headscale/CHANGELOG.md

259 lines
15 KiB
Markdown
Raw Normal View History

2021-11-29 17:31:19 +00:00
# CHANGELOG
2022-12-05 21:40:21 +00:00
## 0.18.x (2022-xx-xx)
### Changes
- Reworked routing and added support for subnet router failover [#1024](https://github.com/juanfont/headscale/pull/1024)
- Added an OIDC AllowGroups Configuration options and authorization check [#1041](https://github.com/juanfont/headscale/pull/1041)
- Set `db_ssl` to false by default [#1052](https://github.com/juanfont/headscale/pull/1052)
## 0.17.1 (2022-12-05)
2022-12-03 14:57:01 +00:00
### Changes
- Correct typo on macOS standalone profile link [#1028](https://github.com/juanfont/headscale/pull/1028)
- Update platform docs with Fast User Switching [#1016](https://github.com/juanfont/headscale/pull/1016)
2022-12-03 14:57:01 +00:00
## 0.17.0 (2022-11-26)
2022-08-14 21:22:41 +00:00
2022-09-11 19:37:38 +00:00
### BREAKING
- `noise.private_key_path` has been added and is required for the new noise protocol.
2022-09-11 19:37:38 +00:00
- Log level option `log_level` was moved to a distinct `log` config section and renamed to `level` [#768](https://github.com/juanfont/headscale/pull/768)
2022-11-14 16:24:06 +00:00
- Removed Alpine Linux container image [#962](https://github.com/juanfont/headscale/pull/962)
2022-09-11 19:44:28 +00:00
### Important Changes
2022-09-11 19:37:38 +00:00
2022-08-21 10:32:01 +00:00
- Added support for Tailscale TS2021 protocol [#738](https://github.com/juanfont/headscale/pull/738)
- Add experimental support for [SSH ACL](https://tailscale.com/kb/1018/acls/#tailscale-ssh) (see docs for limitations) [#847](https://github.com/juanfont/headscale/pull/847)
- Please note that this support should be considered _partially_ implemented
- SSH ACLs status:
- Support `accept` and `check` (SSH can be enabled and used for connecting and authentication)
- Rejecting connections **are not supported**, meaning that if you enable SSH, then assume that _all_ `ssh` connections **will be allowed**.
- If you decied to try this feature, please carefully managed permissions by blocking port `22` with regular ACLs or do _not_ set `--ssh` on your clients.
- We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
- This feature should be considered dangerous and it is disabled by default. Enable by setting `HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1`.
### Changes
2022-08-22 12:20:20 +00:00
- Add ability to specify config location via env var `HEADSCALE_CONFIG` [#674](https://github.com/juanfont/headscale/issues/674)
2022-09-03 10:24:22 +00:00
- Target Go 1.19 for Headscale [#778](https://github.com/juanfont/headscale/pull/778)
2022-09-03 21:19:07 +00:00
- Target Tailscale v1.30.0 to build Headscale [#780](https://github.com/juanfont/headscale/pull/780)
2022-09-04 14:23:46 +00:00
- Give a warning when running Headscale with reverse proxy improperly configured for WebSockets [#788](https://github.com/juanfont/headscale/pull/788)
- Fix subnet routers with Primary Routes [#811](https://github.com/juanfont/headscale/pull/811)
2022-09-11 19:37:38 +00:00
- Added support for JSON logs [#653](https://github.com/juanfont/headscale/issues/653)
- Sanitise the node key passed to registration url [#823](https://github.com/juanfont/headscale/pull/823)
2022-09-23 08:13:48 +00:00
- Add support for generating pre-auth keys with tags [#767](https://github.com/juanfont/headscale/pull/767)
2022-09-23 08:08:59 +00:00
- Add support for evaluating `autoApprovers` ACL entries when a machine is registered [#763](https://github.com/juanfont/headscale/pull/763)
- Add config flag to allow Headscale to start if OIDC provider is down [#829](https://github.com/juanfont/headscale/pull/829)
- Fix prefix length comparison bug in AutoApprovers route evaluation [#862](https://github.com/juanfont/headscale/pull/862)
- Random node DNS suffix only applied if names collide in namespace. [#766](https://github.com/juanfont/headscale/issues/766)
- Remove `ip_prefix` configuration option and warning [#899](https://github.com/juanfont/headscale/pull/899)
- Add `dns_config.override_local_dns` option [#905](https://github.com/juanfont/headscale/pull/905)
- Fix some DNS config issues [#660](https://github.com/juanfont/headscale/issues/660)
2022-11-04 10:26:33 +00:00
- Make it possible to disable TS2019 with build flag [#928](https://github.com/juanfont/headscale/pull/928)
2022-11-15 14:41:46 +00:00
- Fix OIDC registration issues [#960](https://github.com/juanfont/headscale/pull/960) and [#971](https://github.com/juanfont/headscale/pull/971)
2022-11-07 20:10:06 +00:00
- Add support for specifying NextDNS DNS-over-HTTPS resolver [#940](https://github.com/juanfont/headscale/pull/940)
2022-11-24 14:33:19 +00:00
- Make more sslmode available for postgresql connection [#927](https://github.com/juanfont/headscale/pull/927)
2022-08-21 10:32:01 +00:00
2022-08-21 08:51:58 +00:00
## 0.16.4 (2022-08-21)
### Changes
2022-08-16 08:09:28 +00:00
- Add ability to connect to PostgreSQL over TLS/SSL [#745](https://github.com/juanfont/headscale/pull/745)
- Fix CLI registration of expired machines [#754](https://github.com/juanfont/headscale/pull/754)
2022-08-16 08:09:28 +00:00
2022-08-17 15:08:29 +00:00
## 0.16.3 (2022-08-17)
### Changes
- Fix issue with OIDC authentication [#747](https://github.com/juanfont/headscale/pull/747)
2022-08-14 21:22:41 +00:00
## 0.16.2 (2022-08-14)
### Changes
- Fixed bugs in the client registration process after migration to NodeKey [#735](https://github.com/juanfont/headscale/pull/735)
## 0.16.1 (2022-08-12)
### Changes
2022-07-25 08:35:21 +00:00
2022-08-10 09:04:42 +00:00
- Updated dependencies (including the library that lacked armhf support) [#722](https://github.com/juanfont/headscale/pull/722)
2022-08-04 08:51:06 +00:00
- Fix missing group expansion in function `excludeCorretlyTaggedNodes` [#563](https://github.com/juanfont/headscale/issues/563)
2022-08-12 07:31:11 +00:00
- Improve registration protocol implementation and switch to NodeKey as main identifier [#725](https://github.com/juanfont/headscale/pull/725)
- Add ability to connect to PostgreSQL via unix socket [#734](https://github.com/juanfont/headscale/pull/734)
2022-08-04 08:51:06 +00:00
2022-07-25 08:35:21 +00:00
## 0.16.0 (2022-07-25)
**Note:** Take a backup of your database before upgrading.
2022-06-08 16:12:56 +00:00
### BREAKING
- Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check [the new syntax](https://tailscale.com/kb/1018/acls/).
### Changes
2022-04-07 18:21:26 +00:00
2022-06-03 17:35:47 +00:00
- **Drop** armhf (32-bit ARM) support. [#609](https://github.com/juanfont/headscale/pull/609)
2022-04-06 21:41:13 +00:00
- Headscale fails to serve if the ACL policy file cannot be parsed [#537](https://github.com/juanfont/headscale/pull/537)
- Fix labels cardinality error when registering unknown pre-auth key [#519](https://github.com/juanfont/headscale/pull/519)
2022-04-10 20:47:35 +00:00
- Fix send on closed channel crash in polling [#542](https://github.com/juanfont/headscale/pull/542)
2022-04-30 14:50:55 +00:00
- Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes [#566](https://github.com/juanfont/headscale/pull/566)
2022-05-01 13:47:34 +00:00
- Add command for moving nodes between namespaces [#362](https://github.com/juanfont/headscale/issues/362)
- Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
2022-05-13 09:51:31 +00:00
- Add command to set tags on a node [#525](https://github.com/juanfont/headscale/issues/525)
- Add command to view tags of nodes [#356](https://github.com/juanfont/headscale/issues/356)
2022-05-14 12:36:04 +00:00
- Add --all (-a) flag to enable routes command [#360](https://github.com/juanfont/headscale/issues/360)
2022-05-30 11:27:57 +00:00
- Fix issue where nodes was not updated across namespaces [#560](https://github.com/juanfont/headscale/pull/560)
- Add the ability to rename a nodes name [#560](https://github.com/juanfont/headscale/pull/560)
- Node DNS names are now unique, a random suffix will be added when a node joins
- This change contains database changes, remember to **backup** your database before upgrading
2022-05-30 12:57:49 +00:00
- Add option to enable/disable logtail (Tailscale's logging infrastructure) [#596](https://github.com/juanfont/headscale/pull/596)
- This change disables the logs by default
2022-05-31 07:42:50 +00:00
- Use [Prometheus]'s duration parser, supporting days (`d`), weeks (`w`) and years (`y`) [#598](https://github.com/juanfont/headscale/pull/598)
2022-05-31 12:30:11 +00:00
- Add support for reloading ACLs with SIGHUP [#601](https://github.com/juanfont/headscale/pull/601)
2022-06-08 16:12:56 +00:00
- Use new ACL syntax [#618](https://github.com/juanfont/headscale/pull/618)
2022-06-05 15:15:21 +00:00
- Add -c option to specify config file from command line [#285](https://github.com/juanfont/headscale/issues/285) [#612](https://github.com/juanfont/headscale/pull/601)
2022-06-11 12:49:17 +00:00
- Add configuration option to allow Tailscale clients to use a random WireGuard port. [kb/1181/firewalls](https://tailscale.com/kb/1181/firewalls) [#624](https://github.com/juanfont/headscale/pull/624)
2022-06-12 13:18:49 +00:00
- Improve obtuse UX regarding missing configuration (`ephemeral_node_inactivity_timeout` not set) [#639](https://github.com/juanfont/headscale/pull/639)
2022-06-26 07:30:16 +00:00
- Fix nodes being shown as 'offline' in `tailscale status` [#648](https://github.com/juanfont/headscale/pull/648)
2022-06-26 07:29:33 +00:00
- Improve shutdown behaviour [#651](https://github.com/juanfont/headscale/pull/651)
2022-07-19 12:45:23 +00:00
- Drop Gin as web framework in Headscale [648](https://github.com/juanfont/headscale/pull/648) [677](https://github.com/juanfont/headscale/pull/677)
- Make tailnet node updates check interval configurable [#675](https://github.com/juanfont/headscale/pull/675)
2022-07-21 21:59:44 +00:00
- Fix regression with HTTP API [#684](https://github.com/juanfont/headscale/pull/684)
2022-07-22 20:47:37 +00:00
- nodes ls now print both Hostname and Name(Issue [#647](https://github.com/juanfont/headscale/issues/647) PR [#687](https://github.com/juanfont/headscale/pull/687))
2022-03-20 12:36:25 +00:00
## 0.15.0 (2022-03-20)
2021-12-24 15:46:04 +00:00
2022-02-28 22:50:35 +00:00
**Note:** Take a backup of your database before upgrading.
### BREAKING
2022-02-25 09:30:58 +00:00
- Boundaries between Namespaces has been removed and all nodes can communicate by default [#357](https://github.com/juanfont/headscale/pull/357)
- To limit access between nodes, use [ACLs](./docs/acls.md).
2022-03-02 12:22:29 +00:00
- `/metrics` is now a configurable host:port endpoint: [#344](https://github.com/juanfont/headscale/pull/344). You must update your `config.yaml` file to include:
```yaml
metrics_listen_addr: 127.0.0.1:9090
```
2022-02-25 09:30:58 +00:00
### Features
2022-02-27 08:08:29 +00:00
- Add support for writing ACL files with YAML [#359](https://github.com/juanfont/headscale/pull/359)
2022-03-01 20:16:33 +00:00
- Users can now use emails in ACL's groups [#372](https://github.com/juanfont/headscale/issues/372)
2022-03-02 09:53:07 +00:00
- Add shorthand aliases for commands and subcommands [#376](https://github.com/juanfont/headscale/pull/376)
2022-03-04 09:52:42 +00:00
- Add `/windows` endpoint for Windows configuration instructions + registry file download [#392](https://github.com/juanfont/headscale/pull/392)
2022-03-20 11:36:30 +00:00
- Added embedded DERP (and STUN) server into Headscale [#388](https://github.com/juanfont/headscale/pull/388)
2022-02-27 08:08:29 +00:00
2022-02-28 22:50:35 +00:00
### Changes
2022-02-25 08:44:16 +00:00
- Fix a bug were the same IP could be assigned to multiple hosts if joined in quick succession [#346](https://github.com/juanfont/headscale/pull/346)
2022-02-28 22:11:31 +00:00
- Simplify the code behind registration of machines [#366](https://github.com/juanfont/headscale/pull/366)
- Nodes are now only written to database if they are registrated successfully
2022-03-01 21:50:22 +00:00
- Fix a limitation in the ACLs that prevented users to write rules with `*` as source [#374](https://github.com/juanfont/headscale/issues/374)
2022-03-02 08:15:21 +00:00
- Reduce the overhead of marshal/unmarshal for Hostinfo, routes and endpoints by using specific types in Machine [#371](https://github.com/juanfont/headscale/pull/371)
2022-03-07 22:14:39 +00:00
- Apply normalization function to FQDN on hostnames when hosts registers and retrieve informations [#363](https://github.com/juanfont/headscale/issues/363)
2022-03-18 08:34:18 +00:00
- Fix a bug that prevented the use of `tailscale logout` with OIDC [#508](https://github.com/juanfont/headscale/issues/508)
2022-03-20 11:36:30 +00:00
- Added Tailscale repo HEAD and unstable releases channel to the integration tests targets [#513](https://github.com/juanfont/headscale/pull/513)
2022-02-25 08:44:16 +00:00
2022-02-28 22:50:35 +00:00
## 0.14.0 (2022-02-24)
2022-02-28 22:50:35 +00:00
**UPCOMING ### BREAKING
From the **next\*\* version (`0.15.0`), all machines will be able to communicate regardless of
2022-02-21 15:06:20 +00:00
if they are in the same namespace. This means that the behaviour currently limited to ACLs
will become default. From version `0.15.0`, all limitation of communications must be done
with ACLs.
This is a part of aligning `headscale`'s behaviour with Tailscale's upstream behaviour.
2022-02-28 22:50:35 +00:00
### BREAKING
2022-02-14 13:02:18 +00:00
- ACLs have been rewritten to align with the bevaviour Tailscale Control Panel provides. **NOTE:** This is only active if you use ACLs
- Namespaces are now treated as Users
- All machines can communicate with all machines by default
2022-02-21 15:06:20 +00:00
- Tags should now work correctly and adding a host to Headscale should now reload the rules.
- The documentation have a [fictional example](docs/acls.md) that should cover some use cases of the ACLs features
2022-02-28 22:50:35 +00:00
### Features
- Add support for configurable mTLS [docs](docs/tls.md#configuring-mutual-tls-authentication-mtls) [#297](https://github.com/juanfont/headscale/pull/297)
2022-02-28 22:50:35 +00:00
### Changes
- Remove dependency on CGO (switch from CGO SQLite to pure Go) [#346](https://github.com/juanfont/headscale/pull/346)
2022-02-18 18:54:27 +00:00
**0.13.0 (2022-02-18):**
2022-01-30 08:21:11 +00:00
2022-02-28 22:50:35 +00:00
### Features
2022-01-30 08:25:49 +00:00
2022-01-30 08:21:11 +00:00
- Add IPv6 support to the prefix assigned to namespaces
2022-01-25 22:11:15 +00:00
- Add API Key support
- Enable remote control of `headscale` via CLI [docs](docs/remote-cli.md)
- Enable HTTP API (beta, subject to change)
- OpenID Connect users will be mapped per namespaces
- Each user will get its own namespace, created if it does not exist
- `oidc.domain_map` option has been removed
2022-08-16 08:09:28 +00:00
- `strip_email_domain` option has been added (see [config-example.yaml](./config-example.yaml))
2022-01-30 08:21:11 +00:00
2022-02-28 22:50:35 +00:00
### Changes
2022-01-30 08:25:49 +00:00
- `ip_prefix` is now superseded by `ip_prefixes` in the configuration [#208](https://github.com/juanfont/headscale/pull/208)
2022-02-11 08:45:02 +00:00
- Upgrade `tailscale` (1.20.4) and other dependencies to latest [#314](https://github.com/juanfont/headscale/pull/314)
2022-02-11 10:56:46 +00:00
- fix swapped machine<->namespace labels in `/metrics` [#312](https://github.com/juanfont/headscale/pull/312)
2022-02-12 20:50:17 +00:00
- remove key-value based update mechanism for namespace changes [#316](https://github.com/juanfont/headscale/pull/316)
2022-01-29 14:31:42 +00:00
2022-01-29 20:04:56 +00:00
**0.12.4 (2022-01-29):**
2022-02-28 22:50:35 +00:00
### Changes
2022-01-29 20:04:56 +00:00
2022-01-29 14:31:42 +00:00
- Make gRPC Unix Socket permissions configurable [#292](https://github.com/juanfont/headscale/pull/292)
- Trim whitespace before reading Private Key from file [#289](https://github.com/juanfont/headscale/pull/289)
2022-01-29 14:33:12 +00:00
- Add new command to generate a private key for `headscale` [#290](https://github.com/juanfont/headscale/pull/290)
2022-01-28 21:00:13 +00:00
- Fixed issue where hosts deleted from control server may be written back to the database, as long as they are connected to the control server [#278](https://github.com/juanfont/headscale/pull/278)
2022-01-29 14:31:42 +00:00
2022-02-28 22:50:35 +00:00
## 0.12.3 (2022-01-13)
2022-01-13 11:42:56 +00:00
2022-02-28 22:50:35 +00:00
### Changes
2022-01-13 11:42:56 +00:00
- Added Alpine container [#270](https://github.com/juanfont/headscale/pull/270)
- Minor updates in dependencies [#271](https://github.com/juanfont/headscale/pull/271)
2022-02-28 22:50:35 +00:00
## 0.12.2 (2022-01-11)
2022-01-11 14:45:13 +00:00
Happy New Year!
2022-02-28 22:50:35 +00:00
### Changes
2022-01-11 14:45:13 +00:00
- Fix Docker release [#258](https://github.com/juanfont/headscale/pull/258)
- Rewrite main docs [#262](https://github.com/juanfont/headscale/pull/262)
- Improve Docker docs [#263](https://github.com/juanfont/headscale/pull/263)
2022-02-28 22:50:35 +00:00
## 0.12.1 (2021-12-24)
2021-12-24 15:39:22 +00:00
(We are skipping 0.12.0 to correct a mishap done weeks ago with the version tagging)
2021-11-29 17:31:19 +00:00
2022-02-28 22:50:35 +00:00
### BREAKING
2021-11-29 17:31:19 +00:00
2021-11-29 17:34:41 +00:00
- Upgrade to Tailscale 1.18 [#229](https://github.com/juanfont/headscale/pull/229)
- This change requires a new format for private key, private keys are now generated automatically:
1. Delete your current key
2. Restart `headscale`, a new key will be generated.
3. Restart all Tailscale clients to fetch the new key
2021-11-29 17:31:19 +00:00
2022-02-28 22:50:35 +00:00
### Changes
2021-11-29 17:34:41 +00:00
2021-11-30 09:17:21 +00:00
- Unify configuration example [#197](https://github.com/juanfont/headscale/pull/197)
2021-11-29 17:31:19 +00:00
- Add stricter linting and formatting [#223](https://github.com/juanfont/headscale/pull/223)
2021-11-29 19:45:31 +00:00
2022-02-28 22:50:35 +00:00
### Features
2021-11-30 09:16:09 +00:00
2021-11-30 09:17:21 +00:00
- Add gRPC and HTTP API (HTTP API is currently disabled) [#204](https://github.com/juanfont/headscale/pull/204)
- Use gRPC between the CLI and the server [#206](https://github.com/juanfont/headscale/pull/206), [#212](https://github.com/juanfont/headscale/pull/212)
- Beta OpenID Connect support [#126](https://github.com/juanfont/headscale/pull/126), [#227](https://github.com/juanfont/headscale/pull/227)
2021-11-30 09:16:09 +00:00
2022-02-28 22:50:35 +00:00
## 0.11.0 (2021-10-25)
2021-11-29 19:45:31 +00:00
2022-02-28 22:50:35 +00:00
### BREAKING
2021-11-29 19:45:31 +00:00
- Make headscale fetch DERP map from URL and file [#196](https://github.com/juanfont/headscale/pull/196)