BREAKING
- Log level option
log_level
was moved to a distinctlog
config section and renamed tolevel
#768 - Removed Alpine Linux container image #962
Important Changes
- Added support for Tailscale TS2021 protocol #738
- Add experimental support for SSH ACL (see docs for limitations) #847
- Please note that this support should be considered partially implemented
- SSH ACLs status:
- Support
accept
andcheck
(SSH can be enabled and used for connecting and authentication) - Rejecting connections are not supported, meaning that if you enable SSH, then assume that all
ssh
connections will be allowed. - If you decied to try this feature, please carefully managed permissions by blocking port
22
with regular ACLs or do not set--ssh
on your clients. - We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
- Support
- This feature should be considered dangerous and it is disabled by default. Enable by setting
HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1
.
Changes
- Add ability to specify config location via env var
HEADSCALE_CONFIG
#674 - Target Go 1.19 for Headscale #778
- Target Tailscale v1.30.0 to build Headscale #780
- Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
- Fix subnet routers with Primary Routes #811
- Added support for JSON logs #653
- Sanitise the node key passed to registration url #823
- Add support for generating pre-auth keys with tags #767
- Add support for evaluating
autoApprovers
ACL entries when a machine is registered #763 - Add config flag to allow Headscale to start if OIDC provider is down #829
- Fix prefix length comparison bug in AutoApprovers route evaluation #862
- Random node DNS suffix only applied if names collide in namespace. #766
- Remove
ip_prefix
configuration option and warning #899 - Add
dns_config.override_local_dns
option #905 - Fix some DNS config issues #660
- Make it possible to disable TS2019 with build flag #928
- Fix OIDC registration issues #960 and #971
- Add support for specifying NextDNS DNS-over-HTTPS resolver #940
- Make more sslmode available for postgresql connection #927
Commits
- c28ca27 Add SSH ACL to changelog
- 52a323b Add SSH capability advertisement
- d4e3bf1 Add experimental flag to unit test
- c6d3174 Add feature flag for SSH, and warning
- cfaa36e Add method to expose container id
- e28d308 Add negative tests
- 36b8862 Add notes about current ssh status
- 91ed6e2 Allow WithEnv to be passed multiple times
- 8a79c2e Do not retry on permission denied in ssh
- 22da5bf Enable SSH for tests
- d207c30 Ensure we have ssh in container
- 3695284 Make simple initial test case
- d71aef3 Mark all tests with Parallel
- c02e105 Mark the flag properly experimental
- 519f22f SSH integration test setup
- fd6d25b SSH: Lint and typos
- f610be6 SSH: add test between namespaces
- f34e7c3 Strip newline from hostname
- eb072a1 mark some changes as more important