cmd/derper: show more information on home page

- Basic description of DERP

If configured to do so, also show

- Mailto link to security@tailscale.com
- Link to Tailscale Security Policies
- Link to Tailscale Acceptable Use Policy

Updates tailscale/corp#24092

Signed-off-by: Percy Wegmann <percy@tailscale.com>
fran/natc-raft
Percy Wegmann 1 month ago committed by Percy Wegmann
parent 065825e94c
commit 8dcbd988f7

@ -264,6 +264,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
hash/fnv from google.golang.org/protobuf/internal/detrand hash/fnv from google.golang.org/protobuf/internal/detrand
hash/maphash from go4.org/mem hash/maphash from go4.org/mem
html from net/http/pprof+ html from net/http/pprof+
html/template from tailscale.com/cmd/derper
io from bufio+ io from bufio+
io/fs from crypto/x509+ io/fs from crypto/x509+
io/ioutil from github.com/mitchellh/go-ps+ io/ioutil from github.com/mitchellh/go-ps+
@ -308,6 +309,8 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
sync/atomic from context+ sync/atomic from context+
syscall from crypto/rand+ syscall from crypto/rand+
text/tabwriter from runtime/pprof text/tabwriter from runtime/pprof
text/template from html/template
text/template/parse from html/template+
time from compress/gzip+ time from compress/gzip+
unicode from bytes+ unicode from bytes+
unicode/utf16 from crypto/x509+ unicode/utf16 from crypto/x509+

@ -19,6 +19,7 @@ import (
"expvar" "expvar"
"flag" "flag"
"fmt" "fmt"
"html/template"
"io" "io"
"log" "log"
"math" "math"
@ -212,25 +213,16 @@ func main() {
tsweb.AddBrowserHeaders(w) tsweb.AddBrowserHeaders(w)
w.Header().Set("Content-Type", "text/html; charset=utf-8") w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.WriteHeader(200) w.WriteHeader(200)
io.WriteString(w, `<html><body> err := homePageTemplate.Execute(w, templateData{
<h1>DERP</h1> ShowAbuseInfo: validProdHostname.MatchString(*hostname),
<p> Disabled: !*runDERP,
This is a <a href="https://tailscale.com/">Tailscale</a> DERP server. AllowDebug: tsweb.AllowDebugAccess(r),
</p> })
<p> if err != nil {
Documentation: if r.Context().Err() == nil {
</p> log.Printf("homePageTemplate.Execute: %v", err)
<ul>
<li><a href="https://tailscale.com/kb/1232/derp-servers">About DERP</a></li>
<li><a href="https://pkg.go.dev/tailscale.com/derp">Protocol & Go docs</a></li>
<li><a href="https://github.com/tailscale/tailscale/tree/main/cmd/derper#derp">How to run a DERP server</a></li>
</ul>
`)
if !*runDERP {
io.WriteString(w, `<p>Status: <b>disabled</b></p>`)
} }
if tsweb.AllowDebugAccess(r) { return
io.WriteString(w, "<p>Debug info at <a href='/debug/'>/debug/</a>.</p>\n")
} }
})) }))
mux.Handle("/robots.txt", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { mux.Handle("/robots.txt", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@ -468,3 +460,52 @@ func init() {
return 0 return 0
})) }))
} }
type templateData struct {
ShowAbuseInfo bool
Disabled bool
AllowDebug bool
}
// homePageTemplate renders the home page using [templateData].
var homePageTemplate = template.Must(template.New("home").Parse(`<html><body>
<h1>DERP</h1>
<p>
This is a <a href="https://tailscale.com/">Tailscale</a> DERP server.
</p>
<p>
It provides STUN, interactive connectivity establishment, and relaying of end-to-end encrypted traffic
for Tailscale clients.
</p>
{{if .ShowAbuseInfo }}
<p>
If you suspect abuse, please contact <a href="mailto:security@tailscale.com">security@tailscale.com</a>.
</p>
{{end}}
<p>
Documentation:
</p>
<ul>
{{if .ShowAbuseInfo }}
<li><a href="https://tailscale.com/security-policies">Tailscale Security Policies</a></li>
<li><a href="https://tailscale.com/tailscale-aup">Tailscale Acceptable Use Policies</a></li>
{{end}}
<li><a href="https://tailscale.com/kb/1232/derp-servers">About DERP</a></li>
<li><a href="https://pkg.go.dev/tailscale.com/derp">Protocol & Go docs</a></li>
<li><a href="https://github.com/tailscale/tailscale/tree/main/cmd/derper#derp">How to run a DERP server</a></li>
</ul>
{{if .Disabled}}
<p>Status: <b>disabled</b></p>
{{end}}
{{if .AllowDebug}}
<p>Debug info at <a href='/debug/'>/debug/</a>.</p>
{{end}}
</body>
</html>
`))

@ -4,7 +4,9 @@
package main package main
import ( import (
"bytes"
"context" "context"
"fmt"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"strings" "strings"
@ -110,3 +112,30 @@ func TestDeps(t *testing.T) {
}, },
}.Check(t) }.Check(t)
} }
func TestTemplate(t *testing.T) {
buf := &bytes.Buffer{}
err := homePageTemplate.Execute(buf, templateData{
ShowAbuseInfo: true,
Disabled: true,
AllowDebug: true,
})
if err != nil {
t.Fatal(err)
}
str := buf.String()
if !strings.Contains(str, "If you suspect abuse") {
t.Error("Output is missing abuse mailto")
}
if !strings.Contains(str, "Tailscale Security Policies") {
t.Error("Output is missing Tailscale Security Policies link")
}
if !strings.Contains(str, "Status:") {
t.Error("Output is missing disabled status")
}
if !strings.Contains(str, "Debug info") {
t.Error("Output is missing debug info")
}
fmt.Println(buf.String())
}

Loading…
Cancel
Save