diff --git a/docs/ref/acls.md b/docs/ref/acls.md index ac920fc173..c5f7d55ef7 100644 --- a/docs/ref/acls.md +++ b/docs/ref/acls.md @@ -59,7 +59,7 @@ process. Headscale logs the result of ACL policy processing after each reload. Here are the ACL's to implement the same permissions as above: -```json +```json title="acl.json" { // groups are collections of users having a common scope. A user can be in multiple groups // groups cannot be composed of groups diff --git a/docs/ref/dns.md b/docs/ref/dns.md index 092351064b..9eaa52452b 100644 --- a/docs/ref/dns.md +++ b/docs/ref/dns.md @@ -30,7 +30,7 @@ hostname and port combination "http://hostname-in-magic-dns.myvpn.example.com:30 === "Static entries, via `dns.extra_records`" - ```yaml + ```yaml title="config.yaml" dns: ... extra_records: @@ -48,7 +48,7 @@ hostname and port combination "http://hostname-in-magic-dns.myvpn.example.com:30 === "Dynamic entries, via `dns.extra_records_path`" - ```json + ```json title="extra-records.json" [ { "name": "grafana.myvpn.example.com", @@ -93,7 +93,7 @@ hostname and port combination "http://hostname-in-magic-dns.myvpn.example.com:30 The motivating example here was to be able to access internal monitoring services on the same host without specifying a port, depicted as NGINX configuration snippet: - ``` + ```nginx title="nginx.conf" server { listen 80; listen [::]:80; diff --git a/docs/ref/integration/reverse-proxy.md b/docs/ref/integration/reverse-proxy.md index a50e894a10..91ee8dfc8c 100644 --- a/docs/ref/integration/reverse-proxy.md +++ b/docs/ref/integration/reverse-proxy.md @@ -23,7 +23,7 @@ Running headscale behind a cloudflare proxy or cloudflare tunnel is not supporte Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file. -```yaml +```yaml title="config.yaml" server_url: https:// # This should be the FQDN at which headscale will be served listen_addr: 0.0.0.0:8080 metrics_listen_addr: 0.0.0.0:9090 @@ -35,7 +35,7 @@ tls_key_path: "" The following example configuration can be used in your nginx setup, substituting values as necessary. `` should be the IP address and port where headscale is running. In most cases, this will be `http://localhost:8080`. -```Nginx +```nginx title="nginx.conf" map $http_upgrade $connection_upgrade { default upgrade; '' close; @@ -113,7 +113,7 @@ spec: The following Caddyfile is all that is necessary to use Caddy as a reverse proxy for headscale, in combination with the `config.yaml` specifications above to disable headscale's built in TLS. Replace values as necessary - `` should be the FQDN at which headscale will be served, and `` should be the IP address and port where headscale is running. In most cases, this will be `localhost:8080`. -``` +```none title="Caddyfile" { reverse_proxy } @@ -127,7 +127,7 @@ For a slightly more complex configuration which utilizes Docker containers to ma The following minimal Apache config will proxy traffic to the headscale instance on ``. Note that `upgrade=any` is required as a parameter for `ProxyPass` so that WebSockets traffic whose `Upgrade` header value is not equal to `WebSocket` (i. e. Tailscale Control Protocol) is forwarded correctly. See the [Apache docs](https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html) for more information on this. -``` +```apache title="apache.conf" ServerName diff --git a/docs/ref/oidc.md b/docs/ref/oidc.md index 734184df83..6bc4557206 100644 --- a/docs/ref/oidc.md +++ b/docs/ref/oidc.md @@ -11,7 +11,7 @@ Known limitations: In your `config.yaml`, customize this to your liking: -```yaml +```yaml title="config.yaml" oidc: # Block further startup until the OIDC provider is healthy and available only_start_if_oidc_is_available: true @@ -56,7 +56,7 @@ oidc: In order to integrate headscale with Azure Active Directory, we'll need to provision an App Registration with the correct scopes and redirect URI. Here with Terraform: -```hcl +```hcl title="terraform.hcl" resource "azuread_application" "headscale" { display_name = "Headscale" @@ -127,7 +127,7 @@ output "headscale_client_secret" { And in your headscale `config.yaml`: -```yaml +```yaml title="config.yaml" oidc: issuer: "https://login.microsoftonline.com//v2.0" client_id: "" @@ -162,7 +162,7 @@ However if you don't have a domain, or need to add users outside of your domain, 8. Click `Save` at the bottom of the form 9. Take note of the `Client ID` and `Client secret`, you can also download it for reference if you need it. 10. Edit your headscale config, under `oidc`, filling in your `client_id` and `client_secret`: - ```yaml + ```yaml title="config.yaml" oidc: issuer: "https://accounts.google.com" client_id: "" diff --git a/docs/ref/remote-cli.md b/docs/ref/remote-cli.md index 65aab65e5a..10c7534fe3 100644 --- a/docs/ref/remote-cli.md +++ b/docs/ref/remote-cli.md @@ -54,7 +54,7 @@ headscale apikeys expire --prefix "" === "Minimal YAML configuration file" - ```yaml + ```yaml title="config.yaml" cli: address: : api_key: diff --git a/docs/ref/tls.md b/docs/ref/tls.md index 23bc82a4f2..d1e9101667 100644 --- a/docs/ref/tls.md +++ b/docs/ref/tls.md @@ -4,7 +4,7 @@ Headscale can be configured to expose its web service via TLS. To configure the certificate and key file manually, set the `tls_cert_path` and `tls_cert_path` configuration parameters. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from. -```yaml +```yaml title="config.yaml" tls_cert_path: "" tls_key_path: "" ``` @@ -15,7 +15,7 @@ The certificate should contain the full chain, else some clients, like the Tails To get a certificate automatically via [Let's Encrypt](https://letsencrypt.org/), set `tls_letsencrypt_hostname` to the desired certificate hostname. This name must resolve to the IP address(es) headscale is reachable on (i.e., it must correspond to the `server_url` configuration parameter). The certificate and Let's Encrypt account credentials will be stored in the directory configured in `tls_letsencrypt_cache_dir`. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from. -```yaml +```yaml title="config.yaml" tls_letsencrypt_hostname: "" tls_letsencrypt_listen: ":http" tls_letsencrypt_cache_dir: ".cache" diff --git a/docs/setup/install/official.md b/docs/setup/install/official.md index d3f307f53a..0bd594992f 100644 --- a/docs/setup/install/official.md +++ b/docs/setup/install/official.md @@ -94,7 +94,7 @@ systemd. 1. In `/etc/headscale/config.yaml`, override the default `headscale` unix socket with a path that is writable by the `headscale` user or group: - ```yaml + ```yaml title="config.yaml" unix_socket: /var/run/headscale/headscale.sock ```