100 lines
2.6 KiB
Go
100 lines
2.6 KiB
Go
package hscontrol
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"os"
|
|
|
|
"github.com/tailscale/tailsql/server/tailsql"
|
|
"tailscale.com/tsnet"
|
|
"tailscale.com/tsweb"
|
|
"tailscale.com/types/logger"
|
|
)
|
|
|
|
func runTailSQLService(ctx context.Context, logf logger.Logf, stateDir, dbPath string) error {
|
|
opts := tailsql.Options{
|
|
Hostname: "tailsql-headscale",
|
|
StateDir: stateDir,
|
|
Sources: []tailsql.DBSpec{
|
|
{
|
|
Source: "headscale",
|
|
Label: "headscale - sqlite",
|
|
Driver: "sqlite",
|
|
URL: fmt.Sprintf("file:%s?mode=ro", dbPath),
|
|
Named: map[string]string{
|
|
"schema": `select * from sqlite_schema`,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
tsNode := &tsnet.Server{
|
|
Dir: os.ExpandEnv(opts.StateDir),
|
|
Hostname: opts.Hostname,
|
|
Logf: logger.Discard,
|
|
}
|
|
// if *doDebugLog {
|
|
// tsNode.Logf = logf
|
|
// }
|
|
defer tsNode.Close()
|
|
|
|
logf("Starting tailscale (hostname=%q)", opts.Hostname)
|
|
lc, err := tsNode.LocalClient()
|
|
if err != nil {
|
|
return fmt.Errorf("connect local client: %w", err)
|
|
}
|
|
opts.LocalClient = lc // for authentication
|
|
|
|
// Make sure the Tailscale node starts up. It might not, if it is a new node
|
|
// and the user did not provide an auth key.
|
|
if st, err := tsNode.Up(ctx); err != nil {
|
|
return fmt.Errorf("starting tailscale: %w", err)
|
|
} else {
|
|
logf("tailscale started, node state %q", st.BackendState)
|
|
}
|
|
|
|
// Reaching here, we have a running Tailscale node, now we can set up the
|
|
// HTTP and/or HTTPS plumbing for TailSQL itself.
|
|
tsql, err := tailsql.NewServer(opts)
|
|
if err != nil {
|
|
return fmt.Errorf("creating tailsql server: %w", err)
|
|
}
|
|
|
|
lst, err := tsNode.Listen("tcp", ":80")
|
|
if err != nil {
|
|
return fmt.Errorf("listen port 80: %w", err)
|
|
}
|
|
|
|
if opts.ServeHTTPS {
|
|
// When serving TLS, add a redirect from HTTP on port 80 to HTTPS on 443.
|
|
certDomains := tsNode.CertDomains()
|
|
if len(certDomains) == 0 {
|
|
return fmt.Errorf("no cert domains available for HTTPS")
|
|
}
|
|
base := "https://" + certDomains[0]
|
|
go http.Serve(lst, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
target := base + r.RequestURI
|
|
http.Redirect(w, r, target, http.StatusPermanentRedirect)
|
|
}))
|
|
// log.Printf("Redirecting HTTP to HTTPS at %q", base)
|
|
|
|
// For the real service, start a separate listener.
|
|
// Note: Replaces the port 80 listener.
|
|
var err error
|
|
lst, err = tsNode.ListenTLS("tcp", ":443")
|
|
if err != nil {
|
|
return fmt.Errorf("listen TLS: %w", err)
|
|
}
|
|
logf("enabled serving via HTTPS")
|
|
}
|
|
|
|
mux := tsql.NewMux()
|
|
tsweb.Debugger(mux)
|
|
go http.Serve(lst, mux)
|
|
logf("ailSQL started")
|
|
<-ctx.Done()
|
|
logf("TailSQL shutting down...")
|
|
return tsNode.Close()
|
|
}
|