Update reverse-proxy.md (#1986)

Add blurb about how cloudflare proxy/tunnels is not supported/will not work
This commit is contained in:
Kyhwana Pardus 2024-06-23 10:47:26 +12:00 committed by GitHub
parent dfc089ed6a
commit 99e91a9d8a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -15,6 +15,10 @@ The reverse proxy MUST be configured to support WebSockets, as it is needed for
WebSockets support is required when using the headscale embedded DERP server. In this case, you will also need to expose the UDP port used for STUN (by default, udp/3478). Please check our [config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml). WebSockets support is required when using the headscale embedded DERP server. In this case, you will also need to expose the UDP port used for STUN (by default, udp/3478). Please check our [config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml).
### Cloudflare
Running headscale behind a cloudflare proxy or cloudflare tunnel is not supported and will not work as Cloudflare does not support WebSocket POSTs as required by the Tailscale protocol. See [this issue](https://github.com/juanfont/headscale/issues/1468)
### TLS ### TLS
Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file. Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file.