From 8fd471ce5748d2129dba584b4fa14b0d29229299 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Thu, 14 Nov 2024 09:44:16 -0800 Subject: [PATCH] control/controlclient: disable https on for http://localhost:$port URLs Previously we required the program to be running in a test or have TS_CONTROL_IS_PLAINTEXT_HTTP before we disabled its https fallback on "http" schema control URLs to localhost with ports. But nobody accidentally does all three of "http", explicit port number, localhost and doesn't mean it. And when they mean it, they're testing a localhost dev control server (like I was) and don't want 443 getting involved. As of the changes for #13597, this became more annoying in that we were trying to use a port which wasn't even available. Updates #13597 Change-Id: Icd00bca56043d2da58ab31de7aa05a3b269c490f Signed-off-by: Brad Fitzpatrick --- control/controlclient/noise.go | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/control/controlclient/noise.go b/control/controlclient/noise.go index 3994af056..2e7c70fd1 100644 --- a/control/controlclient/noise.go +++ b/control/controlclient/noise.go @@ -17,7 +17,6 @@ "golang.org/x/net/http2" "tailscale.com/control/controlhttp" - "tailscale.com/envknob" "tailscale.com/health" "tailscale.com/internal/noiseconn" "tailscale.com/net/dnscache" @@ -30,7 +29,6 @@ "tailscale.com/util/mak" "tailscale.com/util/multierr" "tailscale.com/util/singleflight" - "tailscale.com/util/testenv" ) // NoiseClient provides a http.Client to connect to tailcontrol over @@ -107,11 +105,6 @@ type NoiseOpts struct { DialPlan func() *tailcfg.ControlDialPlan } -// controlIsPlaintext is whether we should assume that the controlplane is only accessible -// over plaintext HTTP (as the first hop, before the ts2021 encryption begins). -// This is used by some tests which don't have a real TLS certificate. -var controlIsPlaintext = envknob.RegisterBool("TS_CONTROL_IS_PLAINTEXT_HTTP") - // NewNoiseClient returns a new noiseClient for the provided server and machine key. // serverURL is of the form https://: (no trailing slash). // @@ -129,7 +122,7 @@ func NewNoiseClient(opts NoiseOpts) (*NoiseClient, error) { if u.Scheme == "http" { httpPort = port httpsPort = "443" - if (testenv.InTest() || controlIsPlaintext()) && (u.Hostname() == "127.0.0.1" || u.Hostname() == "localhost") { + if u.Hostname() == "127.0.0.1" || u.Hostname() == "localhost" { httpsPort = "" } } else {