You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Go to file

KevinLiang10 e7238efafa cmd/tailscale/cli: Add service flag to serve command (#16191 ) * cmd/tailscale/cli: Add service flag to serve command This commit adds the service flag to serve command which allows serving a service and add the service to the advertisedServices field in prefs (What advertise command does that will be removed later). When adding proxies, TCP proxies and WEB proxies work the same way as normal serve, just under a different DNSname. There is a services specific L3 serving mode called Tun, can be set via --tun flag. Serving a service is always in --bg mode. If --bg is explicitly set t o false, an error message will be sent out. The restriction on proxy target being localhost or 127.0.0.1 also applies to services. When removing proxies, TCP proxies can be removed with type and port flag and off argument. Web proxies can be removed with type, port, setPath flag and off argument. To align with normal serve, when setPath is not set, all handler under the hostport will be removed. When flags are not set but off argument was passed by user, it will be a noop. Removing all config for a service will be available later with a new subcommand clear. Updates tailscale/corp#22954 Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: fix ai comments and fix a test Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: Add a test for addServiceToPrefs Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: fix comment Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * add dnsName in error message Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * change the cli input flag variable type Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * replace FindServiceConfig with map lookup Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * some code simplification and add asServiceName This commit cotains code simplification for IsServingHTTPS, SetWebHandler, SetTCPForwarding Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * replace IsServiceName with tailcfg.AsServiceName Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * replace all assemble of host name for service with strings.Join Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: adjust parameter order and update output message This commit updates the parameter order for IsTCPForwardingOnPort and SetWebHandler. Also updated the message msgServiceIPNotAssigned to msgServiceWaitingApproval to adapt to latest terminologies around services. Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: flip bool condition This commit fixes a previous bug added that throws error when serve funnel without service. It should've been the opposite, which throws error when serve funnel with service. Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: change parameter of IsTCPForwardingOnPort This commit changes the dnsName string parameter for IsTCPForwardingOnPort to svcName tailcfg.ServiceName. This change is made to reduce ambiguity when a single service might have different dnsNames Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * ipn/ipnlocal: replace the key to webHandler for services This commit changes the way we get the webhandler for vipServices. It used to use the host name from request to find the webHandler, now everything targeting the vipService IP have the same set of handlers. This commit also stores service:port instead of FQDN:port as the key in serviceConfig for Web map. Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: Updated use of service name. This commit removes serviceName.IsEmpty and use direct comparison to instead. In legacy code, when an empty service name needs to be passed, a new constant noService is passed. Removed redundant code for checking service name validity and string method for serviceNameFlag. Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: Update bgBoolFlag This commit update field name, set and string method of bgBoolFlag to make code cleaner. Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: remove isDefaultService output from srvTypeAndPortFromFlags This commit removes the isDefaultService out put as it's no longer needed. Also deleted redundant code. Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: remove unnessesary variable declare in messageForPort Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * replace bool output for AsServiceName with err Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: Replace DNSName with NoService if DNSname only used to identify service This commit moves noService constant to tailcfg, updates AsServiceName to return tailcfg.NoService if the input is not a valid service name. This commit also removes using the local DNSName as scvName parameter. When a function is only using DNSName to identify if it's working with a service, the input in replaced with svcName and expect caller to pass tailcfg.NoService if it's a local serve. This commit also replaces some use of Sprintf with net.JoinHostPort for ipn.HostPort creation. Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: Remove the returned error for AsServiceName Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * apply suggested code and comment Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * replace local dnsName in test with tailcfg.NoService Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * cmd/tailscale/cli: move noService back and use else where The constant serves the purpose of provide readability for passing as a function parameter. It's more meaningful comparing to a . It can just be an empty string in other places. Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> * ipn: Make WebHandlerExists and RemoveTCPForwarding accept svcName This commit replaces two functions' string input with svcName input since they only use the dnsName to identify service. Also did some minor cleanups Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com> --------- Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com>		6 months ago
.bencher	bencher: add config to suppress failures on benchmark regressions.	4 years ago
.github	.github: Bump github/codeql-action from 3.29.1 to 3.29.2 (#16480 )	6 months ago
appc	appc: fix a deadlock in route advertisements (#15031 )	11 months ago
atomicfile	ipn/store: automatically migrate between plaintext and encrypted state (#16318 )	7 months ago
chirp	scripts/check_license_headers.sh: delete, rewrite as a Go test	7 months ago
client	client/systray: replace counter metric with gauge	7 months ago
clientupdate	clientupdate: fix MSI exit code handling, preserve MSI and updater logs on Windows	9 months ago
cmd	cmd/tailscale/cli: Add service flag to serve command (#16191 )	6 months ago
control	tstest/tlstest: simplify, don't even bake in any keys	7 months ago
derp	derp/derphttp: fix DERP TLS client server name inclusion in URL form	6 months ago
disco	disco,net/udprelay,wgengine/magicsock: support relay re-binding (#16388 )	7 months ago
docs	docs/windows/policy: add ExitNode.AllowOverride as an option to ExitNodeID policy	6 months ago
doctor	all: remove non-applicable "linux" deps on Android	8 months ago
drive	drive,ipn/ipnlocal: calculate peer taildrive URLs on-demand	6 months ago
envknob	envknob/featureknob: restore SSH and exit-node capability for Home Assistant (#16263 )	7 months ago
feature	feature/relayserver,wgengine/magicsock: remove WIP gating of peer relay (#16533 )	6 months ago
gokrazy	gokrazy/natlab: update gokrazy, wire up natlab tests to GitHub CI	10 months ago
health	tailcfg: send health update if DisplayMessage URL changes	6 months ago
hostinfo	hostinfo, ipnlocal: add optional os-specific callback for querying the hostname (#15647 )	9 months ago
internal	cmd/k8s-operator,internal/client/tailscale: use VIPService annotations for ownership tracking (#15356 )	10 months ago
ipn	cmd/tailscale/cli: Add service flag to serve command (#16191 )	6 months ago
jsondb	all: update copyright and license headers	3 years ago
k8s-operator	k8s-operator,sessionrecording: fixing race condition between resize (#16454 )	6 months ago
kube	cmd/{k8s-operator,k8s-proxy},kube/k8s-proxy: add static endpoints for kube-apiserver type ProxyGroups (#16523 )	6 months ago
licenses	licenses: update license notices	9 months ago
log	log/sockstatlog: don't block for more than 5s on shutdown	2 years ago
logpolicy	all: detect JetKVM and specialize a handful of things for it	6 months ago
logtail	logtail: remove unneeded IP redaction code	8 months ago
maths	maths: add exponentially weighted moving average type	11 months ago
metrics	metrics,syncs: add ShardedInt support to metrics.LabelMap	1 year ago
net	net/udprelay: log socket read errors (#16573 )	6 months ago
omit	cmd/tailscaled, ipn/conffile: support ec2 user-data config file	2 years ago
packages/deb	go.mod: upgrade nfpm to v2 (#8786 )	2 years ago
paths	all: detect JetKVM and specialize a handful of things for it	6 months ago
portlist	portlist: add Plan 9 support	9 months ago
posture	posture: propagate serial number from MDM on Android	7 months ago
prober	prober: speed up TestCRL ~450x by baking in some test keys	7 months ago
proxymap	ipnlocal,proxymap,wgengine/netstack: add optional WhoIs/proxymap debug	1 year ago
release	release/dist/qnap: upgrade to Ubuntu 24.04 Docker image	7 months ago
safesocket	all: remove non-applicable "linux" deps on Android	8 months ago
safeweb	safeweb: Set Cross-Origin-Opener-Policy for browser requests (#15936 )	8 months ago
scripts	scripts/check_license_headers.sh: delete, rewrite as a Go test	7 months ago
sessionrecording	k8s-operator,sessionrecording: fixing race condition between resize (#16454 )	6 months ago
smallzstd	all: use Go 1.22 range-over-int	2 years ago
ssh/tailssh	ssh/tailssh: fix path of "true" on Darwin (#16569 )	6 months ago
syncs	syncs: fix AtomicValue.CompareAndSwap (#16137 )	8 months ago
tailcfg	cmd/tailscale/cli: Add service flag to serve command (#16191 )	6 months ago
tempfork	tempfork/acme: update to latest version (#15543 )	9 months ago
tka	tka: reject removal of the last signing key	7 months ago
tool	tool/gocross: remove GOROOT to ensure correct toolchain use	7 months ago
tsconsensus	tsconsensus: skipping slow non-applicable tests on Windows for now	7 months ago
tsconst	cmd/tailscale/cli: support passing network lock keys via files	1 year ago
tsd	all: update the tsd.System constructor name (#15372 )	9 months ago
tsnet	cmd/tailscale/cli: add a risk message about rp_filter	7 months ago
tstest	ipn/store: automatically migrate between plaintext and encrypted state (#16318 )	7 months ago
tstime	tstime: add GoDuration which JSON serializes with time.Duration.String (#15726 )	9 months ago
tsweb	scripts/check_license_headers.sh: delete, rewrite as a Go test	7 months ago
types	types/lazy: add lazy.GMap: a map of lazily computed GValues (#16532 )	6 months ago
util	util/jsonutil: remove unused package (#16563 )	6 months ago
version	cmd/tailscale/cli: add "configure jetkvm" subcommand	6 months ago
wf	wf/firewall: allow link-local multicast for permitted local routes when the killswitch is on on Windows	1 year ago
wgengine	wgengine/magicsock: add peer relay metrics (#16582 )	6 months ago
words	words: C what I did there?	9 months ago
.gitattributes	.: add .gitattributes entry to use Go hunk-header driver	4 years ago
.gitignore	cmd/k8s-operator: Add NOTES.txt to Helm chart (#16364 )	7 months ago
.golangci.yml	.github: Bump golangci/golangci-lint-action from 6.5.0 to 7.0.0 (#15476 )	9 months ago
ALPINE.txt	Bump Alpine, link iptables back to legacy (#15428 )	10 months ago
AUTHORS	Move Linux client & common packages into a public repo.	6 years ago
CODEOWNERS	CODEOWNERS: add the start of an owners file	2 years ago
CODE_OF_CONDUCT.md	Add a code of conduct.	6 years ago
Dockerfile	Dockerfile,build_docker.sh: add a note on how to build local images (#16471 )	6 months ago
Dockerfile.base	Bump Alpine, link iptables back to legacy (#15428 )	10 months ago
LICENSE	all: update tools that manage copyright headers	3 years ago
Makefile	ssh/tailssh: fix path of "true" on Darwin (#16569 )	6 months ago
PATENTS	Move Linux client & common packages into a public repo.	6 years ago
README.md	commit-messages.md: make our git commit message style guide public	9 months ago
SECURITY.md	Add a SECURITY.md for vulnerability reports.	6 years ago
VERSION.txt	VERSION.txt: this is v1.85.0 (#16042 )	8 months ago
api.md	{api.md,publicapi}: remove old API docs (#13468 )	1 year ago
assert_ts_toolchain_match.go	tailscaleroot: panic if tailscale_go build tag but Go toolchain mismatch	1 year ago
build_dist.sh	hostinfo,tailcfg: report TPM availability on windows/linux (#15831 )	8 months ago
build_docker.sh	cmd/{k8s-operator,k8s-proxy}: add kube-apiserver ProxyGroup type (#16266 )	6 months ago
flake.lock	nix: update nix and use go 1.24 (#15578 )	9 months ago
flake.nix	nix: update nix and use go 1.24 (#15578 )	9 months ago
go.mod	go.mod: bump wireguard-go (#16578 )	6 months ago
go.mod.sri	nix: update nix and use go 1.24 (#15578 )	9 months ago
go.sum	go.mod: bump wireguard-go (#16578 )	6 months ago
go.toolchain.branch	go.toolchain.branch: update to Go 1.24 (#15016 )	11 months ago
go.toolchain.rev	go.toolchain.rev: bump to go 1.24.4 (#16230 )	7 months ago
gomod_test.go	go.mod: add test that replace directives aren't added in oss	2 years ago
header.txt	cmd/k8s-operator: operator can create subnetrouter (#9505 )	2 years ago
license_test.go	scripts/check_license_headers.sh: delete, rewrite as a Go test	7 months ago
pkgdoc_test.go	all: skip looking for package comments in .git/ repository (#15384 )	10 months ago
pull-toolchain.sh	pull-toolchain.sh: don't run update-flake.sh	3 years ago
shell.nix	nix: update nix and use go 1.24 (#15578 )	9 months ago
staticcheck.conf	all: cleanup unused code, part 2 (#10670 )	2 years ago
update-flake.sh	Code Improvements (#11311 )	2 years ago
version-embed.go	Fix various linting, vet & static check issues	1 year ago
version_tailscale_test.go	tailscaleroot: panic if tailscale_go build tag but Go toolchain mismatch	1 year ago
version_test.go	.github/workflows: test that ./go/tool version matches go mod version	7 months ago

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains the majority of Tailscale's open source code. Notably, it includes the tailscaled daemon and the tailscale CLI tool. The tailscaled daemon runs on Linux, Windows, macOS, and to varying degrees on FreeBSD and OpenBSD. The Tailscale iOS and Android apps use this repo's code, but this repo doesn't contain the mobile GUI code.

Other Tailscale repos of note:

the Android app is at https://github.com/tailscale/tailscale-android
the Synology package is at https://github.com/tailscale/tailscale-synology
the QNAP package is at https://github.com/tailscale/tailscale-qpkg
the Chocolatey packaging is at https://github.com/tailscale/tailscale-chocolatey

For background on which parts of Tailscale are open source and why, see https://tailscale.com/opensource/.

Using

We serve packages for a variety of distros and platforms at https://pkgs.tailscale.com.

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers. The GUI wrappers on non-open source platforms are themselves not open source.

Building

We always require the latest Go release, currently Go 1.23. (While we build releases with our Go fork, its use is not required.)

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

See commit-messages.md (or skim git log) for our commit message style.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

Legal

WireGuard is a registered trademark of Jason A. Donenfeld.