shayne
4471e403aa
ipn/ipnlocal: [serve] listen on all-interfaces for macOS sandboxed ( #6771 )
...
On macOS (AppStore and macsys), we need to bind to ""/all-interfaces
due to the network sandbox. Ideally we would only bind to the
Tailscale interface, but macOS errors out if we try to
to listen on privileged ports binding only to a specific
interface.
We also implement the lc.Control hook, same as we do for
peerapi. It doesn't solve our problem but it's better that
we do and would likely be required when Apple gets around to
fixing per-interface priviliged port binding.
Fixes : #6364
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2023-01-20 13:40:56 -05:00
Anton Tolchanov
82b9689e25
ipn/ipnlocal: maintain a proxy handler per backend ( #6804 )
...
By default, `http.Transport` keeps idle connections open hoping to re-use them in the future. Combined with a separate transport per request in HTTP proxy this results in idle connection leak.
Fixes #6773
2022-12-21 18:36:58 +00:00
shayne
a97369f097
cmd/tailscale/cli: flesh out serve CLI and tests ( #6304 )
...
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2022-11-17 16:09:43 -05:00
Brad Fitzpatrick
3114eacbb8
ipn/ipnlocal: don't warn about serve listener failing on IPv6-less machines
...
Fixes #6303
Change-Id: Ie1ce12938f68dfa0533246bbe3b9d7f3e749a243
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-13 10:11:25 -08:00
shayne
74e892cbc2
ipn/ipnlocal: listen to serve ports on netmap addrs ( #6282 )
...
Updates tailscale/corp#7515
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2022-11-11 21:46:26 -05:00
Brad Fitzpatrick
c9d6a9cb4d
ipn/ipnlocal: add optional TLS termination on proxied TCP connections
...
Updates tailscale/corp#7515
Change-Id: Ib250fa20275971563adccfa72db48e0cec02b7a5
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 21:35:16 -08:00
shayne
e3a66e4d2f
ipn/localapi: introduce get/set config for serve ( #6243 )
...
Updates tailscale/corp#7515
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2022-11-10 22:58:40 -05:00
Brad Fitzpatrick
7b5866ac0a
ipn/ipnlocal: support serving files/directories too
...
Updates tailscale/corp#7515
Change-Id: I7b4c924005274ba57763264313d70d2a0c55da30
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 18:09:35 -08:00
Brad Fitzpatrick
d7bfef12cf
ipn/ipnlocal: support https+insecure:// backend proxy targets
...
Updates tailscale/corp#7515
Change-Id: Ie50295c09e4a16959b37087d8165c4d7360db37f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 10:09:49 -08:00
Brad Fitzpatrick
9dfb0916c2
ipn/ipnlocal, tailcfg: wire up ingress peerapi
...
Updates tailscale/corp#7515
Co-authored-by: Shayne Sweeney <shayne@tailscale.com>
Change-Id: I7eac7b4ac37fd8e8a9e0469594c1e9e7dd0da666
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 09:48:10 -08:00
Brad Fitzpatrick
32a4ff3e5f
ipn/ipnlocal: implement the reverse proxy HTTP handler type
...
Updates tailscale/corp#7515
Change-Id: Icbfe57f44b9516388edc0556eb04a370a9e3e009
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 06:12:33 -08:00
Brad Fitzpatrick
6beb3184d5
ipn/ipnlocal: don't serve a TLS cert unless it has webserver config
...
Even if the name is right, or is configured on a different port.
Updates tailscale/corp#7515
Change-Id: I8b721968f3241af10d98431e1b5ba075223e6cd3
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 06:12:33 -08:00
Brad Fitzpatrick
1a94c309ea
ipn/ipnlocal: support web TLS ports other than 443
...
Updates tailscale/corp#7515
Change-Id: I87df50b1bc92efd1d8c538c2ad4f1222361e4d6b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 06:12:33 -08:00
Brad Fitzpatrick
4797bacb7c
ipn/ipnlocal: send RST when serving an actionless TCPPortHandler
...
Updates tailscale/corp#7515
Change-Id: I790f1b5d1e8a887e39bb573b4610b8f37a3f5963
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 06:12:33 -08:00
Brad Fitzpatrick
b683921b87
ipn/ipnlocal: add start of handling TCP proxying
...
Updates tailscale/corp#7515
Change-Id: I82d19b5864674b2169f25ec8e429f60a543e0c57
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-09 16:38:11 -08:00
Brad Fitzpatrick
4bccc02413
ipn/ipnlocal: use ServerConfig views internally
...
Updates tailscale/corp#7515
Change-Id: Ica2bc44b92d281d5ce16cee55b7ca51c7910145c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-09 16:38:11 -08:00
Brad Fitzpatrick
25e26c16ee
ipn/ipnlocal: start implementing web server bits of serve
...
Updates tailscale/corp#7515
Change-Id: I96f4016161ba3c370492da941274c6d9a234c2bb
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-09 07:38:10 -08:00