pull/312)
2022-02-12 15:50:17 -05:00
- remove key-value based update mechanism for namespace changes [#316](https://github.com/juanfont/headscale/pull/316)
2022-01-29 09:31:42 -05:00
2022-01-29 15:04:56 -05:00
**0.12.4 (2022-01-29):**
2022-02-28 17:50:35 -05:00
### Changes
2022-01-29 15:04:56 -05:00
2022-01-29 09:31:42 -05:00
- Make gRPC Unix Socket permissions configurable [#292](https://github.com/juanfont/headscale/pull/292)
- Trim whitespace before reading Private Key from file [#289](https://github.com/juanfont/headscale/pull/289)
2022-01-29 09:33:12 -05:00
- Add new command to generate a private key for `headscale` [#290](https://github.com/juanfont/headscale/pull/290)
2022-01-28 16:00:13 -05:00
- Fixed issue where hosts deleted from control server may be written back to the database, as long as they are connected to the control server [#278](https://github.com/juanfont/headscale/pull/278)
2022-01-29 09:31:42 -05:00
2022-02-28 17:50:35 -05:00
## 0.12.3 (2022-01-13)
2022-01-13 06:42:56 -05:00
2022-02-28 17:50:35 -05:00
### Changes
2022-01-13 06:42:56 -05:00
- Added Alpine container [#270](https://github.com/juanfont/headscale/pull/270)
- Minor updates in dependencies [#271](https://github.com/juanfont/headscale/pull/271)
2022-02-28 17:50:35 -05:00
## 0.12.2 (2022-01-11)
2022-01-11 09:45:13 -05:00
Happy New Year!
2022-02-28 17:50:35 -05:00
### Changes
2022-01-11 09:45:13 -05:00
- Fix Docker release [#258](https://github.com/juanfont/headscale/pull/258)
- Rewrite main docs [#262](https://github.com/juanfont/headscale/pull/262)
- Improve Docker docs [#263](https://github.com/juanfont/headscale/pull/263)
2022-02-28 17:50:35 -05:00
## 0.12.1 (2021-12-24)
2021-12-24 10:39:22 -05:00
(We are skipping 0.12.0 to correct a mishap done weeks ago with the version tagging)
2021-11-29 12:31:19 -05:00
2022-02-28 17:50:35 -05:00
### BREAKING
2021-11-29 12:31:19 -05:00
2021-11-29 12:34:41 -05:00
- Upgrade to Tailscale 1.18 [#229](https://github.com/juanfont/headscale/pull/229)
- This change requires a new format for private key, private keys are now generated automatically:
1. Delete your current key
2. Restart `headscale`, a new key will be generated.
3. Restart all Tailscale clients to fetch the new key
2021-11-29 12:31:19 -05:00
2022-02-28 17:50:35 -05:00
### Changes
2021-11-29 12:34:41 -05:00
2021-11-30 04:17:21 -05:00
- Unify configuration example [#197](https://github.com/juanfont/headscale/pull/197)
2021-11-29 12:31:19 -05:00
- Add stricter linting and formatting [#223](https://github.com/juanfont/headscale/pull/223)
2021-11-29 14:45:31 -05:00
2022-02-28 17:50:35 -05:00
### Features
2021-11-30 04:16:09 -05:00
2021-11-30 04:17:21 -05:00
- Add gRPC and HTTP API (HTTP API is currently disabled) [#204](https://github.com/juanfont/headscale/pull/204)
- Use gRPC between the CLI and the server [#206](https://github.com/juanfont/headscale/pull/206), [#212](https://github.com/juanfont/headscale/pull/212)
- Beta OpenID Connect support [#126](https://github.com/juanfont/headscale/pull/126), [#227](https://github.com/juanfont/headscale/pull/227)
2021-11-30 04:16:09 -05:00
2022-02-28 17:50:35 -05:00
## 0.11.0 (2021-10-25)
2021-11-29 14:45:31 -05:00
2022-02-28 17:50:35 -05:00
### BREAKING
2021-11-29 14:45:31 -05:00
- Make headscale fetch DERP map from URL and file [#196](https://github.com/juanfont/headscale/pull/196)