Do not offer the option to be DERP insecure
Websockets, in which DERP is based, requires a TLS certificate. At the same time, if we use a certificate it must be valid... otherwise Tailscale wont connect (does not have an Insecure option). So there is no option to expose insecure here
This commit is contained in:
Juan Font Alonso
parent
758b1ba1cb
commit
df37d1a639
3 changed files with 8 additions and 15 deletions
16
app.go
16
app.go
|
|
@ -122,7 +122,6 @@ type OIDCConfig struct {
|
|||
|
||||
type DERPConfig struct {
|
||||
ServerEnabled bool
|
||||
ServerInsecure bool
|
||||
URLs []url.URL
|
||||
Paths []string
|
||||
AutoUpdate bool
|
||||
|
|
@ -280,11 +279,10 @@ func NewHeadscale(cfg Config) (*Headscale, error) {
|
|||
Avoid: false,
|
||||
Nodes: []*tailcfg.DERPNode{
|
||||
{
|
||||
Name: "999a",
|
||||
RegionID: 999,
|
||||
HostName: host,
|
||||
DERPPort: port,
|
||||
InsecureForTests: cfg.DERP.ServerInsecure,
|
||||
Name: "999a",
|
||||
RegionID: 999,
|
||||
HostName: host,
|
||||
DERPPort: port,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
@ -516,9 +514,9 @@ func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *gin.Engine {
|
|||
router.GET("/swagger/v1/openapiv2.json", SwaggerAPIv1)
|
||||
|
||||
if h.cfg.DERP.ServerEnabled {
|
||||
router.Any("/derp", h.EmbeddedDERPHandler)
|
||||
router.Any("/derp/probe", h.EmbeddedDERPProbeHandler)
|
||||
router.Any("/bootstrap-dns", h.EmbeddedDERPBootstrapDNSHandler)
|
||||
router.Any("/derp", h.DERPHandler)
|
||||
router.Any("/derp/probe", h.DERPProbeHandler)
|
||||
router.Any("/bootstrap-dns", h.DERPBootstrapDNSHandler)
|
||||
}
|
||||
|
||||
api := router.Group("/api")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue