Commit Graph

6 Commits (8c2cb4b43115072a1fdaaa5c4e5707c8305c9bb5)

Author SHA1 Message Date
Brad Fitzpatrick d19a63ddf6 ipn/localapi: treat ACME "invalid" state as terminal, log more
Fixes #3975

Change-Id: Idb2cc8d4730e140939898c7dcc15c2014acca142
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
3 years ago
Brad Fitzpatrick ca774c3249 ipn/ipnserver: add TS_PERMIT_CERT_UID envknob to give webservers cert access
So you can run Caddy etc as a non-root user and let it have access to
get certs.

Updates caddyserver/caddy#4541

Change-Id: Iecc5922274530e2b00ba107d4b536580f374109b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
3 years ago
Brad Fitzpatrick 41fd4eab5c envknob: add new package for all the strconv.ParseBool(os.Getenv(..))
A new package can also later record/report which knobs are checked and
set. It also makes the code cleaner & easier to grep for env knobs.

Change-Id: Id8a123ab7539f1fadbd27e0cbeac79c2e4f09751
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
3 years ago
Brad Fitzpatrick 3b3994f0db ipn{,/localapi,ipnlocal}: infer cert dir from state file location
This fixes "tailscale cert" on Synology where the var directory is
typically like /volume2/@appdata/Tailscale, or any other tailscaled
user who specifies a non-standard state file location.

This is a interim fix on the way to #2932.

Fixes #2927
Updates #2932

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
3 years ago
Brad Fitzpatrick 56db3e2548 ipn/localapi: refresh ACME certs in background two weeks in advance
Updates #1235

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
3 years ago
Brad Fitzpatrick 57b794c338 ipn/localapi: move cert fetching code to localapi, cache, add cert subcommand
Updates #1235

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
3 years ago