Skip to content

Commit

Permalink
use tailscale cert manager with tailscale-proxy command
Browse files Browse the repository at this point in the history 
Instruct caddy to use the tailscale cert manager.  Also add a --debug
flag to enable debug logging with the tailscale-proxy command.

Also remove a lingering `auto_https off` config in one of our examples.

Fixes #27

Signed-off-by: Will Norris <[email protected]>
  • Loading branch information
@willnorris
willnorris committed Jun 3, 2024
1 parent f2562ba commit 8223dd4
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 1 deletion.
22 changes: 22 additions & 0 deletions command.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ default, all incoming headers are passed through unmodified.)
fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream")
fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING SSL CERTIFICATES!)")
fs.Bool("internal-certs", false, "Use internal CA for issuing certs")
fs.Bool("debug", false, "Enable debug logging")
return fs
}(),
})
Expand All @@ -81,6 +82,7 @@ func cmdTailscaleProxy(fs caddycmd.Flags) (int, error) {
changeHost := fs.Bool("change-host-header")
insecure := fs.Bool("insecure")
internalCerts := fs.Bool("internal-certs")
debug := fs.Bool("debug")

httpPort := strconv.Itoa(caddyhttp.DefaultHTTPPort)
httpsPort := strconv.Itoa(caddyhttp.DefaultHTTPSPort)
Expand Down Expand Up @@ -205,6 +207,15 @@ func cmdTailscaleProxy(fs caddycmd.Flags) (int, error) {
},
}
appsRaw["tls"] = caddyconfig.JSON(tlsApp, nil)
} else if tsBind {
tlsApp := caddytls.TLS{
Automation: &caddytls.AutomationConfig{
Policies: []*caddytls.AutomationPolicy{{
ManagersRaw: []json.RawMessage{json.RawMessage(`{"via": "tailscale"}`)},
}},
},
}
appsRaw["tls"] = caddyconfig.JSON(tlsApp, nil)
}

var false bool
Expand All @@ -216,6 +227,17 @@ func cmdTailscaleProxy(fs caddycmd.Flags) (int, error) {
},
AppsRaw: appsRaw,
}
if debug {
cfg.Logging = &caddy.Logging{
Logs: map[string]*caddy.CustomLog{
"default": {
BaseLog: caddy.BaseLog{
Level: "DEBUG",
},
},
},
}
}

err = caddy.Run(cfg)
if err != nil {
Expand Down
1 change: 0 additions & 1 deletion examples/proxyauth.caddyfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@

{
order tailscale_auth after basicauth
auto_https off
tailscale {
ephemeral # create all nodes as ephemeral
}
Expand Down

0 comments on commit 8223dd4

Please sign in to comment.