Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for auto_tls #19

Open
werdnum opened this issue Aug 17, 2023 · 2 comments · May be fixed by #53
Open

Support for auto_tls #19

werdnum opened this issue Aug 17, 2023 · 2 comments · May be fixed by #53

Comments

@werdnum
Copy link

werdnum commented Aug 17, 2023

I was wondering what it would take to get the automatic TLS integration working properly.

I don't know too much about Caddy, but in the absence of any other mechanism for cross-server shared state, I was thinking about stuffing the tailscale Server object in a global map under the tailscale package, keyed by tsnet.Server.CertDomains(), and then calling s.LocalClient.CertPair().

It isn't the prettiest design, but I'm welcome to other suggestions if you know of a better way to share state between the cert manager and the listener.

If you're OK with that design, I could probably whip something up over the next few days.
@mholt
Copy link
Contributor

mholt commented Aug 17, 2023

Just to clarify, what isn't working properly?

@werdnum
Copy link
Author

werdnum commented Aug 17, 2023
edited

I'm referring to the shortcomings mentioned here: https://github.com/tailscale/caddy-tailscale#https-support (i.e., that the native TLS integration doesn't work and you need to use tailscale+tls instead (and set auto_tls off).

In particular, I'm hoping to have a single server run as a bidirectional HTTP proxy (serve a local service over tailscale+tls and also provide a gateway for that service to contact other services on the tailnet)

willnorris added a commit that referenced this issue May 17, 2024
@willnorris
certs: update tscert dialer to connect to tsnet server
18418c7 
This provides an alternate implementation for tscert.TailscaledDialer
that tries to find a tsnet server for the requested certificate.
This allows caddy-tailscale to be used with caddy's auto_https support.

Fixes #19

Signed-off-by: Will Norris <will@tailscale.com>
@willnorris willnorris linked a pull request May 17, 2024 that will close this issue
Draft
willnorris added a commit that referenced this issue May 17, 2024
@willnorris
certs: update tscert dialer to connect to tsnet server
1402b1b 
This provides an alternate implementation for tscert.TailscaledDialer
that tries to find a tsnet server for the requested certificate.
This allows caddy-tailscale to be used with caddy's auto_https support.

Fixes #19

Signed-off-by: Will Norris <will@tailscale.com>
willnorris added a commit that referenced this issue May 17, 2024
@willnorris
certs: update tscert dialer to connect to tsnet server
653a702 
This provides an alternate implementation for tscert.TailscaledDialer
that tries to find a tsnet server for the requested certificate.
This allows caddy-tailscale to be used with caddy's auto_https support.

Fixes #19

Signed-off-by: Will Norris <will@tailscale.com>
willnorris added a commit that referenced this issue May 19, 2024
@willnorris
certs: update tscert dialer to connect to tsnet server
e90764e 
This provides an alternate implementation for tscert.TailscaledDialer
that tries to find a tsnet server for the requested certificate.
This allows caddy-tailscale to be used with caddy's auto_https support.

Fixes #19

Signed-off-by: Will Norris <will@tailscale.com>
willnorris added a commit that referenced this issue May 19, 2024
@willnorris
certs: update tscert dialer to connect to tsnet server
cf24886 
This provides an alternate implementation for tscert.TailscaledDialer
that tries to find a tsnet server for the requested certificate.
This allows caddy-tailscale to be used with caddy's auto_https support.

Fixes #19

Signed-off-by: Will Norris <will@tailscale.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

certs: update tscert dialer to connect to tsnet server tailscale/caddy-tailscale
2 participants
@werdnum @mholt