mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 04:55:31 +00:00
control/controlclient: disable https on for http://localhost:$port URLs
Previously we required the program to be running in a test or have TS_CONTROL_IS_PLAINTEXT_HTTP before we disabled its https fallback on "http" schema control URLs to localhost with ports. But nobody accidentally does all three of "http", explicit port number, localhost and doesn't mean it. And when they mean it, they're testing a localhost dev control server (like I was) and don't want 443 getting involved. As of the changes for #13597, this became more annoying in that we were trying to use a port which wasn't even available. Updates #13597 Change-Id: Icd00bca56043d2da58ab31de7aa05a3b269c490f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
parent
e73cfd9700
commit
8fd471ce57
@ -17,7 +17,6 @@
|
|||||||
|
|
||||||
"golang.org/x/net/http2"
|
"golang.org/x/net/http2"
|
||||||
"tailscale.com/control/controlhttp"
|
"tailscale.com/control/controlhttp"
|
||||||
"tailscale.com/envknob"
|
|
||||||
"tailscale.com/health"
|
"tailscale.com/health"
|
||||||
"tailscale.com/internal/noiseconn"
|
"tailscale.com/internal/noiseconn"
|
||||||
"tailscale.com/net/dnscache"
|
"tailscale.com/net/dnscache"
|
||||||
@ -30,7 +29,6 @@
|
|||||||
"tailscale.com/util/mak"
|
"tailscale.com/util/mak"
|
||||||
"tailscale.com/util/multierr"
|
"tailscale.com/util/multierr"
|
||||||
"tailscale.com/util/singleflight"
|
"tailscale.com/util/singleflight"
|
||||||
"tailscale.com/util/testenv"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// NoiseClient provides a http.Client to connect to tailcontrol over
|
// NoiseClient provides a http.Client to connect to tailcontrol over
|
||||||
@ -107,11 +105,6 @@ type NoiseOpts struct {
|
|||||||
DialPlan func() *tailcfg.ControlDialPlan
|
DialPlan func() *tailcfg.ControlDialPlan
|
||||||
}
|
}
|
||||||
|
|
||||||
// controlIsPlaintext is whether we should assume that the controlplane is only accessible
|
|
||||||
// over plaintext HTTP (as the first hop, before the ts2021 encryption begins).
|
|
||||||
// This is used by some tests which don't have a real TLS certificate.
|
|
||||||
var controlIsPlaintext = envknob.RegisterBool("TS_CONTROL_IS_PLAINTEXT_HTTP")
|
|
||||||
|
|
||||||
// NewNoiseClient returns a new noiseClient for the provided server and machine key.
|
// NewNoiseClient returns a new noiseClient for the provided server and machine key.
|
||||||
// serverURL is of the form https://<host>:<port> (no trailing slash).
|
// serverURL is of the form https://<host>:<port> (no trailing slash).
|
||||||
//
|
//
|
||||||
@ -129,7 +122,7 @@ func NewNoiseClient(opts NoiseOpts) (*NoiseClient, error) {
|
|||||||
if u.Scheme == "http" {
|
if u.Scheme == "http" {
|
||||||
httpPort = port
|
httpPort = port
|
||||||
httpsPort = "443"
|
httpsPort = "443"
|
||||||
if (testenv.InTest() || controlIsPlaintext()) && (u.Hostname() == "127.0.0.1" || u.Hostname() == "localhost") {
|
if u.Hostname() == "127.0.0.1" || u.Hostname() == "localhost" {
|
||||||
httpsPort = ""
|
httpsPort = ""
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
Loading…
Reference in New Issue
Block a user