caddy-tailscale icon indicating copy to clipboard operation
caddy-tailscale copied to clipboard

Published 20 hours ago verified publisher icon tailscale

Support for auto_tls

Open werdnum opened this issue 2 years ago • 2 comments

I was wondering what it would take to get the automatic TLS integration working properly.

I don't know too much about Caddy, but in the absence of any other mechanism for cross-server shared state, I was thinking about stuffing the tailscale Server object in a global map under the tailscale package, keyed by tsnet.Server.CertDomains(), and then calling s.LocalClient.CertPair().

It isn't the prettiest design, but I'm welcome to other suggestions if you know of a better way to share state between the cert manager and the listener.

If you're OK with that design, I could probably whip something up over the next few days.

werdnum avatar Aug 17 '23 03:08 werdnum

Just to clarify, what isn't working properly?

mholt avatar Aug 17 '23 04:08 mholt

I'm referring to the shortcomings mentioned here: https://github.com/tailscale/caddy-tailscale#https-support (i.e., that the native TLS integration doesn't work and you need to use tailscale+tls instead (and set auto_tls off).

In particular, I'm hoping to have a single server run as a bidirectional HTTP proxy (serve a local service over tailscale+tls and also provide a gateway for that service to contact other services on the tailnet)

werdnum avatar Aug 17 '23 05:08 werdnum