2021-11-29 17:31:19 +00:00
# CHANGELOG
2022-12-05 21:40:21 +00:00
## 0.18.x (2022-xx-xx)
2022-12-05 14:08:02 +00:00
### Changes
2022-12-07 08:37:45 +00:00
- Reworked routing and added support for subnet router failover [#1024 ](https://github.com/juanfont/headscale/pull/1024 )
- Added an OIDC AllowGroups Configuration options and authorization check [#1041 ](https://github.com/juanfont/headscale/pull/1041 )
- Set `db_ssl` to false by default [#1052 ](https://github.com/juanfont/headscale/pull/1052 )
2022-12-05 14:08:02 +00:00
## 0.17.1 (2022-12-05)
2022-12-03 14:57:01 +00:00
### Changes
- Correct typo on macOS standalone profile link [#1028 ](https://github.com/juanfont/headscale/pull/1028 )
2022-12-05 14:07:07 +00:00
- Update platform docs with Fast User Switching [#1016 ](https://github.com/juanfont/headscale/pull/1016 )
2022-12-03 14:57:01 +00:00
2022-12-01 13:27:42 +00:00
## 0.17.0 (2022-11-26)
2022-08-14 21:22:41 +00:00
2022-09-11 19:37:38 +00:00
### BREAKING
2022-12-01 13:27:42 +00:00
- `noise.private_key_path` has been added and is required for the new noise protocol.
2022-09-11 19:37:38 +00:00
- Log level option `log_level` was moved to a distinct `log` config section and renamed to `level` [#768 ](https://github.com/juanfont/headscale/pull/768 )
2022-11-14 16:24:06 +00:00
- Removed Alpine Linux container image [#962 ](https://github.com/juanfont/headscale/pull/962 )
2022-09-11 19:44:28 +00:00
2022-11-26 10:57:51 +00:00
### Important Changes
2022-09-11 19:37:38 +00:00
2022-08-21 10:32:01 +00:00
- Added support for Tailscale TS2021 protocol [#738 ](https://github.com/juanfont/headscale/pull/738 )
2022-11-26 10:57:51 +00:00
- Add experimental support for [SSH ACL ](https://tailscale.com/kb/1018/acls/#tailscale-ssh ) (see docs for limitations) [#847 ](https://github.com/juanfont/headscale/pull/847 )
- Please note that this support should be considered _partially_ implemented
- SSH ACLs status:
- Support `accept` and `check` (SSH can be enabled and used for connecting and authentication)
- Rejecting connections **are not supported** , meaning that if you enable SSH, then assume that _all_ `ssh` connections **will be allowed** .
- If you decied to try this feature, please carefully managed permissions by blocking port `22` with regular ACLs or do _not_ set `--ssh` on your clients.
- We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
- This feature should be considered dangerous and it is disabled by default. Enable by setting `HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1` .
### Changes
2022-08-22 12:20:20 +00:00
- Add ability to specify config location via env var `HEADSCALE_CONFIG` [#674 ](https://github.com/juanfont/headscale/issues/674 )
2022-09-03 10:24:22 +00:00
- Target Go 1.19 for Headscale [#778 ](https://github.com/juanfont/headscale/pull/778 )
2022-09-03 21:19:07 +00:00
- Target Tailscale v1.30.0 to build Headscale [#780 ](https://github.com/juanfont/headscale/pull/780 )
2022-09-04 14:23:46 +00:00
- Give a warning when running Headscale with reverse proxy improperly configured for WebSockets [#788 ](https://github.com/juanfont/headscale/pull/788 )
2022-09-18 10:14:49 +00:00
- Fix subnet routers with Primary Routes [#811 ](https://github.com/juanfont/headscale/pull/811 )
2022-09-11 19:37:38 +00:00
- Added support for JSON logs [#653 ](https://github.com/juanfont/headscale/issues/653 )
2022-09-23 08:44:29 +00:00
- Sanitise the node key passed to registration url [#823 ](https://github.com/juanfont/headscale/pull/823 )
2022-09-23 08:13:48 +00:00
- Add support for generating pre-auth keys with tags [#767 ](https://github.com/juanfont/headscale/pull/767 )
2022-09-23 08:08:59 +00:00
- Add support for evaluating `autoApprovers` ACL entries when a machine is registered [#763 ](https://github.com/juanfont/headscale/pull/763 )
2022-09-26 08:01:01 +00:00
- Add config flag to allow Headscale to start if OIDC provider is down [#829 ](https://github.com/juanfont/headscale/pull/829 )
2022-11-01 11:00:40 +00:00
- Fix prefix length comparison bug in AutoApprovers route evaluation [#862 ](https://github.com/juanfont/headscale/pull/862 )
2022-08-31 11:41:01 +00:00
- Random node DNS suffix only applied if names collide in namespace. [#766 ](https://github.com/juanfont/headscale/issues/766 )
2022-10-30 21:31:18 +00:00
- Remove `ip_prefix` configuration option and warning [#899 ](https://github.com/juanfont/headscale/pull/899 )
2022-10-31 15:26:18 +00:00
- Add `dns_config.override_local_dns` option [#905 ](https://github.com/juanfont/headscale/pull/905 )
2022-10-31 14:59:50 +00:00
- Fix some DNS config issues [#660 ](https://github.com/juanfont/headscale/issues/660 )
2022-11-04 10:26:33 +00:00
- Make it possible to disable TS2019 with build flag [#928 ](https://github.com/juanfont/headscale/pull/928 )
2022-11-15 14:41:46 +00:00
- Fix OIDC registration issues [#960 ](https://github.com/juanfont/headscale/pull/960 ) and [#971 ](https://github.com/juanfont/headscale/pull/971 )
2022-11-07 20:10:06 +00:00
- Add support for specifying NextDNS DNS-over-HTTPS resolver [#940 ](https://github.com/juanfont/headscale/pull/940 )
2022-11-24 14:33:19 +00:00
- Make more sslmode available for postgresql connection [#927 ](https://github.com/juanfont/headscale/pull/927 )
2022-08-21 10:32:01 +00:00
2022-08-21 08:51:58 +00:00
## 0.16.4 (2022-08-21)
### Changes
2022-08-16 08:09:28 +00:00
- Add ability to connect to PostgreSQL over TLS/SSL [#745 ](https://github.com/juanfont/headscale/pull/745 )
2022-08-19 12:14:30 +00:00
- Fix CLI registration of expired machines [#754 ](https://github.com/juanfont/headscale/pull/754 )
2022-08-16 08:09:28 +00:00
2022-08-17 15:08:29 +00:00
## 0.16.3 (2022-08-17)
### Changes
- Fix issue with OIDC authentication [#747 ](https://github.com/juanfont/headscale/pull/747 )
2022-08-14 21:22:41 +00:00
## 0.16.2 (2022-08-14)
### Changes
- Fixed bugs in the client registration process after migration to NodeKey [#735 ](https://github.com/juanfont/headscale/pull/735 )
## 0.16.1 (2022-08-12)
### Changes
2022-07-25 08:35:21 +00:00
2022-08-10 09:04:42 +00:00
- Updated dependencies (including the library that lacked armhf support) [#722 ](https://github.com/juanfont/headscale/pull/722 )
2022-08-04 08:51:06 +00:00
- Fix missing group expansion in function `excludeCorretlyTaggedNodes` [#563 ](https://github.com/juanfont/headscale/issues/563 )
2022-08-12 07:31:11 +00:00
- Improve registration protocol implementation and switch to NodeKey as main identifier [#725 ](https://github.com/juanfont/headscale/pull/725 )
2022-08-12 17:00:16 +00:00
- Add ability to connect to PostgreSQL via unix socket [#734 ](https://github.com/juanfont/headscale/pull/734 )
2022-08-04 08:51:06 +00:00
2022-07-25 08:35:21 +00:00
## 0.16.0 (2022-07-25)
**Note:** Take a backup of your database before upgrading.
2022-03-20 14:07:22 +00:00
2022-06-08 16:12:56 +00:00
### BREAKING
- Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check [the new syntax ](https://tailscale.com/kb/1018/acls/ ).
2022-03-21 08:49:14 +00:00
### Changes
2022-04-07 18:21:26 +00:00
2022-06-03 17:35:47 +00:00
- **Drop** armhf (32-bit ARM) support. [#609 ](https://github.com/juanfont/headscale/pull/609 )
2022-04-06 21:41:13 +00:00
- Headscale fails to serve if the ACL policy file cannot be parsed [#537 ](https://github.com/juanfont/headscale/pull/537 )
2022-03-21 08:49:14 +00:00
- Fix labels cardinality error when registering unknown pre-auth key [#519 ](https://github.com/juanfont/headscale/pull/519 )
2022-04-10 20:47:35 +00:00
- Fix send on closed channel crash in polling [#542 ](https://github.com/juanfont/headscale/pull/542 )
2022-04-30 14:50:55 +00:00
- Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes [#566 ](https://github.com/juanfont/headscale/pull/566 )
2022-05-01 13:47:34 +00:00
- Add command for moving nodes between namespaces [#362 ](https://github.com/juanfont/headscale/issues/362 )
2022-04-25 19:05:37 +00:00
- Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
2022-05-13 09:51:31 +00:00
- Add command to set tags on a node [#525 ](https://github.com/juanfont/headscale/issues/525 )
- Add command to view tags of nodes [#356 ](https://github.com/juanfont/headscale/issues/356 )
2022-05-14 12:36:04 +00:00
- Add --all (-a) flag to enable routes command [#360 ](https://github.com/juanfont/headscale/issues/360 )
2022-05-30 11:27:57 +00:00
- Fix issue where nodes was not updated across namespaces [#560 ](https://github.com/juanfont/headscale/pull/560 )
- Add the ability to rename a nodes name [#560 ](https://github.com/juanfont/headscale/pull/560 )
- Node DNS names are now unique, a random suffix will be added when a node joins
- This change contains database changes, remember to **backup** your database before upgrading
2022-05-30 12:57:49 +00:00
- Add option to enable/disable logtail (Tailscale's logging infrastructure) [#596 ](https://github.com/juanfont/headscale/pull/596 )
- This change disables the logs by default
2022-05-31 07:42:50 +00:00
- Use [Prometheus]'s duration parser, supporting days (`d`), weeks (`w`) and years (`y`) [#598 ](https://github.com/juanfont/headscale/pull/598 )
2022-05-31 12:30:11 +00:00
- Add support for reloading ACLs with SIGHUP [#601 ](https://github.com/juanfont/headscale/pull/601 )
2022-06-08 16:12:56 +00:00
- Use new ACL syntax [#618 ](https://github.com/juanfont/headscale/pull/618 )
2022-06-05 15:15:21 +00:00
- Add -c option to specify config file from command line [#285 ](https://github.com/juanfont/headscale/issues/285 ) [#612 ](https://github.com/juanfont/headscale/pull/601 )
2022-06-11 12:49:17 +00:00
- Add configuration option to allow Tailscale clients to use a random WireGuard port. [kb/1181/firewalls ](https://tailscale.com/kb/1181/firewalls ) [#624 ](https://github.com/juanfont/headscale/pull/624 )
2022-06-12 13:18:49 +00:00
- Improve obtuse UX regarding missing configuration (`ephemeral_node_inactivity_timeout` not set) [#639 ](https://github.com/juanfont/headscale/pull/639 )
2022-06-26 07:30:16 +00:00
- Fix nodes being shown as 'offline' in `tailscale status` [#648 ](https://github.com/juanfont/headscale/pull/648 )
2022-06-26 07:29:33 +00:00
- Improve shutdown behaviour [#651 ](https://github.com/juanfont/headscale/pull/651 )
2022-07-19 12:45:23 +00:00
- Drop Gin as web framework in Headscale [648 ](https://github.com/juanfont/headscale/pull/648 ) [677 ](https://github.com/juanfont/headscale/pull/677 )
2022-07-12 10:52:03 +00:00
- Make tailnet node updates check interval configurable [#675 ](https://github.com/juanfont/headscale/pull/675 )
2022-07-21 21:59:44 +00:00
- Fix regression with HTTP API [#684 ](https://github.com/juanfont/headscale/pull/684 )
2022-07-22 20:47:37 +00:00
- nodes ls now print both Hostname and Name(Issue [#647 ](https://github.com/juanfont/headscale/issues/647 ) PR [#687 ](https://github.com/juanfont/headscale/pull/687 ))
2022-03-21 08:49:14 +00:00
2022-03-20 12:36:25 +00:00
## 0.15.0 (2022-03-20)
2021-12-24 15:46:04 +00:00
2022-02-28 22:50:35 +00:00
**Note:** Take a backup of your database before upgrading.
### BREAKING
2022-02-25 09:30:58 +00:00
- Boundaries between Namespaces has been removed and all nodes can communicate by default [#357 ](https://github.com/juanfont/headscale/pull/357 )
- To limit access between nodes, use [ACLs ](./docs/acls.md ).
2022-03-02 12:22:29 +00:00
- `/metrics` is now a configurable host:port endpoint: [#344 ](https://github.com/juanfont/headscale/pull/344 ). You must update your `config.yaml` file to include:
```yaml
metrics_listen_addr: 127.0.0.1:9090
```
2022-02-25 09:30:58 +00:00
2022-03-01 14:18:24 +00:00
### Features
2022-02-27 08:08:29 +00:00
- Add support for writing ACL files with YAML [#359 ](https://github.com/juanfont/headscale/pull/359 )
2022-03-01 20:16:33 +00:00
- Users can now use emails in ACL's groups [#372 ](https://github.com/juanfont/headscale/issues/372 )
2022-03-02 09:53:07 +00:00
- Add shorthand aliases for commands and subcommands [#376 ](https://github.com/juanfont/headscale/pull/376 )
2022-03-04 09:52:42 +00:00
- Add `/windows` endpoint for Windows configuration instructions + registry file download [#392 ](https://github.com/juanfont/headscale/pull/392 )
2022-03-20 11:36:30 +00:00
- Added embedded DERP (and STUN) server into Headscale [#388 ](https://github.com/juanfont/headscale/pull/388 )
2022-02-27 08:08:29 +00:00
2022-02-28 22:50:35 +00:00
### Changes
2022-02-25 08:44:16 +00:00
- Fix a bug were the same IP could be assigned to multiple hosts if joined in quick succession [#346 ](https://github.com/juanfont/headscale/pull/346 )
2022-02-28 22:11:31 +00:00
- Simplify the code behind registration of machines [#366 ](https://github.com/juanfont/headscale/pull/366 )
- Nodes are now only written to database if they are registrated successfully
2022-03-01 21:50:22 +00:00
- Fix a limitation in the ACLs that prevented users to write rules with `*` as source [#374 ](https://github.com/juanfont/headscale/issues/374 )
2022-03-02 08:15:21 +00:00
- Reduce the overhead of marshal/unmarshal for Hostinfo, routes and endpoints by using specific types in Machine [#371 ](https://github.com/juanfont/headscale/pull/371 )
2022-03-07 22:14:39 +00:00
- Apply normalization function to FQDN on hostnames when hosts registers and retrieve informations [#363 ](https://github.com/juanfont/headscale/issues/363 )
2022-03-18 08:34:18 +00:00
- Fix a bug that prevented the use of `tailscale logout` with OIDC [#508 ](https://github.com/juanfont/headscale/issues/508 )
2022-03-20 11:36:30 +00:00
- Added Tailscale repo HEAD and unstable releases channel to the integration tests targets [#513 ](https://github.com/juanfont/headscale/pull/513 )
2022-02-25 08:44:16 +00:00
2022-02-28 22:50:35 +00:00
## 0.14.0 (2022-02-24)
2022-02-20 19:47:12 +00:00
2022-02-28 22:50:35 +00:00
**UPCOMING ### BREAKING
From the **next\*\* version (`0.15.0`), all machines will be able to communicate regardless of
2022-02-21 15:06:20 +00:00
if they are in the same namespace. This means that the behaviour currently limited to ACLs
will become default. From version `0.15.0` , all limitation of communications must be done
2022-02-20 19:47:12 +00:00
with ACLs.
This is a part of aligning `headscale` 's behaviour with Tailscale's upstream behaviour.
2022-02-28 22:50:35 +00:00
### BREAKING
2022-02-14 13:02:18 +00:00
2022-02-20 19:47:12 +00:00
- ACLs have been rewritten to align with the bevaviour Tailscale Control Panel provides. **NOTE:** This is only active if you use ACLs
- Namespaces are now treated as Users
- All machines can communicate with all machines by default
2022-02-21 15:06:20 +00:00
- Tags should now work correctly and adding a host to Headscale should now reload the rules.
2022-02-20 19:47:12 +00:00
- The documentation have a [fictional example ](docs/acls.md ) that should cover some use cases of the ACLs features
2022-02-28 22:50:35 +00:00
### Features
2022-02-21 21:44:49 +00:00
2022-02-24 11:09:05 +00:00
- Add support for configurable mTLS [docs ](docs/tls.md#configuring-mutual-tls-authentication-mtls ) [#297 ](https://github.com/juanfont/headscale/pull/297 )
2022-02-28 22:50:35 +00:00
### Changes
2022-02-22 16:18:25 +00:00
- Remove dependency on CGO (switch from CGO SQLite to pure Go) [#346 ](https://github.com/juanfont/headscale/pull/346 )
2022-02-18 18:54:27 +00:00
**0.13.0 (2022-02-18):**
2022-01-30 08:21:11 +00:00
2022-02-28 22:50:35 +00:00
### Features
2022-01-30 08:25:49 +00:00
2022-01-30 08:21:11 +00:00
- Add IPv6 support to the prefix assigned to namespaces
2022-01-25 22:11:15 +00:00
- Add API Key support
- Enable remote control of `headscale` via CLI [docs ](docs/remote-cli.md )
- Enable HTTP API (beta, subject to change)
2022-02-24 12:34:36 +00:00
- OpenID Connect users will be mapped per namespaces
- Each user will get its own namespace, created if it does not exist
- `oidc.domain_map` option has been removed
2022-08-16 08:09:28 +00:00
- `strip_email_domain` option has been added (see [config-example.yaml ](./config-example.yaml ))
2022-01-30 08:21:11 +00:00
2022-02-28 22:50:35 +00:00
### Changes
2022-01-29 14:33:54 +00:00
2022-01-30 08:25:49 +00:00
- `ip_prefix` is now superseded by `ip_prefixes` in the configuration [#208 ](https://github.com/juanfont/headscale/pull/208 )
2022-02-11 08:45:02 +00:00
- Upgrade `tailscale` (1.20.4) and other dependencies to latest [#314 ](https://github.com/juanfont/headscale/pull/314 )
2022-02-11 10:56:46 +00:00
- fix swapped machine< - > namespace labels in `/metrics` [#312 ](https://github.com/juanfont/headscale/pull/312 )
2022-02-12 20:50:17 +00:00
- remove key-value based update mechanism for namespace changes [#316 ](https://github.com/juanfont/headscale/pull/316 )
2022-01-29 14:31:42 +00:00
2022-01-29 20:04:56 +00:00
**0.12.4 (2022-01-29):**
2022-02-28 22:50:35 +00:00
### Changes
2022-01-29 20:04:56 +00:00
2022-01-29 14:31:42 +00:00
- Make gRPC Unix Socket permissions configurable [#292 ](https://github.com/juanfont/headscale/pull/292 )
- Trim whitespace before reading Private Key from file [#289 ](https://github.com/juanfont/headscale/pull/289 )
2022-01-29 14:33:12 +00:00
- Add new command to generate a private key for `headscale` [#290 ](https://github.com/juanfont/headscale/pull/290 )
2022-01-28 21:00:13 +00:00
- Fixed issue where hosts deleted from control server may be written back to the database, as long as they are connected to the control server [#278 ](https://github.com/juanfont/headscale/pull/278 )
2022-01-29 14:31:42 +00:00
2022-02-28 22:50:35 +00:00
## 0.12.3 (2022-01-13)
2022-01-13 11:42:56 +00:00
2022-02-28 22:50:35 +00:00
### Changes
2022-01-13 11:42:56 +00:00
- Added Alpine container [#270 ](https://github.com/juanfont/headscale/pull/270 )
- Minor updates in dependencies [#271 ](https://github.com/juanfont/headscale/pull/271 )
2022-02-28 22:50:35 +00:00
## 0.12.2 (2022-01-11)
2022-01-11 14:45:13 +00:00
Happy New Year!
2022-02-28 22:50:35 +00:00
### Changes
2022-01-11 14:45:13 +00:00
- Fix Docker release [#258 ](https://github.com/juanfont/headscale/pull/258 )
- Rewrite main docs [#262 ](https://github.com/juanfont/headscale/pull/262 )
- Improve Docker docs [#263 ](https://github.com/juanfont/headscale/pull/263 )
2022-02-28 22:50:35 +00:00
## 0.12.1 (2021-12-24)
2021-12-24 15:39:22 +00:00
(We are skipping 0.12.0 to correct a mishap done weeks ago with the version tagging)
2021-11-29 17:31:19 +00:00
2022-02-28 22:50:35 +00:00
### BREAKING
2021-11-29 17:31:19 +00:00
2021-11-29 17:34:41 +00:00
- Upgrade to Tailscale 1.18 [#229 ](https://github.com/juanfont/headscale/pull/229 )
- This change requires a new format for private key, private keys are now generated automatically:
1. Delete your current key
2. Restart `headscale` , a new key will be generated.
3. Restart all Tailscale clients to fetch the new key
2021-11-29 17:31:19 +00:00
2022-02-28 22:50:35 +00:00
### Changes
2021-11-29 17:34:41 +00:00
2021-11-30 09:17:21 +00:00
- Unify configuration example [#197 ](https://github.com/juanfont/headscale/pull/197 )
2021-11-29 17:31:19 +00:00
- Add stricter linting and formatting [#223 ](https://github.com/juanfont/headscale/pull/223 )
2021-11-29 19:45:31 +00:00
2022-02-28 22:50:35 +00:00
### Features
2021-11-30 09:16:09 +00:00
2021-11-30 09:17:21 +00:00
- Add gRPC and HTTP API (HTTP API is currently disabled) [#204 ](https://github.com/juanfont/headscale/pull/204 )
- Use gRPC between the CLI and the server [#206 ](https://github.com/juanfont/headscale/pull/206 ), [#212 ](https://github.com/juanfont/headscale/pull/212 )
- Beta OpenID Connect support [#126 ](https://github.com/juanfont/headscale/pull/126 ), [#227 ](https://github.com/juanfont/headscale/pull/227 )
2021-11-30 09:16:09 +00:00
2022-02-28 22:50:35 +00:00
## 0.11.0 (2021-10-25)
2021-11-29 19:45:31 +00:00
2022-02-28 22:50:35 +00:00
### BREAKING
2021-11-29 19:45:31 +00:00
- Make headscale fetch DERP map from URL and file [#196 ](https://github.com/juanfont/headscale/pull/196 )