Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

502 bad gateway #31

Open
unusualevent opened this issue Jun 13, 2024 · 3 comments
Open

502 bad gateway #31

unusualevent opened this issue Jun 13, 2024 · 3 comments

Comments

@unusualevent
Copy link

Do you have any debug steps for a 502 bad gateway?

I've got a caddyfile with the following:

tailscale.example.dev {
   @admin {
     path /web*
     path /admin*
     #path /api*
   }
   handle @admin {
      reverse_proxy localhost:8000
   }
   handle {
      reverse_proxy localhost:8080
   }
}

tailscale config:

server_url: https://tailscale.example.dev #:443 #8080
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 127.0.0.1:9090
grpc_listen_addr: 0.0.0.0:50443
grpc_allow_insecure: false
private_key_path: /var/lib/headscale/private.key
noise:
  private_key_path: /var/lib/headscale/noise_private.key
ip_prefixes:
  - fd7a:115c:a1e0::/48
  - 100.64.0.0/10
derp:
  server:
    enabled: true
    region_id: 999
    region_code: "headscale"
    region_name: "Headscale Embedded DERP"
    stun_listen_addr: "0.0.0.0:3478"
  urls:
    - https://controlplane.tailscale.com/derpmap/default
  paths: []
  auto_update_enabled: true
  update_frequency: 24h
disable_check_updates: false
ephemeral_node_inactivity_timeout: 30m
node_update_check_interval: 10s
db_type: sqlite3
db_path: /var/lib/headscale/db.sqlite
acme_url: https://acme-v02.api.letsencrypt.org/directory
acme_email: "[email protected]"
tls_letsencrypt_hostname: "tailscale.example.dev"
tls_letsencrypt_cache_dir: /var/lib/headscale/cache
tls_letsencrypt_challenge_type: HTTP-01
#tls_letsencrypt_listen: ":http"
tls_cert_path: ""
tls_key_path: ""
log:
  format: text
  level: info
acl_policy_path: ""
dns_config:
  override_local_dns: true
  nameservers:
    - 1.1.1.1

docker-compose:

services:
  headscale-admin:
    image: goodieshq/headscale-admin:latest
    container_name: headscale-admin
    restart: unless-stopped
    ports:
      - 8000:80
@GoodiesHQ
Copy link
Owner

Instead of running it in a dockerfile or a reverse proxy, it may be simpler to skip the middleman and choose to simply host the static directory yourself wherever you choose and use file_server on caddy. That's how the docker container does it anyways.

What can you glean from docker logs of the various containers involved?

@unusualevent
Copy link
Author

this is the setup I ended up using (.dev requires https://, it's a browser thing)
docker compose:

services:
  headscale-admin:
    image: goodieshq/headscale-admin:latest
    container_name: headscale-admin
    restart: unless-stopped
    ports:
      - 8000:80
  headscale-ui:
    container_name: headscale-ui
    image: ghcr.io/gurucomputing/headscale-ui:latest
    restart: unless-stopped
    ports:
      - 8001:80

headscale config:

server_url: https://tail.example.dev #:443 #8080
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 0.0.0.0:9090
grpc_listen_addr: 0.0.0.0:50443
grpc_allow_insecure: false
private_key_path: /var/lib/headscale/private.key
noise:
 private_key_path: /var/lib/headscale/noise_private.key
ip_prefixes:
 - fd7a:115c:a1e0::/48
 - 100.64.0.0/10
derp:
 server:
   enabled: true
   region_id: 999
   region_code: "headscale"
   region_name: "Headscale Embedded DERP"
   stun_listen_addr: "0.0.0.0:3478"
 urls:
   - https://controlplane.tailscale.com/derpmap/default
 paths: []
 auto_update_enabled: true
 update_frequency: 24h
disable_check_updates: false
ephemeral_node_inactivity_timeout: 30m
node_update_check_interval: 10s
db_type: sqlite3
db_path: /var/lib/headscale/db.sqlite
acme_enabled: false
#acme_url: https://acme-v02.api.letsencrypt.org/directory
#acme_email: "[email protected]"
#tls_letsencrypt_hostname: "tail.example.dev"
#tls_letsencrypt_cache_dir: /var/lib/headscale/cache
#tls_letsencrypt_challenge_type: HTTP-01
#tls_letsencrypt_listen: ":http"
tls_cert_path: ""
tls_key_path: ""
log:
 format: text
 level: info
#acl_policy_path: /etc/headscale/acls.json
dns_config:
 override_local_dns: true
 nameservers:
   - 1.1.1.1

caddyfile:

tail.example.dev {
  log {
    output file /var/log/caddy/access.log {
       roll_size 1gb
       roll_keep 5
       roll_keep_for 720h
    }
  }
  @web {
    path /web*
    path /apple*
    path /windows*
    path /linux*
  }
  @admin {
    path /web*
    path /admin*
    #path /api*
  }
  handle @web {
     reverse_proxy localhost:8001
  basicauth {
    mozart "$2a$14$somebcrypt"
  }
  }
  handle @admin {
     reverse_proxy localhost:8000
  basicauth {
    mozart "$2a$14$somebcrypt"
  }
  }
  handle {
     reverse_proxy 127.0.0.1:8080
  }
}

I still can't get headscale to issue SSL certs for the devices in my tailnet, which means I can't use their DNS names, but at least I can use their IPs. some of them require SSL though anyway.

I forgot what was the root cause of the admin page not working well, but it could use better error messages in general and better docs.

@meerzulee
Copy link

meerzulee commented Jul 18, 2024
edited
Loading

Hi there!

I recently set up my environment with Headscale and Caddy and encountered similar issues. You can check out my setup here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@GoodiesHQ @meerzulee @unusualevent