Compare commits
4 Commits
db1fac6ea1
...
4dc3164740
Author | SHA1 | Date |
---|---|---|
Kedas | 4dc3164740 | |
Dan Pastusek | 2bac80cfbf | |
Michael Savage | 93a915c096 | |
Kedas | e72bd1cc8c |
|
@ -40,6 +40,11 @@ grpc_listen_addr: 127.0.0.1:50443
|
|||
# are doing.
|
||||
grpc_allow_insecure: false
|
||||
|
||||
# Use separate a certificate for gRPC, this overwrites
|
||||
# the global certificate.
|
||||
grpc_tls_cert_path: ""
|
||||
grpc_tls_key_path: ""
|
||||
|
||||
# The Noise section includes specific configuration for the
|
||||
# TS2021 Noise protocol
|
||||
noise:
|
||||
|
|
|
@ -20,17 +20,19 @@ configuration (`/etc/headscale/config.yaml`).
|
|||
|
||||
## Installation
|
||||
|
||||
1. Download the latest Headscale package for your platform (`.deb` for Ubuntu and Debian) from [Headscale's releases page](https://github.com/juanfont/headscale/releases):
|
||||
1. Download the [latest Headscale package](https://github.com/juanfont/headscale/releases/latest) for your platform (`.deb` for Ubuntu and Debian).
|
||||
|
||||
```shell
|
||||
HEADSCALE_VERSION="" # See above URL for latest version, e.g. "X.Y.Z" (NOTE: do not add the "v" prefix!)
|
||||
HEADSCALE_ARCH="" # Your system architecture, e.g. "amd64"
|
||||
wget --output-document=headscale.deb \
|
||||
https://github.com/juanfont/headscale/releases/download/v<HEADSCALE VERSION>/headscale_<HEADSCALE VERSION>_linux_<ARCH>.deb
|
||||
"https://github.com/juanfont/headscale/releases/download/v${HEADSCALE_VERSION}/headscale_${HEADSCALE_VERSION}_linux_${HEADSCALE_ARCH}.deb"
|
||||
```
|
||||
|
||||
1. Install Headscale:
|
||||
|
||||
```shell
|
||||
sudo apt install headscale.deb
|
||||
sudo apt install ./headscale.deb
|
||||
```
|
||||
|
||||
1. Enable Headscale service, this will start Headscale at boot:
|
||||
|
|
|
@ -9,19 +9,17 @@
|
|||
|
||||
## Goal
|
||||
|
||||
This documentation has the goal of showing a user how-to install and run `headscale` on OpenBSD 7.1.
|
||||
This documentation has the goal of showing a user how-to install and run `headscale` on OpenBSD.
|
||||
In additional to the "get up and running section", there is an optional [rc.d section](#running-headscale-in-the-background-with-rcd)
|
||||
describing how to make `headscale` run properly in a server environment.
|
||||
|
||||
## Install `headscale`
|
||||
|
||||
1. Install from ports (not recommended)
|
||||
1. Install from ports
|
||||
|
||||
!!! info
|
||||
You can install headscale from ports by running `pkg_add headscale`.
|
||||
|
||||
As of OpenBSD 7.2, there's a headscale in ports collection, however, it's severely outdated(v0.12.4). You can install it via `pkg_add headscale`.
|
||||
|
||||
1. Install from source on OpenBSD 7.2
|
||||
1. Install from source
|
||||
|
||||
```shell
|
||||
# Install prerequistes
|
||||
|
|
|
@ -650,9 +650,27 @@ func (h *Headscale) Serve() error {
|
|||
// https://github.com/soheilhy/cmux/issues/68
|
||||
// https://github.com/soheilhy/cmux/issues/91
|
||||
|
||||
grpcTlsConfig := &tls.Config{
|
||||
NextProtos: []string{"http/1.1"},
|
||||
Certificates: make([]tls.Certificate, 1),
|
||||
MinVersion: tls.VersionTLS12,
|
||||
}
|
||||
|
||||
if h.cfg.TLS.GRPCCertPath == "" && h.cfg.TLS.GRPCKeyPath == "" {
|
||||
grpcTlsConfig = tlsConfig
|
||||
} else {
|
||||
grpcTlsConfig.Certificates[0], err = tls.LoadX509KeyPair(h.cfg.TLS.GRPCCertPath, h.cfg.TLS.GRPCKeyPath)
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to set up gRPC TLS configuration")
|
||||
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
var grpcServer *grpc.Server
|
||||
var grpcListener net.Listener
|
||||
if tlsConfig != nil || h.cfg.GRPCAllowInsecure {
|
||||
if grpcTlsConfig != nil || h.cfg.GRPCAllowInsecure {
|
||||
log.Info().Msgf("Enabling remote gRPC at %s", h.cfg.GRPCAddr)
|
||||
|
||||
grpcOptions := []grpc.ServerOption{
|
||||
|
@ -665,9 +683,9 @@ func (h *Headscale) Serve() error {
|
|||
),
|
||||
}
|
||||
|
||||
if tlsConfig != nil {
|
||||
if grpcTlsConfig != nil {
|
||||
grpcOptions = append(grpcOptions,
|
||||
grpc.Creds(credentials.NewTLS(tlsConfig)),
|
||||
grpc.Creds(credentials.NewTLS(grpcTlsConfig)),
|
||||
)
|
||||
} else {
|
||||
log.Warn().Msg("gRPC is running without security")
|
||||
|
|
|
@ -108,6 +108,8 @@ type DatabaseConfig struct {
|
|||
type TLSConfig struct {
|
||||
CertPath string
|
||||
KeyPath string
|
||||
GRPCCertPath string
|
||||
GRPCKeyPath string
|
||||
|
||||
LetsEncrypt LetsEncryptConfig
|
||||
}
|
||||
|
@ -311,6 +313,12 @@ func GetTLSConfig() TLSConfig {
|
|||
KeyPath: util.AbsolutePathFromConfigPath(
|
||||
viper.GetString("tls_key_path"),
|
||||
),
|
||||
GRPCCertPath: util.AbsolutePathFromConfigPath(
|
||||
viper.GetString("grpc_tls_cert_path"),
|
||||
),
|
||||
GRPCKeyPath: util.AbsolutePathFromConfigPath(
|
||||
viper.GetString("grpc_tls_key_path"),
|
||||
),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue