Xeorg
/
grafanauth
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

use ExpandSNIName 

Signed-off-by: Xe <me@christine.website>
This commit is contained in:
Cadey Ratio 2022-03-17 16:03:12 -04:00
parent 63b1965114
commit 10d2333856
2 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
/grafanauth /grafanauth
/result /result
.direnv

22
grafanauth.go
View File

@ -1,6 +1,7 @@
package main package main
import ( import (
"context"
"crypto/tls" "crypto/tls"
"flag" "flag"
"fmt" "fmt"
@ -14,13 +15,13 @@ import (
) )
var ( var (
target = flag.String("target", "http://127.0.0.1:3000", "target HTTP server for Grafana") target = flag.String("target", "http://127.0.0.1:3000", "target HTTP server for Grafana")
httpsDomainName = flag.String("https-domain-name", "", "your Tailscale HTTPS domain name (tails-scales.ts.net)") hostname = flag.String("hostname", "grafana", "the hostname to use on the tailnet")
hostname = flag.String("hostname", "grafana", "the hostname to use on the tailnet")
) )
func main() { func main() {
flag.Parse() flag.Parse()
ctx := context.Background()
u, err := url.Parse(*target) u, err := url.Parse(*target)
if err != nil { if err != nil {
@ -36,6 +37,11 @@ func main() {
Logf: log.Printf, Logf: log.Printf,
} }
selfFQDN, ok := tailscale.ExpandSNIName(ctx, *hostname)
if !ok {
log.Fatal("could not get sni name")
}
l, err := srv.Listen("tcp", ":443") l, err := srv.Listen("tcp", ":443")
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
@ -43,8 +49,8 @@ func main() {
l = tls.NewListener(l, &tls.Config{ l = tls.NewListener(l, &tls.Config{
GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) { GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
if wantName := fmt.Sprintf("%s.%s", *hostname, *httpsDomainName); chi.ServerName != wantName { if chi.ServerName != selfFQDN {
return nil, fmt.Errorf("wanted hostname %s, got: %s", wantName, chi.ServerName) return nil, fmt.Errorf("wanted hostname %s, got: %s", selfFQDN, chi.ServerName)
} }
c, err := tailscale.GetCertificate(chi) c, err := tailscale.GetCertificate(chi)
@ -56,7 +62,7 @@ func main() {
}, },
}) })
log.Printf("listening on https://%s.%s", *hostname, *httpsDomainName) log.Printf("listening on https://%s", selfFQDN)
log.Fatal(http.Serve(l, hdlr)) log.Fatal(http.Serve(l, hdlr))
} }
@ -72,8 +78,8 @@ func (t tsAuthMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return return
} }
r.Header.Set("X-Webauth-User", userInfo.UserProfile.LoginName) r.Header.Set("X-WebAuth-User", userInfo.UserProfile.LoginName)
r.Header.Set("X-Webauth-Name", userInfo.UserProfile.DisplayName) r.Header.Set("X-WebAuth-Name", userInfo.UserProfile.DisplayName)
t.next.ServeHTTP(w, r) t.next.ServeHTTP(w, r)
} }