eyjhb/headscale
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Making client authentication mode configurable

Browse source
This commit is contained in:
Justin Angel 2022-01-29 12:59:31 -05:00
parent 052fccdc98
commit 9e619fc020
2 changed files with 29 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
cmd/headscale/cli/utils.go
View file

@ -40,6 +40,7 @@ func LoadConfig(path string) error {
viper.SetDefault("tls_letsencrypt_cache_dir", "/var/www/.cache")
viper.SetDefault("tls_letsencrypt_challenge_type", "HTTP-01")
viper.SetDefault("tls_client_auth_mode", "disabled")
viper.SetDefault("ip_prefix", "100.64.0.0/10")
@ -80,6 +81,12 @@ func LoadConfig(path string) error {
!strings.HasPrefix(viper.GetString("server_url"), "https://") {
errorText += "Fatal config error: server_url must start with https:// or http://\n"
}
auth_mode := viper.GetString("tls_client_auth_mode")
if (auth_mode != "disabled" && auth_mode != "enforced"){
errorText += "Invalid tls_client_auth_mode supplied. Accepted values: disabled, enforced."
}
if errorText != "" {
//nolint
return errors.New(strings.TrimSuffix(errorText, "\n"))
@ -251,6 +258,7 @@ func getHeadscaleConfig() headscale.Config {
TLSCertPath: absPath(viper.GetString("tls_cert_path")),
TLSKeyPath: absPath(viper.GetString("tls_key_path")),
TLSClientAuthMode: viper.GetString("tls_client_auth_mode"),
DNSConfig: dnsConfig,