github tale/headplane v0.7.0-beta.4
on GitHub

pre-release4 hours ago

Beta Status

I'm happy to share that 0.7.0-beta.4 will be the last beta version before the public release of Headplane 0.7.0! The main goal of this release was to fix several bugs and rework core parts of the application to bring stability guarantees. Subsequent versions will be looking at adding new features and working towards a 1.0 release.

Headplane is also working towards meeting enterprise level guarantees for deployment:

  • First-class Kubernetes support and recommended deployment charts via Helm
  • Potential secured/CVE-reactive containers (via Chainguard)
  • Stability and versioning guarantees!

If you would like to see specific features implemented quicker in Headplane, I'm also now accepting feature-sponsored development. Donations show interest and incentivize me to prioritize features.

What's Changed

  • Headplane now requires Headscale 0.27.0 or newer. Support for 0.26.x has been dropped. If /version returns 404 (the endpoint was added in 0.27.0), Headplane logs an error and keeps retrying so an in-place Headscale upgrade is picked up without a restart.
  • Replaced the OpenAPI hash detection with /version. Capabilities are now derived from the version reported by /version instead of fingerprinting the OpenAPI schema. This dramatically simplifies version detection and works with every supported release out of the box.
  • Made Headscale boot resilient. Headplane now boots even when Headscale is unreachable; capabilities default permissively and a background retry settles them once Headscale responds. No more cold-start ordering problems with docker-compose.
  • Added optional in-process TLS termination. Setting server.tls_cert_path and server.tls_key_path makes Headplane serve HTTPS/1.1 on server.port directly — no reverse proxy required. server.cookie_secure is auto-forced to true (with a warning) whenever TLS is enabled, since browsers refuse Secure-less cookies over HTTPS. HTTP/2 and HTTP/3 are intentionally not supported in-process; terminate those at a reverse proxy if you need them (closes #403).
  • Made the bundled Docker healthcheck zero-config across HTTP and HTTPS. Headplane writes its loopback URL (scheme, port, and basename included) to /tmp/headplane-listen on startup, and hp_healthcheck reads that file and probes the URL verbatim. Enabling TLS or changing server.port no longer requires any healthcheck-specific configuration. Native installs are unaffected — the listen file is only written when HEADPLANE_LISTEN_FILE is set, which the Dockerfile does automatically.
  • Added Rename and Delete actions for unlinked Headscale users on the Users page so admins can manage Headscale users that have no Headplane account (closes #525).
  • Documented Custom Certificate Authorities for trusting private or self-signed CAs across every outbound TLS connection (OIDC, Headscale, Docker, etc.) via Node's NODE_EXTRA_CA_CERTS. This replaces the previous workaround of rebuilding the Docker image to extend the system trust store (closes #313).
  • Fixed user-management actions (link, change role, transfer ownership) using the wrong ID type for unlinked Headplane users. Form fields are now explicitly headplane_user_id vs. headscale_user_id, and the auth layer no longer round-trips through Headscale to recover the OIDC subject.
  • Fixed the "Register Machine Key" dialog passing the Headscale numeric user id instead of the username. Headscale's RegisterNodeRequest.user proto field is a string looked up via GetUserByName (no numeric fallback), so registration was failing whenever the selected owner's display name differed from their numeric id (closes #532).
  • Fixed pre-auth key expiration on Headscale 0.27.x. The pre-0.28 expire endpoint takes a uint64 user field which the API layer reads from key.user?.id, but the caller was wrapping the id as { name: user }, causing the request to send an empty user field. Headplane now correctly passes the numeric Headscale user id.
  • Fixed dialog panels growing beyond the viewport; dialog content is now constrained and scrollable (via #556).
  • Fixed focus rings on inputs and buttons inside dialogs being clipped by the scrollable content container.
  • Fixed tooltips on the last row of the machines table being clipped by the viewport; tooltips now anchor above the trigger with collision padding (closes #508).
  • Corrected the Docker healthcheck example in the docs to use the required CMD prefix so reverse proxies don't see the container as unhealthy (closes #535).

New Contributors

Full Changelog: v0.7.0-beta.3...v0.7.0-beta.4

Check out latest releases or
releases around tale/headplane v0.7.0-beta.4

Don't miss a new headplane release

NewReleases is sending notifications on new releases.

Get notifications