gurucomputing / headscale-ui Goto Github PK
View Code? Open in Web Editor NEWA web frontend for the headscale Tailscale-compatible coordination server
License: BSD 3-Clause "New" or "Revised" License
A web frontend for the headscale Tailscale-compatible coordination server
License: BSD 3-Clause "New" or "Revised" License
Need to develop a test mode that lets me fake a headscale server, so I can put in dummy data and test different use cases in the API.
So I have setup a working headscale server to play with and generated a working api key that is 48 chars in length yet when trying to add it to the settings page on the web-ui is complains that I need a 54 char api key? The key length that my headscale is generating is only 48 chars long. Not sure what I may be missing.
** Supporting Details **
Provide the following:
control+shift+i
in chrome to see)Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'length')
at Object.p (_page.svelte-8213986a.js:1:15519)
at Ot (index-4a5d41f3.js:4:1456)
at ft (index-4a5d41f3.js:4:1142)
Describe the bug
If I try to open a Device with the dropdown button or just pressing on the row, I get a console error and the UI stops working. Only a refresh can make the UI working again.
In the most common configuration, the site sits on the same domain as headscale. In this configuration the site is optional, as the way the urls get encoded allow for relative paths.
Let's allow for adding an API key without needing a site URL as it's not necessary some of the time.
As headscale's admin console, I recommend that you add authentication before entering the console page, as this will make the service insecure if it is exposed to the public.
Hi,
Great work so far,
would it be possible to create a docker container for ARM ?
kind regards
Development Image isn't on an auto update cycle (doesn't really need to be), but needs the occasional manual update.
Create the capability to warn when an API key is about to expire. Create a button in the server settings to roll over an API key automatically. Create a toggle to show or hide the api key.
** Supporting Details **
Provide the following:
control+shift+i
in chrome to see)Describe the bug
The right-up side arrow does not work. It cannot be closed.
When i try to update a device name, I got this 501 error:
{"code":12, "message":"Method Not Allowed", "details":[]}
** Supporting Details **
Provide the following:
control+shift+i
in chrome to see)Describe the bug
A clear and concise description of what the bug is. Screenshots if applicable
version: '3.5'
services:
headscale:
image: headscale/headscale:0.16.4-alpine
container_name: headscale1
volumes:
- /data/headscale1/config:/etc/headscale
- /data/headscale1/data:/var/lib/headscale
ports:
- 27896:8080
command: headscale serve
restart: unless-stopped
headscale-ui:
image: ghcr.io/gurucomputing/headscale-ui:latest
restart: unless-stopped
container_name: headscale-ui
ports:
- 9443:443
headscale-ui container have error and the web ui can not access
root@ubuntu-vm:/data/scripts# docker logs -f headscale-ui
-- Fresh Install detected, setting up your dev environment --
-- Installing Source --
Cloning into 'headscale-ui'...
fatal: unable to access 'https://github.com/gurucomputing/headscale-ui/': GnuTLS recv error (-110): The TLS connection was non-properly terminated.
/staging/scripts/2-initialise.sh: 42: cd: can't cd to headscale-ui
npm ERR! code ENOENT
npm ERR! syscall open
npm ERR! path /data/package.json
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, open '/data/package.json'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
npm ERR! A complete log of this run can be found in:
npm ERR! /data/home/.npm/_logs/2022-08-27T05_21_24_122Z-debug-0.log
Server bound to 0.0.0.0:3000 (IPv4)
Extension host agent listening on 3000
Ignoring option 'connection-token': Value must not be empty.
Web UI available at http://localhost:3000/?tkn=27eb12f2-4fda-4c77-b3fe-df5cc75322af
[05:21:24] Extension host agent started.
notes: my network not really good for accesss github,
So apparently there's a way to use caddy with headscale as certificate manager so certificates can automatically be issued for service.
I do think this would interfere with the headscale-ui caddy configuration as if I'm understanding it correctly, to use this feature, headscale would need to be enabled to issue let's encrypt certificates or it won't work.
I might be mistaken but I do think this would require an alternative deployment/configuration of headscale-ui to make this work?
Days are hours x 24, not hours x 60. Math is hard. May as well fix the plural punctuation for hours/days while I'm at it.
Update the documentation to reflect what headscale-ui gets tested against:
If the main container is long enough, it will outpace the sidebar. The sidebar should float.
No easy way to determine what version of headscale-ui is running.
Hi there.
I am using the container on k8s with security policies enabled. In order to run it I have to shut of some of the basic kubernetes security enforcements. think the container requires higher privileges then it actually needs due to the fact that it starts caddy on 443. If the port was above 1024 lets say 8443 or something like it, it could start without requiring root to do so.
Or should I maybe just overwrite the caddyfile? That would probably be a good alternative since it's behind an ingress anyway. I haven't tried it yet.
Any suggestions on how to run the container without requiring root privileges?
Thank you!
A working traefik configuration may look like the following and you may add to your documentation:
headscale:
image: headscale/headscale:latest
container_name: headscale
restart: unless-stopped
networks:
- traefik_proxy
command: headscale serve
volumes:
- $DOCKERDIR/headscale/config:/etc/headscale
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.headscale-rtr.entrypoints=https"
- "traefik.http.routers.headscale-rtr.rule=Host(`hs.${DOMAIN_PUBLIC}`)"
## Middlewares
- "traefik.http.routers.headscale-rtr.middlewares=chain-no-auth@file"
## HTTP Services
- "traefik.http.routers.headscale-rtr.service=headscale-svc"
- "traefik.http.services.headscale-svc.loadbalancer.server.port=8080"
headscale-ui:
image: ghcr.io/gurucomputing/headscale-ui:latest
container_name: headscale-ui
restart: unless-stopped
networks:
- traefik_proxy
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.headscale_ui-rtr.entrypoints=https"
- "traefik.http.routers.headscale_ui-rtr.rule=Host(`hs.${DOMAIN_PUBLIC}`) && PathPrefix(`/web`)"
## Middlewares
- "traefik.http.routers.headscale_ui-rtr.middlewares=chain-no-auth@file"
## HTTP Services
- "traefik.http.routers.headscale_ui-rtr.service=headscale_ui-svc"
- "traefik.http.services.headscale_ui-svc.loadbalancer.server.port=443"
- "traefik.http.services.headscale_ui-svc.loadbalancer.server.scheme=https"
- "traefik.http.services.headscale_ui-svc.loadbalancer.serversTransport=disableSSLCheck@file"
And an additional config file whatevername.yml
:
http:
serversTransports:
disableSSLCheck:
insecureSkipVerify: true
Since we are using a reverse proxy anyways, is the internal HTTPS with a self-signed certificate really necessary? I really dislike having to add an additional insecureSkipVerify
configuration to either Caddy or traefik. I see that the service really is served via 127.0.0.1:2019
- why not expose that port to 0.0.0.0
? What's the benefit of having Caddy inside the container?
I would happily forward the reverse proxy to <container>:2019
without having to deal with the self-signed certificate.
Need to include 0
within the scope of allowable characters to update a name with.
Hello there!
Here my config:
version: '3.5'
services:
headscale:
image: headscale/headscale:latest-alpine
container_name: headscale
volumes:
- type: bind
source: /home/vamp/headscale/container-config
target: /etc/headscale
- type: bind
source: /home/vamp/headscale/container-data/data
target: /var/lib/headscale
ports:
- 16666:8080
command: headscale serve
restart: unless-stopped
headscale-ui:
image: ghcr.io/gurucomputing/headscale-ui:latest
restart: unless-stopped
container_name: headscale-ui
ports:
- 16667:80
I use OPNSense firewall with HAProxy.
Here the settings:
Set two backend, one of assign to my docker host port 16666, the other to the 16667. I create one Frontend (TLS certificated) on my firewall port 443. Create conditions and rules, that this domain names redirect to the correct backend:
it work well, i access both site. The problem is the CORS ... i never set it up with HAproxy and not found any documentation that fit to HAProxy plugin with OPNSense (only "vanilla" HAproxy)
So anybody successfully set it up above similar configuration on OPNSense?
Question 1:
The ip of the docker network name cannot be obtained, and the format is incorrect.
The network inside the virtual machine is actually accessible by direct name
PING headscale (172.30.0.2): 56 data bytes
64 bytes from 172.30.0.2: seq=0 ttl=42 time=0.081 ms
64 bytes from 172.30.0.2: seq=1 ttl=42 time=0.058 ms
PING headscale-ui (172.30.0.3): 56 data bytes
64 bytes from 172.30.0.3: seq=0 ttl=42 time=0.033 ms
64 bytes from 172.30.0.3: seq=1 ttl=42 time=0.037 ms
Can you consider supporting formats like http://headscale:8080?
Question 2:
http://172.30.0.2:8080 and the apikey is filled in, the verification cannot be passed
Request supports local authentication and http authentication
Question 3:
Can headscale-ui support output on port 80?
My signature is hung on nginx and then proxied back, and I don't need headscale-ui to have its own signature.
Many thanks.
Minor issue: if Headscale URL
is filled to include a trailing /
, this causes the requests to Headscale to be of the form https://server//api/...
which returns 404s.
Options:
/web/
and heascale's API is at /
, this could be auto-configured;/
s are probably unnecessary, or/
should be trimmed automaticallyThanks!
Overwriting packages with the same tag name is bad, let's not let that happen.
Starting the task of making up a GUI for the ACL in anticipation of the API getting updated.
Starting work needed:
Research needed:
Could you add a login page in front the /web page? And maybe add 2FA or OAuth Support? I was experimenting with this on a cloud VPS, and I was thinking about how to protect it since I'm hosting Headscale and the UI remotely
When trying to add the server it says 'Please match the requested format' my domain is https://headscale.domain.network
. Is .network
not considered a TLD in the code?
documentation/Docker.md is an empty file.
Initial testing only dealt with singular routes, leading to undesirable situations
Would like to split out apiFunctions, searching, and sorting into their respective lib folders (devices, users, groups).
Alert and Nav can go into a layout specific lib folder
Stores and classes can stay in common as they are relatively global scope
I've been running a small lab environment for testing, but it's not good for testing at scale. Want to set up a 20-30 container test bench for some real testing, and maybe pick up any scaling issues.
The API functions are getting a bit unwieldy, doing a lot more than just API calls. Need to separate out the functions.
The default page is called index.html
, when really it's the group of user components. Will set up an auto redirect from the base page and rename to users to keep consistency in the code base.
** Supporting Details **
Provide the following:
control+shift+i
in chrome to see)Describe the bug
A clear and concise description of what the bug is. Screenshots if applicable
This happend when a tailscale client changes its advertise-routes using 'tailscale up --advertise-routes xxx --rest'.
The web browser can correctly shows device routes but cannot enable nor disable one of the device routes.
Seems like the list of device routes in headscale-ui server were not update after we changed 'advertise-routes' settings. And reboot the headscale-ui docker server can fix this problem.
There's been a couple requests now for port options and http vs https options when using the docker container. While I'd like to enforce HTTPS by default, it's understandable that people want alternatives.
Will rework the docker container to allow multiple ports and optionally provide HTTP.
Running headscale-ui 2022.08.13-beta, when navigating to the device view, I'm greeted with a broken page and this error in the console:
devices.html.svelte-b457f55c.js:1 Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'length')
at ul (devices.html.svelte-b457f55c.js:1:20977)
at Ee (index-e1cee4d8.js:4:5046)
at new dl (devices.html.svelte-b457f55c.js:1:22367)
at Al (devices.html.svelte-b457f55c.js:1:39173)
at Ee (index-e1cee4d8.js:4:5046)
at new Il (devices.html.svelte-b457f55c.js:1:41561)
at Ct (devices.html.svelte-b457f55c.js:1:49316)
at At (devices.html.svelte-b457f55c.js:1:49600)
at St (devices.html.svelte-b457f55c.js:1:47088)
at Object.p (devices.html.svelte-b457f55c.js:1:46456)
Other views (including user view) work fine. There are devices in my tailnet, so this is probably not a case of the list of devices being empty.
Thanks!
Searching for all the things, plus the ability to optionally narrow the search scope.
Sorting all the things
Trying to stand this up and am not able to connect ui to headscale. Receiving the following in log out
headscale | 2022-08-03T14:06:35Z ERR go/src/headscale/app.go:348 > missing "Bearer " prefix in "Authorization" header client_address=172.27.0.1:34438
Maybe this has to do with my nginx proxy settings, but am not sure.
Not sure how to process, any ideas?
I suspect some of the weirder issues I'm encountering with svelte are due to the github actions build channel not following LTS, will shift to LTS channel and provide any further fixes to stop warnings cropping up during build stage.
A visual indicator should show when a device was last seen, with "green" within a day, "yellow" within a week, and "gray" older than that. A textual indicator of the last time should show on hover over.
Looks like the version gets injected in the github actions, but now the build is done within the dockerfile. Need to move the injection to the dockerfile.
Hi.
It's wrong but...
Create please for settings.html
<input name="url" />
<input name="key" />
https://url.com/web/settings.html?url=https://url.com&key=00000000000000000000000000000000000
This open settings.html with data of API key on new web browser
Thx
No new feature release, but ~2 months have gone by without updates so it's worth updating dependencies.
I presume headscale-ui could be run via nginx, so any possibility of a config example?
Sorting ascending in last seen involves the oldest device shown first, in contrast to the other sort options.
Selection menus are nice but are unwieldy when growing beyond a certain size. It'd also be nice to be able to create groupings within selections.
Adding svelecte will do that.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.