headscale-admin
headscale-admin copied to clipboard
GoodiesHQ
After saving settings I don't get any new options and it stays on that page
After saving settings I don't get any new options and it stays on that page. Attempts to go to /admin redirects to /admin/settings.
Please advise!
I am using latest headscale/headscale-admin w/ traefik config from this Github.
Can you enable console debugging, click save, and then provide any relevant output from the development console? This usually happens if there's a CORS or some kind of communication issue to the backend API.
I have the same issue so hopefully its ok for me to chip in with my data. pasting it is a horrible mess so i've included a screenshot as well.
10:48:57 API URL is set to: http://10.201.199.167:8080/ [D1cWQVhH.js:7:3241](http://10.201.199.167/admin/_app/immutable/chunks/D1cWQVhH.js)
10:48:57 Saving 'apiKeyInfo' in localStorage... [D1cWQVhH.js:7:3241](http://10.201.199.167/admin/_app/immutable/chunks/D1cWQVhH.js)
XHROPTIONS
http://10.201.199.167:8080/api/v1/apikey
CORS Missing Allow Origin
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://10.201.199.167:8080/api/v1/apikey. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://10.201.199.167:8080/api/v1/apikey. (Reason: CORS request did not succeed). Status code: (null).
10:48:57 Fetch Error: NetworkError when attempting to fetch resource. [D1cWQVhH.js:7:3241](http://10.201.199.167/admin/_app/immutable/chunks/D1cWQVhH.js)
10:48:57 Error Handler: TypeError: NetworkError when attempting to fetch resource. [D1cWQVhH.js:7:3241](http://10.201.199.167/admin/_app/immutable/chunks/D1cWQVhH.js)
network tab:
Ooops, forgot to update: I went on a journey via https://github.com/juanfont/headscale/issues/2160 and back to https://github.com/gurucomputing/headscale-ui?tab=readme-ov-file#errors-related-to-missing-bearer-prefix where I see "HS-UI has to be ran on the same subdomain as headscale or you need to configure CORS. Yes you need to use a reverse proxy to do this. Use a reverse proxy. If you are trying to use raw IPs and ports, it will not work.". So I suspect that will be the cause for me - I'm running headscale-admin through nginx but not headscale. I will try later and report back.
I can confirm when running headscale and headscale-admin on the same domain through the same nginx instance, the settings dialogue instantly responds with "Authorized Expires in: 3 months from now" after clicking save. Previously there was nothing in the UI to show success or failure.
@GoodiesHQ You may change the README to reflect this change. As it shows, an example that may confuse others. For the record, this is what works for me now ...
services:
headscale:
labels:
...
traefik.http.routers.headscale-https.rule: Host(`ts.example.com`)
...
headscale-admin:
labels:
...
traefik.http.services.headscale-admin.loadbalancer.server.port: 80
traefik.http.routers.headscale-admin.rule: "Host(`ts.example.com`) && PathPrefix(`/admin`)"
...
headscale-ui:
labels:
...
traefik.http.services.headscale-ui.loadbalancer.server.port: 8080
traefik.http.routers.headscale-ui.rule: "Host(`ts.example.com`) && PathPrefix(`/web`)"
This is my full docker-compose if it helps:
services:
headscale:
image: headscale/headscale:latest
container_name: headscale
restart: unless-stopped
environment:
- TZ=America/Los_Angeles
volumes:
- /config/headscale:/etc/headscale
- /config/headscale/var:/var/lib/headscale
entrypoint: headscale serve
networks:
- proxy
labels:
traefik.enable: "true"
traefik.docker.network: "proxy"
# Headscale Service Configuration
traefik.http.services.headscale.loadbalancer.server.port: 8080
traefik.http.services.headscale.loadbalancer.server.scheme: http
traefik.http.routers.headscale.rule: Host(`hs.bsd-unix.net`)
traefik.http.routers.headscale.entrypoints: websecure
traefik.http.routers.headscale.tls.certresolver: myresolver
traefik.http.routers.headscale.service: headscale
# CORS Middleware Configuration
traefik.http.middlewares.headscale-cors.headers.accessControlAllowMethods: "GET,POST,PUT,PATCH,DELETE,OPTIONS"
traefik.http.middlewares.headscale-cors.headers.accessControlAllowHeaders: "Authorization,Content-Type"
traefik.http.middlewares.headscale-cors.headers.accessControlAllowOriginList: "*.bsd-unix.net"
traefik.http.middlewares.headscale-cors.headers.accessControlMaxAge: 100
traefik.http.middlewares.headscale-cors.headers.addVaryHeader: true
traefik.http.routers.headscale.middlewares: headscale-cors
headscale-admin:
image: goodieshq/headscale-admin:0.25
container_name: headscale-admin
restart: unless-stopped
networks:
- proxy
labels:
traefik.enable: "true"
traefik.docker.network: "proxy"
# Headscale Admin Service Configuration
traefik.http.services.headscale-admin.loadbalancer.server.port: 80
traefik.http.services.headscale-admin.loadbalancer.server.scheme: http
traefik.http.routers.headscale-admin.rule: Host(`hs.bsd-unix.net`) && PathPrefix(`/admin`)
traefik.http.routers.headscale-admin.entrypoints: websecure
traefik.http.routers.headscale-admin.tls.certresolver: myresolver
networks:
proxy:
external: true
I also get this on the headscale compose container:
headscale | 2025/04/14 14:04:35 http: TLS handshake error from 172.20.0.2:52660: client sent an HTTP request to an HTTPS server
headscale | 2025/04/14 14:05:16 http: TLS handshake error from 172.20.0.2:52696: client sent an HTTP request to an HTTPS server
headscale | 2025/04/14 14:05:34 http: TLS handshake error from 172.20.0.2:46568: client sent an HTTP request to an HTTPS server```
Traefik config:
traefik:
image: traefik:3.3
container_name: traefik
restart: unless-stopped
command:
- --providers.docker
- --log.level=ERROR
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80/tcp
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --certificatesresolvers.myresolver.acme.dnschallenge=true
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare
- [email protected]
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
- --serverstransport.insecureskipverify=true
- --api.dashboard=true
- --api.insecure=true
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /config/le:/letsencrypt
networks:
- proxy
env_file:
- ./env/cloudflare.env
labels:
traefik.enable: "true"
traefik.docker.network: proxy
traefik.http.routers.traefik.tls.certresolver: myresolver
traefik.http.routers.traefik.rule: Host(`hs-traefik.bsd-unix.net`)
traefik.http.middlewares.hsts-header.headers.customResponseHeaders.Strict-Transport-Security: max-age=63072000
traefik.http.routers.traefik.middlewares: hsts-header
traefik.http.routers.traefik.service: api@internal
networks:
proxy:
external: true
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://play.google.com/log?format=json&hasfast=true&authuser=0. (Reason: CORS request did not succeed). Status code: (null).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://admin.bsd-unix.net/api/v1/apikey. (Reason: CORS request did not succeed). Status code: (null).2