You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I deploy derp myself and don't want it to be used by other unauthorized clients, the traditional approach is to have derp access tailscaled to verify that the clientKey is in the list via derp's verify-clients parameter.
But I don't want to deploy tailscale on derp's nodes, and derp provides the verify-client-url parameter to determine if the clientKey is in the list via HTTP. I want Headscale to support this HTTP interface, so I can set derp's verify-client-url to the Headscale interface.
In Headscale, it could be to provide an HTTP interface that receives an authentication request, checks if the clientKey is in the list of nodes, and returns Allow.
The text was updated successfully, but these errors were encountered:
Use case
When I deploy derp myself and don't want it to be used by other unauthorized clients, the traditional approach is to have derp access tailscaled to verify that the clientKey is in the list via derp's
verify-clients
parameter.But I don't want to deploy tailscale on derp's nodes, and derp provides the
verify-client-url
parameter to determine if the clientKey is in the list via HTTP. I want Headscale to support this HTTP interface, so I can set derp'sverify-client-url
to the Headscale interface.Description
See https://github.com/tailscale/tailscale/blob/964282d34f06ecc06ce644769c66b0b31d118340/derp/derp_server.go#L1159.
Derp sent a POST request to
verifyClientsURL
with the following JSONThe expected return is
Contribution
How can it be implemented?
In Headscale, it could be to provide an HTTP interface that receives an authentication request, checks if the clientKey is in the list of nodes, and returns Allow.
The text was updated successfully, but these errors were encountered: