MyFavMirrors
/
headscale
mirror of https://github.com/juanfont/headscale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,801 Commits 53 Branches 130 Tags 42 MiB
Commit Graph

77 Commits

Author SHA1 Message Date
Kristoffer Dalby da48cf64b3 Set OpenID Connect Expiry 
This commit adds a default OpenID Connect expiry to 180d to align with
Tailscale SaaS (previously infinite or based on token expiry).

In addition, it adds an option use the expiry time from the Token sent
by the OpenID provider. This will typically cause really short expiry
and you should only turn on this option if you know what you are
desiring.

This fixes #1176.

Co-authored-by: Even Holthe <even.holthe@bekk.no>
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2023-01-31 18:55:16 +01:00
Kristoffer Dalby fb3e2dcf10 Rename namespace to user in docs 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2023-01-18 15:40:04 +01:00
Motiejus Jakštys bafb6791d3 oidc: allow reading the client secret from a file 
Currently the most "secret" way to specify the oidc client secret is via
an environment variable `OIDC_CLIENT_SECRET`, which is problematic[1].
Lets allow reading oidc client secret from a file. For extra convenience
the path to the secret will resolve the environment variables.

[1]: https://systemd.io/CREDENTIALS/
 2023-01-14 17:03:57 +01:00
Kristoffer Dalby 8ca0fb7ed0 update ip_prefixes docs 
we cant actually have arbitrary ip ranges, add a note about that.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2023-01-12 11:39:39 +01:00
Christian Heusel e2c62a7b0c document how to add new DNS records via extra_records 2023-01-01 22:45:16 +01:00
Zachary Newell 70f2f5d750 Added an OIDC AllowGroups option for authorization. 2022-12-07 08:53:16 +01:00
Orville Q. Song e69176e200 Tweak 2022-11-24 16:13:47 +01:00
Orville Q. Song d29d0222af Add a note about the db_ssl field in the example config file 2022-11-24 16:13:47 +01:00
Juan Font 935319a218 Remove mTLS from doc and config example 2022-11-19 19:50:34 +01:00
Arnar Gauti Ingason 6d3ede1367 Add support for NextDNS resolver 2022-11-18 09:38:46 +01:00
Kristoffer Dalby 3d8dd68b14 default to localhost, not listen on all 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2022-11-16 17:37:35 +01:00
Kristoffer Dalby 9790831afb Make config example "local dev first" 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2022-11-16 17:37:35 +01:00
Mesar Hameed d8e9d95a3b config-example.yaml: fix typos and improve english. 2022-11-10 15:52:57 +00:00
Kristoffer Dalby ca8bca98ed
Add support for "override local DNS" (#905) 
* Add support for "override local DNS"

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Update cli dump test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2022-10-31 16:26:18 +01:00
phpmalik 0b0fb0af22
Minor change 
Spelling mistake
listning -> listening
 2022-10-03 12:59:39 +05:30
Kristoffer Dalby 256b6cb54d
Add new option to config-example 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2022-09-26 10:01:15 +02:00
Igor Perepilitsyn dd155dca97 Create a distinct log section in config 2022-09-11 21:37:23 +02:00
Igor Perepilitsyn 2403c0e198 toggle json logging via config 2022-08-26 13:10:51 +02:00
Juan Font Alonso 4424a9abc0 Noise private key now a nested field in config 2022-08-21 10:42:23 +02:00
Juan Font 67ffebc30a
Merge branch 'main' into hs2021-v2 2022-08-18 17:56:56 +02:00
azz 0cc14d0aca
feat: added `db_ssl` to config-example.yaml 2022-08-16 09:02:51 +01:00
Juan Font c701f9e817
Merge branch 'main' into hs2021-v2 2022-08-15 22:56:39 +02:00
Victor Freire 0a5db52855 Add ability to connect to PostgreSQL via unix socket 2022-08-15 11:55:38 -03:00
Victor Freire ec5acf7be2 Add ability to connect to PostgreSQL via unix socket 2022-08-13 11:34:12 -03:00
Juan Font Alonso 6e8e2bf508 Generate and read the Noise private key 2022-08-13 11:14:38 +02:00
Juan Font Alonso 5b5298b025 Renamed config param for node update check internal 2022-07-12 12:52:03 +02:00
Juan Font Alonso cf3fc85196 Make tailnet updates check configurable 2022-07-12 12:27:28 +02:00
Anton Schubert 34be10840c add ability to set randomizeClientPort 2022-06-09 21:26:40 +02:00
Kristoffer Dalby df7d5fa2b9 Fix lint 2022-05-30 14:58:40 +02:00
Kristoffer Dalby a0c465c2eb Wire up setting to enable/disable logtail 2022-05-30 14:47:41 +02:00
Antoine POPINEAU 7cc58af932
Allow more configuration over the OIDC flow. 
Adds knobs to configure three aspects of the OpenID Connect flow:

 * Custom scopes to override the default "openid profile email".
 * Custom parameters to be added to the Authorize Endpoint request.
 * Domain allowlisting for authenticated principals.
 * User allowlisting for authenticated principals.
 2022-05-02 17:11:07 +02:00
Juan Font Alonso d5ce7d7523 Prettier 2022-03-18 13:09:57 +01:00
Juan Font Alonso 2e6687209b Make STUN server mandatory if DERP embedded is enabled 2022-03-18 12:58:00 +01:00
Juan Font Alonso b8aad5451d Make STUN run by default when embedded DERP is enabled 
This commit also allows to set an external STUN server, while running the embedded DERP server (without embedded STUN)
 2022-03-15 13:22:25 +01:00
Juan Font Alonso 580db9b58f Mention that STUN is UDP 2022-03-06 23:19:21 +01:00
Juan Font Alonso eb06054a7b Make DERP Region configurable 2022-03-06 17:25:21 +01:00
Juan Font Alonso eb500155e8 Make STUN server configurable 2022-03-06 17:00:56 +01:00
Juan Font Alonso 237f7f1027 Merge branch 'main' into embedded-derp 2022-03-05 19:42:29 +01:00
Juan Font Alonso df37d1a639 Do not offer the option to be DERP insecure 
Websockets, in which DERP is based, requires a TLS certificate. At the same time,
if we use a certificate it must be valid... otherwise Tailscale wont connect (does not
have an Insecure option). So there is no option to expose insecure here
 2022-03-05 19:19:21 +01:00
Juan Font Alonso 758b1ba1cb Renamed configuration items of the DERP server 2022-03-05 16:22:02 +01:00
zakaria 745696b310 docs: fix mistake in ACME challenge type comment 2022-03-04 12:11:43 +10:00
Kristoffer Dalby b61500670c
Merge branch 'main' into metrics-listen 2022-03-02 11:35:33 +00:00
Nico Rey 9a61725e9f Metrics: Disable toggle. Set default port to 9090 2022-02-28 10:40:02 -03:00
Kristoffer Dalby 6126d6d9b5
Merge branch 'main' into metrics-listen 2022-02-28 14:24:25 +01:00
Kristoffer Dalby e0b9a317f4 Add note to config example 2022-02-27 09:05:08 +01:00
Nico Rey 06e6c29a5b metrics: make metrics endpoint toggleable 2022-02-25 18:36:03 -03:00
Nico Rey a9122c3de3 prometheus: replace default port by a port between the recommended prometheus range 2022-02-25 18:21:20 -03:00
Nico d55c79e75b
Merge branch 'main' into metrics-listen 2022-02-24 10:41:07 -03:00
Kristoffer Dalby aa506503e2
Merge branch 'main' into feat-oidc-login-as-namespace 2022-02-24 11:40:34 +00:00
Adrien Raffin-Caboisse 4f1f235a2e feat: add strip_email_domain to normalization of namespace 2022-02-23 14:03:07 +01:00