package hscontrol import ( "context" "fmt" "net/http" "os" "github.com/tailscale/tailsql/server/tailsql" "tailscale.com/tsnet" "tailscale.com/tsweb" "tailscale.com/types/logger" ) func runTailSQLService(ctx context.Context, logf logger.Logf, stateDir, dbPath string) error { opts := tailsql.Options{ Hostname: "tailsql-headscale", StateDir: stateDir, Sources: []tailsql.DBSpec{ { Source: "headscale", Label: "headscale - sqlite", Driver: "sqlite", URL: fmt.Sprintf("file:%s?mode=ro", dbPath), Named: map[string]string{ "schema": `select * from sqlite_schema`, }, }, }, } tsNode := &tsnet.Server{ Dir: os.ExpandEnv(opts.StateDir), Hostname: opts.Hostname, Logf: logger.Discard, } // if *doDebugLog { // tsNode.Logf = logf // } defer tsNode.Close() logf("Starting tailscale (hostname=%q)", opts.Hostname) lc, err := tsNode.LocalClient() if err != nil { return fmt.Errorf("connect local client: %w", err) } opts.LocalClient = lc // for authentication // Make sure the Tailscale node starts up. It might not, if it is a new node // and the user did not provide an auth key. if st, err := tsNode.Up(ctx); err != nil { return fmt.Errorf("starting tailscale: %w", err) } else { logf("tailscale started, node state %q", st.BackendState) } // Reaching here, we have a running Tailscale node, now we can set up the // HTTP and/or HTTPS plumbing for TailSQL itself. tsql, err := tailsql.NewServer(opts) if err != nil { return fmt.Errorf("creating tailsql server: %w", err) } lst, err := tsNode.Listen("tcp", ":80") if err != nil { return fmt.Errorf("listen port 80: %w", err) } if opts.ServeHTTPS { // When serving TLS, add a redirect from HTTP on port 80 to HTTPS on 443. certDomains := tsNode.CertDomains() if len(certDomains) == 0 { return fmt.Errorf("no cert domains available for HTTPS") } base := "https://" + certDomains[0] go http.Serve(lst, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { target := base + r.RequestURI http.Redirect(w, r, target, http.StatusPermanentRedirect) })) // log.Printf("Redirecting HTTP to HTTPS at %q", base) // For the real service, start a separate listener. // Note: Replaces the port 80 listener. var err error lst, err = tsNode.ListenTLS("tcp", ":443") if err != nil { return fmt.Errorf("listen TLS: %w", err) } logf("enabled serving via HTTPS") } mux := tsql.NewMux() tsweb.Debugger(mux) go http.Serve(lst, mux) logf("ailSQL started") <-ctx.Done() logf("TailSQL shutting down...") return tsNode.Close() }