Xeorg
/
grafanauth
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

use ExpandSNIName 

Signed-off-by: Xe <me@christine.website>
This commit is contained in:
Cadey Ratio 2022-03-17 16:03:12 -04:00
parent 63b1965114
commit 10d2333856
2 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
/grafanauth
/result
.direnv

22
grafanauth.go
View File

@ -1,6 +1,7 @@
package main
import (
"context"
"crypto/tls"
"flag"
"fmt"
@ -14,13 +15,13 @@ import (
)
var (
target = flag.String("target", "http://127.0.0.1:3000", "target HTTP server for Grafana")
httpsDomainName = flag.String("https-domain-name", "", "your Tailscale HTTPS domain name (tails-scales.ts.net)")
hostname = flag.String("hostname", "grafana", "the hostname to use on the tailnet")
target = flag.String("target", "http://127.0.0.1:3000", "target HTTP server for Grafana")
hostname = flag.String("hostname", "grafana", "the hostname to use on the tailnet")
)
func main() {
flag.Parse()
ctx := context.Background()
u, err := url.Parse(*target)
if err != nil {
@ -36,6 +37,11 @@ func main() {
Logf: log.Printf,
}
selfFQDN, ok := tailscale.ExpandSNIName(ctx, *hostname)
if !ok {
log.Fatal("could not get sni name")
}
l, err := srv.Listen("tcp", ":443")
if err != nil {
log.Fatal(err)
@ -43,8 +49,8 @@ func main() {
l = tls.NewListener(l, &tls.Config{
GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
if wantName := fmt.Sprintf("%s.%s", *hostname, *httpsDomainName); chi.ServerName != wantName {
return nil, fmt.Errorf("wanted hostname %s, got: %s", wantName, chi.ServerName)
if chi.ServerName != selfFQDN {
return nil, fmt.Errorf("wanted hostname %s, got: %s", selfFQDN, chi.ServerName)
}
c, err := tailscale.GetCertificate(chi)
@ -56,7 +62,7 @@ func main() {
},
})
log.Printf("listening on https://%s.%s", *hostname, *httpsDomainName)
log.Printf("listening on https://%s", selfFQDN)
log.Fatal(http.Serve(l, hdlr))
}
@ -72,8 +78,8 @@ func (t tsAuthMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
r.Header.Set("X-Webauth-User", userInfo.UserProfile.LoginName)
r.Header.Set("X-Webauth-Name", userInfo.UserProfile.DisplayName)
r.Header.Set("X-WebAuth-User", userInfo.UserProfile.LoginName)
r.Header.Set("X-WebAuth-Name", userInfo.UserProfile.DisplayName)
t.next.ServeHTTP(w, r)
}