Will Norris d4586ca75f tsnet/example/web-client: listen on localhost
Serving the web client on the tailscale interface, while useful for
remote management, is also inherently risky if ACLs are not configured
appropriately. Switch the example to listen only on localhost, which is
a much safer default. This is still a valuable example, since it still
demonstrates how to have a web client connected to a tsnet instance.

Updates #13775

Signed-off-by: Will Norris <will@tailscale.com>
2023-08-18 14:57:08 -07:00

42 lines
846 B
Go

// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
// The web-client command demonstrates serving the Tailscale web client over tsnet.
package main
import (
"flag"
"log"
"net/http"
"tailscale.com/client/web"
"tailscale.com/tsnet"
)
var (
addr = flag.String("addr", "localhost:8060", "address of Tailscale web client")
devMode = flag.Bool("dev", false, "run web client in dev mode")
)
func main() {
flag.Parse()
s := new(tsnet.Server)
defer s.Close()
lc, err := s.LocalClient()
if err != nil {
log.Fatal(err)
}
// Serve the Tailscale web client.
ws, cleanup := web.NewServer(*devMode, lc)
defer cleanup()
log.Printf("Serving Tailscale web client on http://%s", *addr)
if err := http.ListenAndServe(*addr, ws); err != nil {
if err != http.ErrServerClosed {
log.Fatal(err)
}
}
}