diff --git a/hscontrol/app.go b/hscontrol/app.go index e67cadc0..dec14a38 100644 --- a/hscontrol/app.go +++ b/hscontrol/app.go @@ -807,13 +807,13 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) { } switch h.cfg.TLS.LetsEncrypt.ChallengeType { - case types.TlsALPN01ChallengeType: + case types.TLSALPN01ChallengeType: // Configuration via autocert with TLS-ALPN-01 (https://tools.ietf.org/html/rfc8737) // The RFC requires that the validation is done on port 443; in other words, headscale // must be reachable on port 443. return certManager.TLSConfig(), nil - case types.Http01ChallengeType: + case types.HTTP01ChallengeType: // Configuration via autocert with HTTP-01. This requires listening on // port 80 for the certificate validation in addition to the headscale // service, which can be configured to run on any other port. diff --git a/hscontrol/types/config.go b/hscontrol/types/config.go index dbbb0bed..c5a9adb1 100644 --- a/hscontrol/types/config.go +++ b/hscontrol/types/config.go @@ -159,7 +159,7 @@ func LoadConfig(path string, isFile bool) error { viper.AutomaticEnv() viper.SetDefault("tls_letsencrypt_cache_dir", "/var/www/.cache") - viper.SetDefault("tls_letsencrypt_challenge_type", Http01ChallengeType) + viper.SetDefault("tls_letsencrypt_challenge_type", HTTP01ChallengeType) viper.SetDefault("log.level", "info") viper.SetDefault("log.format", TextLogFormat) @@ -216,15 +216,15 @@ func LoadConfig(path string, isFile bool) error { } if (viper.GetString("tls_letsencrypt_hostname") != "") && - (viper.GetString("tls_letsencrypt_challenge_type") == TlsALPN01ChallengeType) && + (viper.GetString("tls_letsencrypt_challenge_type") == TLSALPN01ChallengeType) && (!strings.HasSuffix(viper.GetString("listen_addr"), ":443")) { // this is only a warning because there could be something sitting in front of headscale that redirects the traffic (e.g. an iptables rule) log.Warn(). Msg("Warning: when using tls_letsencrypt_hostname with TLS-ALPN-01 as challenge type, headscale must be reachable on port 443, i.e. listen_addr should probably end in :443") } - if (viper.GetString("tls_letsencrypt_challenge_type") != Http01ChallengeType) && - (viper.GetString("tls_letsencrypt_challenge_type") != TlsALPN01ChallengeType) { + if (viper.GetString("tls_letsencrypt_challenge_type") != HTTP01ChallengeType) && + (viper.GetString("tls_letsencrypt_challenge_type") != TLSALPN01ChallengeType) { errorText += "Fatal config error: the only supported values for tls_letsencrypt_challenge_type are HTTP-01 and TLS-ALPN-01\n" } diff --git a/hscontrol/types/const.go b/hscontrol/types/const.go index 3a733ea9..e718eb2e 100644 --- a/hscontrol/types/const.go +++ b/hscontrol/types/const.go @@ -5,8 +5,8 @@ import "time" const ( HTTPReadTimeout = 30 * time.Second HTTPShutdownTimeout = 3 * time.Second - TlsALPN01ChallengeType = "TLS-ALPN-01" - Http01ChallengeType = "HTTP-01" + TLSALPN01ChallengeType = "TLS-ALPN-01" + HTTP01ChallengeType = "HTTP-01" JSONLogFormat = "json" TextLogFormat = "text"