Moving logic that manipulates a ServeConfig into recievers on the
ServeConfig in the ipn package. This is setup work to allow the
web client and cli to both utilize these shared functions to edit
the serve config.
Any logic specific to flag parsing or validation is left untouched
in the cli command. The web client will similarly manage its
validation of user's requested changes. If validation logic becomes
similar-enough, we can make a serve util for shared functionality,
which likely does not make sense in ipn.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
In preparation for changes to allow configuration of serve/funnel
from the web client, this commit moves some functionality that will
be shared between the CLI and web client to the ipn package's
serve.go file, where some other util funcs are already defined.
Updates #10261
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
When running as non-root non-operator user, you get this error:
```
$ tailscale serve 8080
Access denied: watch IPN bus access denied, must set ipn.NotifyNoPrivateKeys when not running as admin/root or operator
Use 'sudo tailscale serve 8080' or 'tailscale up --operator=$USER' to not require root.
```
It should fail, but the error message is confusing.
With this fix:
```
$ tailscale serve 8080
sending serve config: Access denied: serve config denied
Use 'sudo tailscale serve 8080' or 'tailscale up --operator=$USER' to not require root.
```
Updates #cleanup
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
We were inconsistent whether we checked if the feature was already
enabled which we could do cheaply using the locally available status.
We would do the checks fine if we were turning on funnel, but not serve.
This moves the cap checks down into enableFeatureInteractive so that
are always run.
Updates #9984
Co-authored-by: Tyler Smalley <tyler@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
We prevent shodow configs when starting a foreground when a background serve config already exists for the serve type and port. This PR improves the messaging to let the user know how to remove the previous config.
Updates #8489
ENG-2314
Signed-off-by: Tyler Smalley <tyler@tailscale.com>
The `--http` flag can not be used with Funnel, so we should remove it to remove confusion.
Updates #8489
ENG-2316
Signed-off-by: Tyler Smalley <tyler@tailscale.com>
This PR changes the -https, -http, -tcp, and -tls-terminated-tcp
flags from string to int and also updates the validation to ensure
they fit the uint16 size as the flag library does not have a Uint16Var
method.
Updates #8489
Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
The TestServeDevConfigMutations test has 63 steps that all run
under the same scope. This tests breaks them out into isolated
subtests that can be run independently.
Updates #8489
Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
We currently print out "run tailscale serve --help" when the subcmd
might be funnel. This PR ensures the right subcmd is passed.
Updates #8489
Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
A few people have run into issues with understanding why `--set-path` started in background mode, and/or why they couldn't use a path in foreground mode. This change allows `--set-path` to be used in either case (foreground or background).
updates #8489
Signed-off-by: Tyler Smalley <tyler@tailscale.com>
* Fixes issue with template string not being provided in help text
* Updates background information to provide full URL, including path, to make it clear the source and destination
* Restores some tests
* Removes AllowFunnel in ServeConfig if no proxy exists for that port.
updates #8489
Signed-off-by: Tyler Smalley <tyler@tailscale.com>
This PR adds the same set-raw from the old flow into the new one
so that users can continue to use it when transitioning into the new
flow.
Updates #8489
Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
This PR fixes the isLegacyInvocation to better catch serve and
funnel legacy commands. In addition, it now also returns a string
that translates the old command into the new one so that users
can have an easier transition story.
Updates #8489
Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
This PR allows you to do "tailscale serve -bg -https:4545 off" and it
will delete all handlers under it. It will also prompt you for a y/n in case
you wanted to delete a single port.
Updates #8489
Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
The `serve` command for TCP has always required the scheme of the target to be specified. However, when it's omitted the error message reported is misleading
```
error: failed to apply TCP serve: invalid TCP target "localhost:5900": missing port in address
```
Since we know the target is TCP, we shouldn't require it to be specified. This aligns with the changes for HTTP proxies in https://github.com/tailscale/tailscale/issues/8489closes#9855
Signed-off-by: Tyler Smalley <tyler@tailscale.com>
The `off` subcommand removes a serve/funnel for the corresponding type and port. Previously, we were not providing this which would result in an error if someone was using something than the default https=443.
closes#9858
Signed-off-by: Tyler Smalley <tyler@tailscale.com>
The change is being kept to a minimum to make a revert easy if necessary. After the release, we will go back for a final cleanup.
updates #8489
Signed-off-by: Tyler Smalley <tyler@tailscale.com>
