Skip to content

Add an embedded DERP server to Headscale #388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kradalby merged 35 commits into from
Mar 8, 2022
Merged

Add an embedded DERP server to Headscale #388

kradalby merged 35 commits into from
Mar 8, 2022

Conversation

@juanfont
Copy link
Owner

@juanfont juanfont commented Mar 3, 2022
edited
Loading

This series of commits will be adding an embedded DERP server (and STUN) to Headscale,
thus making it completely self-contained and not dependent in other infrastructure.

  • raised a GitHub issue or discussed it on the projects chat beforehand
  • added integration tests
  • updated documentation if needed
  • updated CHANGELOG.md

juanfont added 6 commits March 4, 2022 00:01
@juanfont
Add an embedded DERP server to Headscale
897d480 
This series of commit will be adding an embedded DERP server (and STUN) to Headscale,
thus making it completely self-contained and not dependant in other infrastructure.
@juanfont
Added missing deps
9d43f58
@juanfont
Merge branch 'main' into embedded-derp
23cde84
@juanfont
Be consistent with uppercase DERP
607c1eb
@juanfont
Move more stuff to common
22d2443
@juanfont
Even more stuff moved to common
09d78c7
kradalby
kradalby reviewed Mar 5, 2022
View reviewed changes
Copy link
Collaborator

@kradalby kradalby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having embedded in the names everywhere is quite a cognitive load, we only have one DERP implementation, and it is the embedded one, so might as well just call it DERP everywhere?

h.DERPHandler

h.DERPProbeHandler

h.DERPBootstrapDNSHandler

juanfont added 14 commits March 5, 2022 16:22
@juanfont
Renamed configuration items of the DERP server
758b1ba
@juanfont
Do not offer the option to be DERP insecure
df37d1a 
Websockets, in which DERP is based, requires a TLS certificate. At the same time,
if we use a certificate it must be valid... otherwise Tailscale wont connect (does not
have an Insecure option). So there is no option to expose insecure here
@juanfont
Do not use the term embedded
b742379
@juanfont
Rename the file to derp_server.go for coherence
88378c2
@juanfont
Added integration tests for the embedded DERP server
e9eb90f
@juanfont
Added missing private TLS key
992efbd
@juanfont
Merge branch 'main' into embedded-derp
237f7f1
@juanfont
Fix minor issue
e78c002
@juanfont
Merge local DERP server region with other configured DERP sources
54c3e00
@juanfont
Working /bootstrap-dns DERP helper
70910c4
@juanfont
Improved logging on startup
dc909ba
@juanfont
Make STUN server configurable
eb50015
@juanfont
Make DERP Region configurable
eb06054
@juanfont
Linting here and there
de2ea83
kradalby
kradalby reviewed Mar 6, 2022
View reviewed changes
app.go
Comment on lines +123 to +128
ServerEnabled bool
ServerRegionID int
ServerRegionCode string
ServerRegionName string
STUNEnabled bool
STUNAddr string
Copy link
Collaborator

@kradalby kradalby Mar 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we split this into DERPServerConfig and DERPSTUNConfig ?

At some point I want to have a go at getting rid of all the manual reading of options from viper, I think it can do that...

Copy link

@endigma endigma Mar 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe look into using HCL struct based parsing?

config-example.yaml

# If enabled, also listens in the configured address for STUN connections to help on NAT traversal
# For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/
stun:
Copy link
Collaborator

@kradalby kradalby Mar 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could possible call out that this is UDP, so people know what to open in firewall.

integration_test/etc_embedded_derp/tls/server.crt
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
Copy link
Collaborator

@kradalby kradalby Mar 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like we need to know the expiry of this

integration_embedded_derp_test.go Outdated
)
assert.Nil(t, err)
log.Printf("Result for %s: %s\n", hostname, result)
assert.Contains(t, result, "via DERP")
Copy link
Collaborator

@kradalby kradalby Mar 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we verify the correct derp?

@kradalby
Copy link
Collaborator

kradalby commented Mar 8, 2022

This seems finished, but needs some linting and a changelog entry.

@juanfont juanfont marked this pull request as ready for review March 8, 2022 11:21
@juanfont juanfont changed the title [WIP] Add an embedded DERP server to Headscale Add an embedded DERP server to Headscale Mar 8, 2022
@kradalby kradalby merged commit 941e9d9 into main Mar 8, 2022
@threerog threerog mentioned this pull request Apr 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kradalby kradalby kradalby approved these changes

+1 more reviewer

@endigma endigma endigma left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@juanfont @kradalby @endigma