TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-12-29 23:33:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/tailscale,ipn: add Unix socket support for serve

Browse Source 
Based on PR #16700 by @lox, adapted to current codebase.

Adds support for proxying HTTP requests to Unix domain sockets via
tailscale serve unix:/path/to/socket, enabling exposure of services
like Docker, containerd, PHP-FPM over Tailscale without TCP bridging.

The implementation includes reasonable protections against exposure of
tailscaled's own socket.

Adaptations from original PR:
- Use net.Dialer.DialContext instead of net.Dial for context propagation
- Use http.Transport with Protocols API (current h2c approach, not http2.Transport)
- Resolve conflicts with hasScheme variable in ExpandProxyTargetValue

Updates #9771

Signed-off-by: Peter A. <ink.splatters@pm.me>
Co-authored-by: Lachlan Donald <lachlan@ljd.cc>
This commit is contained in:
Peter A.
2025-11-28 23:39:41 +01:00
committed by Brad Fitzpatrick
parent 557457f3c2
commit f4d34f38be
8 changed files with 482 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tsd/tsd.go
View File

@@ -68,6 +68,10 @@ type System struct {
// LocalBackend tracks the current config after any reloads.
InitialConfig *conffile.Config
// SocketPath is the path to the tailscaled Unix socket.
// It is used to prevent serve from proxying to our own socket.
SocketPath string
// onlyNetstack is whether the Tun value is a fake TUN device
// and we're using netstack for everything.
onlyNetstack bool