derp,magicsock: add debug envknobs for HTTP and derp server name (#7744)

Make developing derp easier by: 1. Creating an envknob telling clients to use HTTP to connect to derp servers, so devs don't have to acquire a valid TLS cert. 2. Creating an envknob telling clients which derp server to connect to, so devs don't have to edit the ACLs in the admin console to add a custom DERP map. 3. Explaining how the -dev and -a command lines args to derper interact. To use this: 1. Run derper with -dev. 2. Run tailscaled with TS_DEBUG_USE_DERP_HTTP=1 and TS_DEBUG_USE_DERP_ADDR=localhost This will result in the client connecting to derp via HTTP on port 3340. Fixes #7700 Signed-off-by: Val <valerie@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2023-04-04 17:10:50 -07:00
parent f475e5550c
commit 7bfb7744b7
5 changed files with 49 additions and 6 deletions
--- a/derp/derphttp/derphttp_client.go
+++ b/derp/derphttp/derphttp_client.go
@@ -174,6 +174,10 @@ func urlPort(u *url.URL) string {
 	return ""
 }

+// debugDERPUseHTTP tells clients to connect to DERP via HTTP on port
+// 3340 instead of HTTPS on 443.
+var debugUseDERPHTTP = envknob.RegisterBool("TS_DEBUG_USE_DERP_HTTP")
+
 func (c *Client) targetString(reg *tailcfg.DERPRegion) string {
 	if c.url != nil {
 		return c.url.String()
@@ -185,6 +189,10 @@ func (c *Client) useHTTPS() bool {
 	if c.url != nil && c.url.Scheme == "http" {
 		return false
 	}
+	if debugUseDERPHTTP() {
+		return false
+	}
+
 	return true
 }

@@ -200,7 +208,11 @@ func (c *Client) urlString(node *tailcfg.DERPNode) string {
 	if c.url != nil {
 		return c.url.String()
 	}
-	return fmt.Sprintf("https://%s/derp", node.HostName)
+	proto := "https"
+	if debugUseDERPHTTP() {
+		proto = "http"
+	}
+	return fmt.Sprintf("%s://%s/derp", proto, node.HostName)
 }

 // AddressFamilySelector decides whether IPv6 is preferred for