TheArchive/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2024-12-18 14:07:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Set title for code listings

Browse Source
This commit is contained in:
Florian Preinstorfer 2024-12-17 07:30:21 +01:00 committed by nblock
parent 0acb2b5647
commit bbc93a90a2
7 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/ref/acls.md
View File

@ -59,7 +59,7 @@ process. Headscale logs the result of ACL policy processing after each reload.
Here are the ACL's to implement the same permissions as above: Here are the ACL's to implement the same permissions as above:
```json ```json title="acl.json"
{ {
// groups are collections of users having a common scope. A user can be in multiple groups // groups are collections of users having a common scope. A user can be in multiple groups
// groups cannot be composed of groups // groups cannot be composed of groups

6
docs/ref/dns.md
View File

@ -30,7 +30,7 @@ hostname and port combination "http://hostname-in-magic-dns.myvpn.example.com:30
=== "Static entries, via `dns.extra_records`" === "Static entries, via `dns.extra_records`"
```yaml ```yaml title="config.yaml"
dns: dns:
... ...
extra_records: extra_records:
@ -48,7 +48,7 @@ hostname and port combination "http://hostname-in-magic-dns.myvpn.example.com:30
=== "Dynamic entries, via `dns.extra_records_path`" === "Dynamic entries, via `dns.extra_records_path`"
```json ```json title="extra-records.json"
[ [
{ {
"name": "grafana.myvpn.example.com", "name": "grafana.myvpn.example.com",
@ -93,7 +93,7 @@ hostname and port combination "http://hostname-in-magic-dns.myvpn.example.com:30
The motivating example here was to be able to access internal monitoring services on the same host without The motivating example here was to be able to access internal monitoring services on the same host without
specifying a port, depicted as NGINX configuration snippet: specifying a port, depicted as NGINX configuration snippet:
``` ```nginx title="nginx.conf"
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;

8
docs/ref/integration/reverse-proxy.md
View File

@ -23,7 +23,7 @@ Running headscale behind a cloudflare proxy or cloudflare tunnel is not supporte
Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file. Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file.
```yaml ```yaml title="config.yaml"
server_url: https://<YOUR_SERVER_NAME> # This should be the FQDN at which headscale will be served server_url: https://<YOUR_SERVER_NAME> # This should be the FQDN at which headscale will be served
listen_addr: 0.0.0.0:8080 listen_addr: 0.0.0.0:8080
metrics_listen_addr: 0.0.0.0:9090 metrics_listen_addr: 0.0.0.0:9090
@ -35,7 +35,7 @@ tls_key_path: ""
The following example configuration can be used in your nginx setup, substituting values as necessary. `<IP:PORT>` should be the IP address and port where headscale is running. In most cases, this will be `http://localhost:8080`. The following example configuration can be used in your nginx setup, substituting values as necessary. `<IP:PORT>` should be the IP address and port where headscale is running. In most cases, this will be `http://localhost:8080`.
```Nginx ```nginx title="nginx.conf"
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
default upgrade; default upgrade;
'' close; '' close;
@ -113,7 +113,7 @@ spec:
The following Caddyfile is all that is necessary to use Caddy as a reverse proxy for headscale, in combination with the `config.yaml` specifications above to disable headscale's built in TLS. Replace values as necessary - `<YOUR_SERVER_NAME>` should be the FQDN at which headscale will be served, and `<IP:PORT>` should be the IP address and port where headscale is running. In most cases, this will be `localhost:8080`. The following Caddyfile is all that is necessary to use Caddy as a reverse proxy for headscale, in combination with the `config.yaml` specifications above to disable headscale's built in TLS. Replace values as necessary - `<YOUR_SERVER_NAME>` should be the FQDN at which headscale will be served, and `<IP:PORT>` should be the IP address and port where headscale is running. In most cases, this will be `localhost:8080`.
``` ```none title="Caddyfile"
<YOUR_SERVER_NAME> { <YOUR_SERVER_NAME> {
reverse_proxy <IP:PORT> reverse_proxy <IP:PORT>
} }
@ -127,7 +127,7 @@ For a slightly more complex configuration which utilizes Docker containers to ma
The following minimal Apache config will proxy traffic to the headscale instance on `<IP:PORT>`. Note that `upgrade=any` is required as a parameter for `ProxyPass` so that WebSockets traffic whose `Upgrade` header value is not equal to `WebSocket` (i. e. Tailscale Control Protocol) is forwarded correctly. See the [Apache docs](https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html) for more information on this. The following minimal Apache config will proxy traffic to the headscale instance on `<IP:PORT>`. Note that `upgrade=any` is required as a parameter for `ProxyPass` so that WebSockets traffic whose `Upgrade` header value is not equal to `WebSocket` (i. e. Tailscale Control Protocol) is forwarded correctly. See the [Apache docs](https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html) for more information on this.
``` ```apache title="apache.conf"
<VirtualHost *:443> <VirtualHost *:443>
ServerName <YOUR_SERVER_NAME> ServerName <YOUR_SERVER_NAME>

8
docs/ref/oidc.md
View File

@ -11,7 +11,7 @@ Known limitations:
In your `config.yaml`, customize this to your liking: In your `config.yaml`, customize this to your liking:
```yaml ```yaml title="config.yaml"
oidc: oidc:
# Block further startup until the OIDC provider is healthy and available # Block further startup until the OIDC provider is healthy and available
only_start_if_oidc_is_available: true only_start_if_oidc_is_available: true
@ -56,7 +56,7 @@ oidc:
In order to integrate headscale with Azure Active Directory, we'll need to provision an App Registration with the correct scopes and redirect URI. Here with Terraform: In order to integrate headscale with Azure Active Directory, we'll need to provision an App Registration with the correct scopes and redirect URI. Here with Terraform:
```hcl ```hcl title="terraform.hcl"
resource "azuread_application" "headscale" { resource "azuread_application" "headscale" {
display_name = "Headscale" display_name = "Headscale"
@ -127,7 +127,7 @@ output "headscale_client_secret" {
And in your headscale `config.yaml`: And in your headscale `config.yaml`:
```yaml ```yaml title="config.yaml"
oidc: oidc:
issuer: "https://login.microsoftonline.com/<tenant-UUID>/v2.0" issuer: "https://login.microsoftonline.com/<tenant-UUID>/v2.0"
client_id: "<client-id-from-terraform>" client_id: "<client-id-from-terraform>"
@ -162,7 +162,7 @@ However if you don't have a domain, or need to add users outside of your domain,
8. Click `Save` at the bottom of the form 8. Click `Save` at the bottom of the form
9. Take note of the `Client ID` and `Client secret`, you can also download it for reference if you need it. 9. Take note of the `Client ID` and `Client secret`, you can also download it for reference if you need it.
10. Edit your headscale config, under `oidc`, filling in your `client_id` and `client_secret`: 10. Edit your headscale config, under `oidc`, filling in your `client_id` and `client_secret`:
```yaml ```yaml title="config.yaml"
oidc: oidc:
issuer: "https://accounts.google.com" issuer: "https://accounts.google.com"
client_id: "" client_id: ""

2
docs/ref/remote-cli.md
View File

@ -54,7 +54,7 @@ headscale apikeys expire --prefix "<PREFIX>"
=== "Minimal YAML configuration file" === "Minimal YAML configuration file"
```yaml ```yaml title="config.yaml"
cli: cli:
address: <HEADSCALE_ADDRESS>:<PORT> address: <HEADSCALE_ADDRESS>:<PORT>
api_key: <API_KEY_FROM_PREVIOUS_STEP> api_key: <API_KEY_FROM_PREVIOUS_STEP>

4
docs/ref/tls.md
View File

@ -4,7 +4,7 @@
Headscale can be configured to expose its web service via TLS. To configure the certificate and key file manually, set the `tls_cert_path` and `tls_cert_path` configuration parameters. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from. Headscale can be configured to expose its web service via TLS. To configure the certificate and key file manually, set the `tls_cert_path` and `tls_cert_path` configuration parameters. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.
```yaml ```yaml title="config.yaml"
tls_cert_path: "" tls_cert_path: ""
tls_key_path: "" tls_key_path: ""
``` ```
@ -15,7 +15,7 @@ The certificate should contain the full chain, else some clients, like the Tails
To get a certificate automatically via [Let's Encrypt](https://letsencrypt.org/), set `tls_letsencrypt_hostname` to the desired certificate hostname. This name must resolve to the IP address(es) headscale is reachable on (i.e., it must correspond to the `server_url` configuration parameter). The certificate and Let's Encrypt account credentials will be stored in the directory configured in `tls_letsencrypt_cache_dir`. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from. To get a certificate automatically via [Let's Encrypt](https://letsencrypt.org/), set `tls_letsencrypt_hostname` to the desired certificate hostname. This name must resolve to the IP address(es) headscale is reachable on (i.e., it must correspond to the `server_url` configuration parameter). The certificate and Let's Encrypt account credentials will be stored in the directory configured in `tls_letsencrypt_cache_dir`. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.
```yaml ```yaml title="config.yaml"
tls_letsencrypt_hostname: "" tls_letsencrypt_hostname: ""
tls_letsencrypt_listen: ":http" tls_letsencrypt_listen: ":http"
tls_letsencrypt_cache_dir: ".cache" tls_letsencrypt_cache_dir: ".cache"

2
docs/setup/install/official.md
View File

@ -94,7 +94,7 @@ systemd.
1. In `/etc/headscale/config.yaml`, override the default `headscale` unix socket with a path that is writable by the 1. In `/etc/headscale/config.yaml`, override the default `headscale` unix socket with a path that is writable by the
`headscale` user or group: `headscale` user or group:
```yaml ```yaml title="config.yaml"
unix_socket: /var/run/headscale/headscale.sock unix_socket: /var/run/headscale/headscale.sock
``` ```