From 5a2e6a6f7d101a33738b3cdd7ed25327925e00ae Mon Sep 17 00:00:00 2001 From: Will Norris Date: Fri, 8 Dec 2023 16:09:13 -0800 Subject: [PATCH] client/web: use Home Assistant's X-Ingress-Path header When running on Home Assistant, use the X-Ingress-Path header to set the URLPrefix that is passed to the frontend. Also fix handling of errNotUsingTailscale in the auth handler (previously it falling through to a later case and returning a 500). Instead, it's just a terminal state with no auth needed. Also disable SSH on Home Assistant, since it causes problems on startup and doesn't make much sense anyway for that platform. Updates #10261 Signed-off-by: Will Norris --- client/web/web.go | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/client/web/web.go b/client/web/web.go index e4c5c68b1..19ee8ea9a 100644 --- a/client/web/web.go +++ b/client/web/web.go @@ -26,6 +26,7 @@ import ( "tailscale.com/client/tailscale/apitype" "tailscale.com/clientupdate" "tailscale.com/envknob" + "tailscale.com/hostinfo" "tailscale.com/ipn" "tailscale.com/ipn/ipnstate" "tailscale.com/licenses" @@ -440,6 +441,9 @@ func (s *Server) serveAPIAuth(w http.ResponseWriter, r *http.Request) { } switch { + case sErr != nil && errors.Is(sErr, errNotUsingTailscale): + // Restricted to the readonly view, no auth action to take. + resp.AuthNeeded = "" case sErr != nil && errors.Is(sErr, errNotOwner): // Restricted to the readonly view, no auth action to take. s.lc.IncrementCounter(r.Context(), "web_client_viewing_not_owner", 1) @@ -640,6 +644,12 @@ func (s *Server) serveGetNodeData(w http.ResponseWriter, r *http.Request) { ACLAllowsAnyIncomingTraffic: s.aclsAllowAccess(filterRules), } + if hostinfo.GetEnvType() == hostinfo.HomeAssistantAddOn && data.URLPrefix == "" { + // X-Ingress-Path is the path prefix in use for Home Assistant + // https://developers.home-assistant.io/docs/add-ons/presentation#ingress + data.URLPrefix = r.Header.Get("X-Ingress-Path") + } + cv, err := s.lc.CheckUpdate(r.Context()) if err != nil { s.logf("could not check for updates: %v", err) @@ -711,13 +721,21 @@ func (s *Server) serveGetNodeData(w http.ResponseWriter, r *http.Request) { } func availableFeatures() map[string]bool { - return map[string]bool{ + features := map[string]bool{ "advertise-exit-node": true, // available on all platforms "advertise-routes": true, // available on all platforms "use-exit-node": distro.Get() != distro.Synology, // see https://github.com/tailscale/tailscale/issues/1995 "ssh": envknob.CanRunTailscaleSSH() == nil, "auto-update": version.IsUnstableBuild() && clientupdate.CanAutoUpdate(), } + if hostinfo.GetEnvType() == hostinfo.HomeAssistantAddOn { + // Setting SSH on Home Assistant causes trouble on startup + // (since the flag is not being passed to `tailscale up`). + // Although Tailscale SSH does work here, + // it's not terribly useful since it's running in a separate container. + features["ssh"] = false + } + return features } // aclsAllowAccess returns whether tailnet ACLs (as expressed in the provided filter rules)