QNAP [ HeadScale ] [ 0.18.0.0 ] An open source, self-hosted implementation of the Tailscale control server

QoolBox

QoolBox

Représentant QNAP
Membre Confirmé
2 Janvier 2014
10 710
183
158
51
France
www.qnap.com
qpkg_icon_80.gif


Source : https://github.com/juanfont/headscale

Download :

www.myqnap.org

Headscale - MyQNAP

An open source, self-hosted implementation of the Tailscale control server Tailscale is a modern VPN built on top of WireGuard. It works like an overlay network between the computers of your networks – using NAT traversal. Everything in Tailscale is open source, except the GUI clients for...
www.myqnap.org www.myqnap.org

-- QPKG Notes --

start headscal server on QPKG start
config file : /opt/HeadScale/etc/headscale/config.yaml

Verify headscale is available:

curl http://127.0.0.1:9090/metrics

Create a namespace (tailnet):

/opt/HeadScale/headscale namespaces create myfirstnamespace

What is Tailscale

Tailscale is a modern VPN built on top of Wireguard. It works like an overlay network between the computers of your networks - using NAT traversal.
Everything in Tailscale is Open Source, except the GUI clients for proprietary OS (Windows and macOS/iOS), and the control server.

The control server works as an exchange point of Wireguard public keys for the nodes in the Tailscale network. It assigns the IP addresses of the clients, creates the boundaries between each user, enables sharing machines between users, and exposes the advertised routes of your nodes.
A Tailscale network (tailnet) is private network which Tailscale assigns to a user in terms of private users or an organisation.

Design goal

headscale aims to implement a self-hosted, open source alternative to the Tailscale control server. headscale has a narrower scope and an instance of headscale implements a single Tailnet, which is typically what a single organisation, or home/personal setup would use.
headscale uses terms that maps to Tailscale's control server, consult the glossary for explainations.
 
Dernière édition:

v0.16.0

Latest

BREAKING​

  • Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check the new syntax.

Changes​

  • Drop armhf (32-bit ARM) support. #609
  • Headscale fails to serve if the ACL policy file cannot be parsed #537
  • Fix labels cardinality error when registering unknown pre-auth key #519
  • Fix send on closed channel crash in polling #542
  • Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes #566
  • Add command for moving nodes between namespaces #362
  • Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
  • Add command to set tags on a node #525
  • Add command to view tags of nodes #356
  • Add --all (-a) flag to enable routes command #360
  • Fix issue where nodes was not updated across namespaces #560
  • Add the ability to rename a nodes name #560
    • Node DNS names are now unique, a random suffix will be added when a node joins
    • This change contains database changes, remember to backup your database before upgrading
  • Add option to enable/disable logtail (Tailscale's logging infrastructure) #596
    • This change disables the logs by default
  • Use [Prometheus]'s duration parser, supporting days (d), weeks (w) and years (y) #598
  • Add support for reloading ACLs with SIGHUP #601
  • Use new ACL syntax #618
  • Add -c option to specify config file from command line #285 #612
  • Add configuration option to allow Tailscale clients to use a random WireGuard port. kb/1181/firewalls #624
  • Improve obtuse UX regarding missing configuration (ephemeral_node_inactivity_timeout not set) #639
  • Fix nodes being shown as 'offline' in tailscale status #648
  • Improve shutdown behaviour #651
  • Drop Gin as web framework in Headscale 648 677
  • Make tailnet node updates check interval configurable #675
  • Fix regression with HTTP API #684
  • nodes ls now print both Hostname and Name(Issue #647 PR #687)
Cliquez pour agrandir...
 

v0.16.3​


Changelog​

  • ec5acf7 Add ability to connect to PostgreSQL via unix socket
  • 0a5db52 Add ability to connect to PostgreSQL via unix socket
  • 8557bce Added changelog entries for 0.16.x
  • cc3de7e Fix error decoding claims (#744)
  • 7197ade Merge branch 'main' into postgres-connection-string
  • e1a95e2 Merge pull request #734 from vtrf/postgres-connection-string
  • 193b421 Merge pull request #739 from juanfont/updated-changelog-0.16.2
  • f738031 Merge pull request #747 from juanfont/fix-oidc
  • 287309b Update changelog
Cliquez pour agrandir...
 
v0.17.0 Latest


BREAKING​

  • Log level option log_level was moved to a distinct log config section and renamed to level #768
  • Removed Alpine Linux container image #962

Important Changes​

  • Added support for Tailscale TS2021 protocol #738
  • Add experimental support for SSH ACL (see docs for limitations) #847
    • Please note that this support should be considered partially implemented
    • SSH ACLs status:
      • Support accept and check (SSH can be enabled and used for connecting and authentication)
      • Rejecting connections are not supported, meaning that if you enable SSH, then assume that all ssh connections will be allowed.
      • If you decied to try this feature, please carefully managed permissions by blocking port 22 with regular ACLs or do not set --ssh on your clients.
      • We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
    • This feature should be considered dangerous and it is disabled by default. Enable by setting HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1.

Changes​

  • Add ability to specify config location via env var HEADSCALE_CONFIG #674
  • Target Go 1.19 for Headscale #778
  • Target Tailscale v1.30.0 to build Headscale #780
  • Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
  • Fix subnet routers with Primary Routes #811
  • Added support for JSON logs #653
  • Sanitise the node key passed to registration url #823
  • Add support for generating pre-auth keys with tags #767
  • Add support for evaluating autoApprovers ACL entries when a machine is registered #763
  • Add config flag to allow Headscale to start if OIDC provider is down #829
  • Fix prefix length comparison bug in AutoApprovers route evaluation #862
  • Random node DNS suffix only applied if names collide in namespace. #766
  • Remove ip_prefix configuration option and warning #899
  • Add dns_config.override_local_dns option #905
  • Fix some DNS config issues #660
  • Make it possible to disable TS2019 with build flag #928
  • Fix OIDC registration issues #960 and #971
  • Add support for specifying NextDNS DNS-over-HTTPS resolver #940
  • Make more sslmode available for postgresql connection #927
Cliquez pour agrandir...
 
Vous devez vous connecter ou vous enregistrer pour répondre ici.
Haut Bas