Commit Graph

67 Commits

Author SHA1 Message Date
shayne
4471e403aa
ipn/ipnlocal: [serve] listen on all-interfaces for macOS sandboxed (#6771)
On macOS (AppStore and macsys), we need to bind to ""/all-interfaces
due to the network sandbox. Ideally we would only bind to the
Tailscale interface, but macOS errors out if we try to
to listen on privileged ports binding only to a specific
interface.

We also implement the lc.Control hook, same as we do for
peerapi. It doesn't solve our problem but it's better that
we do and would likely be required when Apple gets around to
fixing per-interface priviliged port binding.

Fixes: #6364

Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2023-01-20 13:40:56 -05:00
Anton Tolchanov
82b9689e25
ipn/ipnlocal: maintain a proxy handler per backend (#6804)
By default, `http.Transport` keeps idle connections open hoping to re-use them in the future. Combined with a separate transport per request in HTTP proxy this results in idle connection leak.

Fixes #6773
2022-12-21 18:36:58 +00:00
shayne
a97369f097
cmd/tailscale/cli: flesh out serve CLI and tests (#6304)
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2022-11-17 16:09:43 -05:00
Brad Fitzpatrick
3114eacbb8 ipn/ipnlocal: don't warn about serve listener failing on IPv6-less machines
Fixes #6303

Change-Id: Ie1ce12938f68dfa0533246bbe3b9d7f3e749a243
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-13 10:11:25 -08:00
shayne
74e892cbc2
ipn/ipnlocal: listen to serve ports on netmap addrs (#6282)
Updates tailscale/corp#7515

Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2022-11-11 21:46:26 -05:00
Brad Fitzpatrick
c9d6a9cb4d ipn/ipnlocal: add optional TLS termination on proxied TCP connections
Updates tailscale/corp#7515

Change-Id: Ib250fa20275971563adccfa72db48e0cec02b7a5
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 21:35:16 -08:00
shayne
e3a66e4d2f
ipn/localapi: introduce get/set config for serve (#6243)
Updates tailscale/corp#7515

Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2022-11-10 22:58:40 -05:00
Brad Fitzpatrick
7b5866ac0a ipn/ipnlocal: support serving files/directories too
Updates tailscale/corp#7515

Change-Id: I7b4c924005274ba57763264313d70d2a0c55da30
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 18:09:35 -08:00
Brad Fitzpatrick
d7bfef12cf ipn/ipnlocal: support https+insecure:// backend proxy targets
Updates tailscale/corp#7515

Change-Id: Ie50295c09e4a16959b37087d8165c4d7360db37f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 10:09:49 -08:00
Brad Fitzpatrick
9dfb0916c2 ipn/ipnlocal, tailcfg: wire up ingress peerapi
Updates tailscale/corp#7515

Co-authored-by: Shayne Sweeney <shayne@tailscale.com>
Change-Id: I7eac7b4ac37fd8e8a9e0469594c1e9e7dd0da666
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 09:48:10 -08:00
Brad Fitzpatrick
32a4ff3e5f ipn/ipnlocal: implement the reverse proxy HTTP handler type
Updates tailscale/corp#7515

Change-Id: Icbfe57f44b9516388edc0556eb04a370a9e3e009
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 06:12:33 -08:00
Brad Fitzpatrick
6beb3184d5 ipn/ipnlocal: don't serve a TLS cert unless it has webserver config
Even if the name is right, or is configured on a different port.

Updates tailscale/corp#7515

Change-Id: I8b721968f3241af10d98431e1b5ba075223e6cd3
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 06:12:33 -08:00
Brad Fitzpatrick
1a94c309ea ipn/ipnlocal: support web TLS ports other than 443
Updates tailscale/corp#7515

Change-Id: I87df50b1bc92efd1d8c538c2ad4f1222361e4d6b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 06:12:33 -08:00
Brad Fitzpatrick
4797bacb7c ipn/ipnlocal: send RST when serving an actionless TCPPortHandler
Updates tailscale/corp#7515

Change-Id: I790f1b5d1e8a887e39bb573b4610b8f37a3f5963
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 06:12:33 -08:00
Brad Fitzpatrick
b683921b87 ipn/ipnlocal: add start of handling TCP proxying
Updates tailscale/corp#7515

Change-Id: I82d19b5864674b2169f25ec8e429f60a543e0c57
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-09 16:38:11 -08:00
Brad Fitzpatrick
4bccc02413 ipn/ipnlocal: use ServerConfig views internally
Updates tailscale/corp#7515

Change-Id: Ica2bc44b92d281d5ce16cee55b7ca51c7910145c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-09 16:38:11 -08:00
Brad Fitzpatrick
25e26c16ee ipn/ipnlocal: start implementing web server bits of serve
Updates tailscale/corp#7515

Change-Id: I96f4016161ba3c370492da941274c6d9a234c2bb
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-09 07:38:10 -08:00