mirror of
https://github.com/tailscale/tailscale.git
synced 2025-01-10 01:53:49 +00:00
d4586ca75f
Serving the web client on the tailscale interface, while useful for remote management, is also inherently risky if ACLs are not configured appropriately. Switch the example to listen only on localhost, which is a much safer default. This is still a valuable example, since it still demonstrates how to have a web client connected to a tsnet instance. Updates #13775 Signed-off-by: Will Norris <will@tailscale.com>
42 lines
846 B
Go
42 lines
846 B
Go
// Copyright (c) Tailscale Inc & AUTHORS
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
// The web-client command demonstrates serving the Tailscale web client over tsnet.
|
|
package main
|
|
|
|
import (
|
|
"flag"
|
|
"log"
|
|
"net/http"
|
|
|
|
"tailscale.com/client/web"
|
|
"tailscale.com/tsnet"
|
|
)
|
|
|
|
var (
|
|
addr = flag.String("addr", "localhost:8060", "address of Tailscale web client")
|
|
devMode = flag.Bool("dev", false, "run web client in dev mode")
|
|
)
|
|
|
|
func main() {
|
|
flag.Parse()
|
|
|
|
s := new(tsnet.Server)
|
|
defer s.Close()
|
|
|
|
lc, err := s.LocalClient()
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
// Serve the Tailscale web client.
|
|
ws, cleanup := web.NewServer(*devMode, lc)
|
|
defer cleanup()
|
|
log.Printf("Serving Tailscale web client on http://%s", *addr)
|
|
if err := http.ListenAndServe(*addr, ws); err != nil {
|
|
if err != http.ErrServerClosed {
|
|
log.Fatal(err)
|
|
}
|
|
}
|
|
}
|