eyjhb/headscale
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

Turn the combination of TLS-ALPN-01 and listen_addr on a port other than

Browse source 
443 into a warning, not an error, refs #53.
This commit is contained in:
Ward Vandewege 2021-07-16 22:02:05 -04:00
parent 6f20a1fc68
commit 9a24340bd4
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
cmd/headscale/cli/utils.go
View file

@ -48,7 +48,8 @@ func LoadConfig(path string) error {
}
if (viper.GetString("tls_letsencrypt_hostname") != "") && (viper.GetString("tls_letsencrypt_challenge_type") == "TLS-ALPN-01") && (!strings.HasSuffix(viper.GetString("listen_addr"), ":443")) {
errorText += "Fatal config error: when using tls_letsencrypt_hostname with TLS-ALPN-01 as challenge type, listen_addr must end in :443\n"
// this is only a warning because there could be something sitting in front of headscale that redirects the traffic (e.g. an iptables rule)
log.Println("Warning: when using tls_letsencrypt_hostname with TLS-ALPN-01 as challenge type, headscale must be reachable on port 443, i.e. listen_addr should probably end in :443")
}
if (viper.GetString("tls_letsencrypt_challenge_type") != "HTTP-01") && (viper.GetString("tls_letsencrypt_challenge_type") != "TLS-ALPN-01") {