bafb6791d3
Currently the most "secret" way to specify the oidc client secret is via an environment variable `OIDC_CLIENT_SECRET`, which is problematic[1]. Lets allow reading oidc client secret from a file. For extra convenience the path to the secret will resolve the environment variables. [1]: https://systemd.io/CREDENTIALS/ |
||
---|---|---|
.. | ||
examples | ||
images | ||
logo | ||
proposals | ||
README.md | ||
acls.md | ||
android-client.md | ||
dns-records.md | ||
glossary.md | ||
oidc.md | ||
remote-cli.md | ||
reverse-proxy.md | ||
running-headscale-container.md | ||
running-headscale-linux.md | ||
running-headscale-openbsd.md | ||
tls.md | ||
windows-client.md |
README.md
headscale documentation
This page contains the official and community contributed documentation for headscale
.
If you are having trouble with following the documentation or get unexpected results, please ask on Discord instead of opening an Issue.
Official documentation
How-to
- Running headscale on Linux
- Control headscale remotely
- Using a Windows client with headscale
- Configuring OIDC
References
Community documentation
Community documentation is not actively maintained by the headscale authors and is
written by community members. It is not verified by headscale
developers.
It might be outdated and it might miss necessary steps.
- Running headscale in a container
- Running headscale on OpenBSD
- Running headscale behind a reverse proxy
- Set Custom DNS records
Misc
Policy ACLs
Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-hosted environment.
For instance, instead of referring to users when defining groups you must use namespaces (which are the equivalent to user/logins in Tailscale.com).
Please check https://tailscale.com/kb/1018/acls/, and ./tests/acls/
in this repo for working examples.
When using ACL's the Namespace borders are no longer applied. All machines whichever the Namespace have the ability to communicate with other hosts as long as the ACL's permits this exchange.
The ACLs document should help understand a fictional case of setting up ACLs in a small company. All concepts presented in this document could be applied outside of business oriented usage.
Apple devices
An endpoint with information on how to connect your Apple devices (currently macOS only) is available at /apple
on your running instance.