Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support to HTTP proxies #40

Open
mitchellkellett opened this issue Nov 14, 2024 · 3 comments
Open

Add support to HTTP proxies #40

mitchellkellett opened this issue Nov 14, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@mitchellkellett
Copy link

When using TsDProxy with Headscale, I keep getting errors in the log (see below) because Headscale doesn't yet support certificates for https. It's coming in juanfont/headscale/issues/1921.

12:59PM ERR Error listening on TLS error="tsnet: you must enable HTTPS in the admin panel to proceed. See https://tailscale.com/s/https" containerID=c730f9c33ee7f93df67d64e4967c1331a7c6e74e255d5aff69d5cc24d32c314a containerName=whoami

When running the tailscale serve command you can use --http=<port> to expose an HTTP server at the specified port, avoiding certificates being requested. This looks like the following:

user@macbook ~ % tailscale serve --http=80 localhost:3000
Available within your tailnet:

http://macbook.headscale.internal/
|-- proxy http://localhost:3000
@almeidapaulopt
Copy link
Owner

yes, actually tsdproxy only works to https. we could add it to roadmap.

@almeidapaulopt almeidapaulopt changed the title [Bug] Headscale - you must enable HTTPS to proceed [Bug] Add support to HTTP proxies Nov 14, 2024
@almeidapaulopt almeidapaulopt changed the title [Bug] Add support to HTTP proxies Add support to HTTP proxies Nov 14, 2024
@almeidapaulopt almeidapaulopt added the enhancement New feature or request label Nov 14, 2024
@JohnYangSam
Copy link

JohnYangSam commented Dec 20, 2024

Is the below the same issue?

For certain containers that I've tried to run with tsdproxy like registry or portainer-ce (below), I've tried to run the containers on HTTP and have tsdproxy's connect to them and serve them up.

I can access them locally (e.g. locahost:9000) and I can access other containers through tsdproxy, but when I try to access via tsdproxy, I get the following 502 and logs:

4:29AM ERR error host=bh-portainer.manticore-ruler.ts.net method=GET module=proxymanager proxyname=bh-portainer status=502 url=/

docker-compose.yml

services:
  tsdproxy:
    image: almeidapaulopt/tsdproxy:latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - tsdproxy_data:/data
      - ./tsdproxy:/config
    secrets:
      - ts_auth_key
    restart: unless-stopped
    networks:
      - general_network
  portainer:
    image: portainer/portainer-ce:latest
    command: -H tcp://tasks.portainer_agent:9001 --tlsskipverify
    labels:
      tsdproxy.enable: "true"
      tsdproxy.name: "bh-portainer"
      tsdproxy.container_port: "9000" # Use http version
      tsdproxy.ephemeral: "true"
without swarm secrets
    ports:
      - "9443:9443" # https
      - "9000:9000" # http
    volumes:
      - portainer_data:/data
    networks:
      - portainer_agent_network
      - general_network
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.role == manager]

@JohnYangSam
Copy link

JohnYangSam commented Dec 20, 2024

Update: In some cases clearing all the saved data and resetting the tsdproxy.name to a new name changes this?

Steps:

  • Stop the services
  • Clear docker volumes
  • Reset the tsdproxy.name s to different ones (since Tailscale supposedly limits the number of times you can request a TLS certificate for a given hostname)
  • Bring the services back up
  • Now I have portainer accessible via my tailnet, but the pgadmin4 container which was working via tailnet before and still working on local host is now giving me the 502 instead:
6:32PM ERR error host=bh-pgadmin4.manticore-ruler.ts.net method=GET module=proxymanager proxyname=bh-pgadmin4 status=502 url=/```

No change other than the hostname for that service and I'm visiting the hostname directly from the tailscale dashboard...

Seems like there may be a weird race condition hiding somewhere?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
Status: No status
Development

No branches or pull requests

3 participants