mirror of
https://github.com/juanfont/headscale.git
synced 2024-12-26 09:01:59 +08:00
3
nginx configuration
Juan Font edited this page 2021-07-30 18:45:54 +02:00
The original Tailscale protocol relies on HTTP Long-Polling¹ for communication with the control server. Long story short, the client opens a HTTP 1.1 connection to the server and maintains it open, to receive keep-alives + updates in the tailnet/namespace.
nginx must be aware of this situation if you want to use it as a reverse proxy in front of Headscale. Otherwise it will keep closing the connections from the clients, or even worse - not closing them when it must.
Please find below a reference configuration for a standard proxy_pass
config:
server {
server_name foobar.example.com;
client_body_timeout 5m;
client_header_timeout 5m;
access_log /var/log/nginx/foobar.example.com.access.log;
error_log /var/log/nginx/foobar.example.com.error.log info;
# reverse proxy
location / {
proxy_pass http://127.0.0.1:8080; # headscale listen_addr
proxy_read_timeout 6m;
proxy_ignore_client_abort off;
proxy_request_buffering off;
proxy_buffering off;
proxy_no_cache "always";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
listen 443 ssl; # managed by Certbot
# extra stuff...
}
¹: https://en.wikipedia.org/wiki/Push_technology#Long_polling