Comments (5)
Never used HAProxy before, wouldn't even know where to begin. I'll leave this open for a while in case a third someone wants to come along and enlighten us. quick google talks about enabling a lua module which doesn't sound friendly.
You would most likely be better off serving headscale ui on the same subdomain as headscale using the web
path. Same domain means no CORS. HAProxy's documentation describes how to do that here.
from headscale-ui.
Ahhh it added me a idea! i tried it before on same subdomain, but i use more subdomains with same frontend (not only headscale) and it do a bit difficult. But now i split it each other (headcale and ui vs everything else) and now it work well!
Thanks!
PS: it seems someting wrong, because i can't do of things on UI. i can not create name, and can not add a new machine with normal auth. method. If i add it via CLI i see it on UI (namespace and also devices) So a bit weird...
But i able to delete devices, so i think i able to write it to my headscale.
from headscale-ui.
Hmm seems it is browser problem.. My home Windows PC (Chrome) affect above problems, but my Linux desktop (also Chrome) work well... Interesting...
from headscale-ui.
this config work well with HAproxy (same domain). I write it here, that possible to help someone:
# Frontend: general_https_frontend ()
frontend general_https_frontend
bind headscale.domain.org:443 name headscale.domain.org:443 ssl crt-list /tmp/haproxy/ssl/5e6986bca1fdf9.68580069.certlist
mode http
option http-keep-alive
default_backend opnsense
# tuning options
timeout client 30s
# logging options
# ACL: headscale
acl acl_62fa39a1c4f969.44775481 path_beg -i /web
# ACL: headscale_domain_use
acl acl_62f62cb5c7c7c9.95836142 hdr(host) -i headscale.domain.org
# ACL: headscale-ui
acl acl_62f90fb56e8189.73521649 path_beg -i /web
# ACTION: headscale
use_backend headscale if !acl_62fa39a1c4f969.44775481 acl_62f62cb5c7c7c9.95836142
# ACTION: headscale-ui
use_backend headscale-ui if acl_62f90fb56e8189.73521649 acl_62f62cb5c7c7c9.95836142
# Backend: headscale ()
backend headscale
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
http-reuse safe
server headscale 192.168.31.105:16666
# Backend: headscale-ui ()
backend headscale-ui
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
acl auth_ok http_auth(list_62f90f8e3b26e5.68322732)
http-request auth if !auth_ok
http-reuse safe
server headscale-ui 192.168.31.105:16667
I use 3 conditions and 2 rules.
- conditon: domain path start with /web
- conditon: domain path NOT start with /web (negate the previous condition)
- condition: domain name is headscale.domain.org (it need, because i use more sub-domains)
1 rule: 1 + 3 condition with AND logical and attach it to headscale-ui IP+port backend
2 rule: 2 + 3 condition with AND logical and attach it to headscale IP+port backend
both headscale and headscale-ui is plain http, without encryption, the HAproxy do the SSL part. It no problem that is available without encryption in local network. The point is that is only accessable via SSL from the web.
+1
because (if i look right) headscale-ui not contain any authentication, i set a basic one with HAProxy.
from headscale-ui.
closing for now, I'll link this issue in the doco if we get any other HAproxy related questions.
Note that there is no auth (correct), but all secrets are saved locally to the browser. It's not like putting in the API key lets anyone manipulate the platform.
from headscale-ui.
Related Issues (20)
- Headscale URL & API Key HOT 3
- Proxy Settings "Nginx Proxy Manager" web UI HOT 28
- please delete HOT 6
- ACL support ? HOT 2
- Rename Machine into Node HOT 11
- accessing headscale server on same lan over http (not https) HOT 2
- Feature Request: Show assigned user of machine in the Device View HOT 2
- Trying to deploy the "static site" but failing HOT 2
- nginx proxy location config help HOT 3
- CORS is not working HOT 2
- WebUI Login Security by Authentik or Token HOT 5
- Ionscale support? HOT 2
- I encountered an error when adding the key HOT 4
- 404 on GET https://<domain>/api/v1/machine HOT 2
- Device view fails (tested with headscale docker image 0.23.0) HOT 2
- House Keeping
- Fix developer image pipeline
- Remove Dynamic API check in future version HOT 1
- An error when test server key HOT 1
- New Container start HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from headscale-ui.