Add SSL support #29
Comments
|
Https certs don't work with bare hostnames. |
|
Could you say more about what you mean by "Some browsers really don't like plain text http" ? As in, they just show a "Not secure" warning or are you experiencing other behavior with some browser? As Brad noted, https won't work with bare hostnames and enabling simple http://go/ style links is a key goal of the project. |
|
Sorry for the low quality of the request, and thanks for the comments. I believe the opensearch xml is not being retrieved by Safari, because it is not on localhost or on https. I am still trying to figure out how to debug the opensearch requests made by the browser (the network inspector only shows requests made by/for loading the page, not by the browser to resolve the opensearch. In the end I was hoping to have http://go/link and https://go.foo-bar.ts.net/link both work, and then have the ability to use opensearch with a keyword as well I will keep trying to find a way to debug opensearch and to see if it could work on http. |
|
In case this helps anyone else using Firefox, I found if you open reference: https://support.mozilla.org/en-US/questions/1285922 |
|
We could have http://go (when given bare, with no /link) return 301 Moved Permanently to https://go.foo-bar.ts.net, which will teach the browser the canonical name. Thus MagicDNS and HTTP become bootstrap mechanisms for good ol' HTTPS. |
|
If we 301 permanent redirect http://go/ to https://go.tailnet1.ts.net/, what happens when I switch my client to a different tailnet? Then I want http://go/ to resolve to the "go" host on tailnet2, but my browser has now cached that it should always be tailnet1, hasn't it? |
golink: listen on HTTPS and redirect HTTP traffic Updates #9 Fixes #29 On tailnets with HTTPS enabled golink will serve the primary endpoints via HTTPS. With HTTPS enabled golink will respond to HTTP traffic with a separate redirectHandler which redirects requests to their HTTPS equivalent. Update documented examples of `curl` to include the `-L` flog to follow these redirects if present. Add a HTTPS section to the README documenting all of the above. Signed-off-by: Patrick O'Doherty <[email protected]>
|
hey @mullender 👋🏻 thank you for the initial report. PR #99 ships support for HTTPS by default on tailnets where it is enabled 😄 |
It would be nice if golink could serve over https. Some browsers really don't like plain text http.
Tailscale supports this for serving: https://github.com/tailscale/tailscale/blob/main/client/tailscale/example/servetls/servetls.go
But I could not find the equivalent in tsnet. The only reference I found to SSL was here: https://github.com/tailscale/tailscale/blob/main/tsnet/tsnet.go#L377
The text was updated successfully, but these errors were encountered: