config: loosen up BaseDomain and ServerURL checks #2248
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Requirements [here][1]: > OK: > server_url: headscale.com, base: clients.headscale.com > server_url: headscale.com, base: headscale.net > > Not OK: > server_url: server.headscale.com, base: headscale.com > > Essentially we have to prevent the possibility where the headscale > server has a URL which can also be assigned to a node. > > So for the Not OK scenario: > > if the server is: server.headscale.com, and a node joins with the name > server, it will be assigned server.headscale.com and that will break > the connection for nodes which will now try to connect to that node > instead of the headscale server. Fixes juanfont#2210 [1]: juanfont#2210 (comment)
motiejus
requested review from
ohdearaugustin,
nblock,
juanfont and
kradalby
as code owners
4 tasks
quite
reviewed
Nov 21, 2024
|
|
||
| // OK | ||
| // server_url: headscale.com, base: clients.headscale.com | ||
| // server_url: headscale.com, base: headscale.net |
There was a problem hiding this comment.
It is said elsewhere that server url must not be a suffix of the base_domain. To me, server is a suffix of base here -- yes, additionally they are equal. Perhaps the wording using "suffix" needs to be adjusted?
There was a problem hiding this comment.
you are write, it should probably be reformulated since we allow different domains, open to proposals.
There was a problem hiding this comment.
See updated error message. I think the new one is more intuitive, see if you like it better
kradalby
reviewed
Nov 21, 2024
|
|
||
| // OK | ||
| // server_url: headscale.com, base: clients.headscale.com | ||
| // server_url: headscale.com, base: headscale.net |
There was a problem hiding this comment.
you are write, it should probably be reformulated since we allow different domains, open to proposals.
…and add a test case for the bug.
kradalby
approved these changes
Nov 21, 2024
motiejus
added a commit
to motiejus/nixpkgs
that referenced
this pull request
Nov 21, 2024
Currently users upgrading from 24.05 to 24.11 may stumble across an overly-restrictive BaseURL and ServerURL check in headscale[1]. A fix has been merged upstream[2], this is backport, so users can have it easier upgrading from 24.05 to 24.11. [1]: juanfont/headscale#2210 [2]: juanfont/headscale#2248
motiejus
added a commit
to motiejus/nixpkgs
that referenced
this pull request
Nov 21, 2024
Currently users upgrading from 24.05 to 24.11 may stumble across an overly-restrictive BaseURL and ServerURL check in headscale[1]. A fix has been merged upstream[2], this is backport, so users can have it easier upgrading from 24.05 to 24.11. [1]: juanfont/headscale#2210 [2]: juanfont/headscale#2248
13 tasks
|
@kradalby since we're here, I would appreciate if you could stamp my NixOS backport. :) NixOS/nixpkgs#357969 |
13 tasks
motiejus
added a commit
to motiejus/nixpkgs
that referenced
this pull request
Nov 22, 2024
Currently users upgrading from 24.05 to 24.11 may stumble across an overly-restrictive BaseURL and ServerURL check in headscale[1]. A fix has been merged upstream[2], this is backport, so users can have it easier upgrading from 24.05 to 24.11 or unstable. The patch does not apply cleanly on v0.23.0, so putting it here instead. Supersedes NixOS#357969, this will be backported to 24.11 with a tag. [1]: juanfont/headscale#2210 [2]: juanfont/headscale#2248
wolfgangwalther
pushed a commit
to NixOS/nixpkgs
that referenced
this pull request
Jan 3, 2025
Currently users upgrading from 24.05 to 24.11 may stumble across an overly-restrictive BaseURL and ServerURL check in headscale[1]. A fix has been merged upstream[2], this is backport, so users can have it easier upgrading from 24.05 to 24.11 or unstable. The patch does not apply cleanly on v0.23.0, so putting it here instead. Supersedes #357969, this will be backported to 24.11 with a tag. [1]: juanfont/headscale#2210 [2]: juanfont/headscale#2248
nixpkgs-ci bot
pushed a commit
to NixOS/nixpkgs
that referenced
this pull request
Jan 3, 2025
Currently users upgrading from 24.05 to 24.11 may stumble across an overly-restrictive BaseURL and ServerURL check in headscale[1]. A fix has been merged upstream[2], this is backport, so users can have it easier upgrading from 24.05 to 24.11 or unstable. The patch does not apply cleanly on v0.23.0, so putting it here instead. Supersedes #357969, this will be backported to 24.11 with a tag. [1]: juanfont/headscale#2210 [2]: juanfont/headscale#2248 (cherry picked from commit f1bdc12)
thomasjm
pushed a commit
to codedownio/nixpkgs
that referenced
this pull request
Jan 5, 2025
Currently users upgrading from 24.05 to 24.11 may stumble across an overly-restrictive BaseURL and ServerURL check in headscale[1]. A fix has been merged upstream[2], this is backport, so users can have it easier upgrading from 24.05 to 24.11 or unstable. The patch does not apply cleanly on v0.23.0, so putting it here instead. Supersedes NixOS#357969, this will be backported to 24.11 with a tag. [1]: juanfont/headscale#2210 [2]: juanfont/headscale#2248
|
I want to set my base_url to example.com and the server_url to entry.example.com, I also have set split dns for entry.example.com to quad9's dns servers as to be still able to contact the headscale node. |
|
No, that is a foot gun we don't want to support or carry the issue burden for |
|
Okay, what other options would there be, I don't really want the base domain to be a subdomain, and don't want to use a separate domain for the control plane |
|
There are no other options, tailscale was designed in this way, upstream uses two domains, login.tailscale.com for the server and ts.net for basename. |
13 tasks
motiejus
added a commit
to motiejus/nixpkgs
that referenced
this pull request
Jan 17, 2025
server_url check [has been loosened upstream][1] and backported to NixOS[2]. The new, much looser check, is not practical to be implemented in Nix (you are welcome to give it a try; I've implemented the original one). Since the surface area is much smaller now (and the scenario much less common), I think we can remove this assertion altogether. [1]: juanfont/headscale#2248 [2]: NixOS#358255
nixpkgs-ci bot
pushed a commit
to NixOS/nixpkgs
that referenced
this pull request
Jan 17, 2025
server_url check [has been loosened upstream][1] and backported to NixOS[2]. The new, much looser check, is not practical to be implemented in Nix (you are welcome to give it a try; I've implemented the original one). Since the surface area is much smaller now (and the scenario much less common), I think we can remove this assertion altogether. [1]: juanfont/headscale#2248 [2]: #358255 (cherry picked from commit de0a499)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Requirements here:
Fixes #2210