Merge e72bd1cc8c into 2bac80cfbf

[DOCS] Make linux installation instructions more clear (#1927 )
* Make linux installation instructions more clear * Update running-headscale-linux.md
2024-05-06 15:46:08 -04:00 · 2024-05-06 20:06:30 +02:00 · 2024-05-06 20:03:21 +02:00 · 2024-04-13 04:49:25 +00:00
5 changed files with 43 additions and 12 deletions
--- a/config-example.yaml
+++ b/config-example.yaml
@ -40,6 +40,11 @@ grpc_listen_addr: 127.0.0.1:50443
 # are doing.
 grpc_allow_insecure: false

+# Use separate a certificate for gRPC, this overwrites
+# the global certificate.
+grpc_tls_cert_path: ""
+grpc_tls_key_path: ""
+
 # The Noise section includes specific configuration for the
 # TS2021 Noise protocol
 noise:
--- a/docs/running-headscale-linux.md
+++ b/docs/running-headscale-linux.md
@ -20,17 +20,19 @@ configuration (`/etc/headscale/config.yaml`).

 ## Installation

-1. Download the latest Headscale package for your platform (`.deb` for Ubuntu and Debian) from [Headscale's releases page](https://github.com/juanfont/headscale/releases):
+1. Download the [latest Headscale package](https://github.com/juanfont/headscale/releases/latest) for your platform (`.deb` for Ubuntu and Debian).

    ```shell
+    HEADSCALE_VERSION="" # See above URL for latest version, e.g. "X.Y.Z" (NOTE: do not add the "v" prefix!)
+    HEADSCALE_ARCH="" # Your system architecture, e.g. "amd64"
    wget --output-document=headscale.deb \
-      https://github.com/juanfont/headscale/releases/download/v<HEADSCALE VERSION>/headscale_<HEADSCALE VERSION>_linux_<ARCH>.deb
+      "https://github.com/juanfont/headscale/releases/download/v${HEADSCALE_VERSION}/headscale_${HEADSCALE_VERSION}_linux_${HEADSCALE_ARCH}.deb"
    ```

 1. Install Headscale:

    ```shell
-    sudo apt install headscale.deb
+    sudo apt install ./headscale.deb
    ```

 1. Enable Headscale service, this will start Headscale at boot:
--- a/docs/running-headscale-openbsd.md
+++ b/docs/running-headscale-openbsd.md
@ -9,19 +9,17 @@

 ## Goal

-This documentation has the goal of showing a user how-to install and run `headscale` on OpenBSD 7.1.
+This documentation has the goal of showing a user how-to install and run `headscale` on OpenBSD.
 In additional to the "get up and running section", there is an optional [rc.d section](#running-headscale-in-the-background-with-rcd)
 describing how to make `headscale` run properly in a server environment.

 ## Install `headscale`

-1. Install from ports (not recommended)
+1. Install from ports

-    !!! info
+    You can install headscale from ports by running `pkg_add headscale`.

-        As of OpenBSD 7.2, there's a headscale in ports collection, however, it's severely outdated(v0.12.4). You can install it via `pkg_add headscale`.
-
-1. Install from source on OpenBSD 7.2
+1. Install from source

    ```shell
    # Install prerequistes
--- a/hscontrol/app.go
+++ b/hscontrol/app.go
@ -650,9 +650,27 @@ func (h *Headscale) Serve() error {
 	// https://github.com/soheilhy/cmux/issues/68
 	// https://github.com/soheilhy/cmux/issues/91

+	grpcTlsConfig := &tls.Config{
+		NextProtos:   []string{"http/1.1"},
+		Certificates: make([]tls.Certificate, 1),
+		MinVersion:   tls.VersionTLS12,
+	}
+
+	if h.cfg.TLS.GRPCCertPath == "" && h.cfg.TLS.GRPCKeyPath == "" {
+		grpcTlsConfig = tlsConfig
+	} else {
+		grpcTlsConfig.Certificates[0], err = tls.LoadX509KeyPair(h.cfg.TLS.GRPCCertPath, h.cfg.TLS.GRPCKeyPath)
+
+		if err != nil {
+			log.Error().Err(err).Msg("Failed to set up gRPC TLS configuration")
+
+			return err
+		}
+	}
+
 	var grpcServer *grpc.Server
 	var grpcListener net.Listener
-	if tlsConfig != nil || h.cfg.GRPCAllowInsecure {
+	if grpcTlsConfig != nil || h.cfg.GRPCAllowInsecure {
 		log.Info().Msgf("Enabling remote gRPC at %s", h.cfg.GRPCAddr)

 		grpcOptions := []grpc.ServerOption{
@ -665,9 +683,9 @@ func (h *Headscale) Serve() error {
 			),
 		}

-		if tlsConfig != nil {
+		if grpcTlsConfig != nil {
 			grpcOptions = append(grpcOptions,
-				grpc.Creds(credentials.NewTLS(tlsConfig)),
+				grpc.Creds(credentials.NewTLS(grpcTlsConfig)),
 			)
 		} else {
 			log.Warn().Msg("gRPC is running without security")
--- a/hscontrol/types/config.go
+++ b/hscontrol/types/config.go
@ -108,6 +108,8 @@ type DatabaseConfig struct {
 type TLSConfig struct {
 	CertPath string
 	KeyPath  string
+	GRPCCertPath string
+	GRPCKeyPath  string

 	LetsEncrypt LetsEncryptConfig
 }
@ -311,6 +313,12 @@ func GetTLSConfig() TLSConfig {
 		KeyPath: util.AbsolutePathFromConfigPath(
 			viper.GetString("tls_key_path"),
 		),
+		GRPCCertPath: util.AbsolutePathFromConfigPath(
+			viper.GetString("grpc_tls_cert_path"),
+		),
+		GRPCKeyPath: util.AbsolutePathFromConfigPath(
+			viper.GetString("grpc_tls_key_path"),
+		),
 	}
 }
Author	SHA1	Message	Date
Kedas	4dc3164740	Merge `e72bd1cc8c` into `2bac80cfbf`	2024-05-06 15:46:08 -04:00
Dan Pastusek	2bac80cfbf	[DOCS] Make linux installation instructions more clear (#1927 ) * Make linux installation instructions more clear * Update running-headscale-linux.md	2024-05-06 20:06:30 +02:00
Michael Savage	93a915c096	Update OpenBSD installation docs for 2024 (#1915 )	2024-05-06 20:03:21 +02:00
Kedas	e72bd1cc8c	feat: add config to overwrite grpc certificate	2024-04-13 04:49:25 +00:00