Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request TLS certificate for Tailnet name #134

Closed
wants to merge 17 commits into from
Closed

Request TLS certificate for Tailnet name #134

wants to merge 17 commits into from

Conversation

lmagyar
Copy link
Contributor

@lmagyar lmagyar commented Jan 7, 2023
edited
Loading

Replaces PR #89

Fixes #62

PR #130, #131, #132 and #133 precedes this PR

Update: PR #137 I think is a better solution to the #62 issue, because #137 doesn't need any manual configuration and also provides a built-in proxy for the https traffic (we don't need to refresh the certificates, this is all done by tailscale automatically).

Proposed Changes

Request TLS certificate for Tailnet name

This is based on #89, but

  • the Configuration option is certificate_tailnet_name (not domain_alias), it is more logical, it is analog to the tailscale cert <machine-name>.<tailnet-name>.ts.net command
  • it creates the /ssl/tailscale directory before fetching the cert
  • uses --statedir=/data instead of --state=/data/tailscaled.state, see Tailscale.sh: use --statedir instead of --state tailscale/tailscale-qpkg#64
  • fetch certificate on start and only within 1 week before expiration
  • modified the daemon finish script to the usual script, I know new add-ons have better, it can be bumped later with other scripts

@lmagyar
Copy link
Contributor Author

lmagyar commented Jan 9, 2023

I've renamed the config option (again), from cert_domain to certificate_tailnet_name, because it was misleading, <cert-domain>=<machine-name>.<tailnet-name>.ts.net

@lmagyar lmagyar mentioned this pull request Jan 11, 2023
Closed
@lmagyar lmagyar mentioned this pull request Jan 18, 2023
Merged
@lmagyar
Copy link
Contributor Author

lmagyar commented Feb 6, 2023

I'm closing this PR in favor of #137, because that provides more functionality with no configuration.

@lmagyar lmagyar closed this Feb 6, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Feb 8, 2023
@lmagyar lmagyar deleted the fetch-cert branch March 27, 2023 10:38
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

HTTPS Support
2 participants
@lmagyar @ananthb