From 2262188d8a97c977b34bc660761aeb76a68d1869 Mon Sep 17 00:00:00 2001
From: Juan Font Alonso <juanfontalonso@gmail.com>
Date: Sun, 4 Sep 2022 16:05:21 +0200
Subject: [PATCH 1/4] Warn when Headscale is running behind a wrongly
 configured proxy

---
 noise.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/noise.go b/noise.go
index 45bff7b3..493ef785 100644
--- a/noise.go
+++ b/noise.go
@@ -23,6 +23,19 @@ func (h *Headscale) NoiseUpgradeHandler(
 ) {
 	log.Trace().Caller().Msgf("Noise upgrade handler for client %s", req.RemoteAddr)
 
+	upgrade := req.Header.Get("Upgrade")
+	if upgrade == "" {
+		// This probably means that the user is running Headscale behind an
+		// improperly configured reverse proxy. TS2021 requires WebSockets to
+		// be passed to Headscale. Let's give them a hint.
+		log.Warn().
+			Caller().
+			Msg("No Upgrade header found in TS2021 request. If running headscale behind a reverse proxy, make sure it is configured to pass WebSockets through.")
+		http.Error(writer, "Internal error", http.StatusInternalServerError)
+
+		return
+	}
+
 	noiseConn, err := controlhttp.AcceptHTTP(req.Context(), writer, req, *h.noisePrivateKey)
 	if err != nil {
 		log.Error().Err(err).Msg("noise upgrade failed")

From a377ee14b44fccecac8d8c0f8030643fb4fa5433 Mon Sep 17 00:00:00 2001
From: Juan Font Alonso <juanfontalonso@gmail.com>
Date: Sun, 4 Sep 2022 16:13:30 +0200
Subject: [PATCH 2/4] Minor message change

---
 noise.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/noise.go b/noise.go
index 493ef785..f6fb3644 100644
--- a/noise.go
+++ b/noise.go
@@ -30,7 +30,7 @@ func (h *Headscale) NoiseUpgradeHandler(
 		// be passed to Headscale. Let's give them a hint.
 		log.Warn().
 			Caller().
-			Msg("No Upgrade header found in TS2021 request. If running headscale behind a reverse proxy, make sure it is configured to pass WebSockets through.")
+			Msg("No Upgrade header in TS2021 request. If headscale is behind a reverse proxy, make sure it is configured to pass WebSockets through.")
 		http.Error(writer, "Internal error", http.StatusInternalServerError)
 
 		return

From 5c59255b41da566b37e32c1598b65e0612655618 Mon Sep 17 00:00:00 2001
From: Juan Font Alonso <juanfontalonso@gmail.com>
Date: Sun, 4 Sep 2022 16:13:48 +0200
Subject: [PATCH 3/4] Also warn in DERP server if Websockets are not properly
 working

---
 derp_server.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/derp_server.go b/derp_server.go
index 6fe897bb..fa2b27f6 100644
--- a/derp_server.go
+++ b/derp_server.go
@@ -99,10 +99,13 @@ func (h *Headscale) DERPHandler(
 	req *http.Request,
 ) {
 	log.Trace().Caller().Msgf("/derp request from %v", req.RemoteAddr)
-	up := strings.ToLower(req.Header.Get("Upgrade"))
-	if up != "websocket" && up != "derp" {
-		if up != "" {
-			log.Warn().Caller().Msgf("Weird websockets connection upgrade: %q", up)
+	upgrade := strings.ToLower(req.Header.Get("Upgrade"))
+
+	if upgrade != "websocket" && upgrade != "derp" {
+		if upgrade != "" {
+			log.Warn().
+				Caller().
+				Msg("No Upgrade header in DERP server request. If headscale is behind a reverse proxy, make sure it is configured to pass WebSockets through.")
 		}
 		writer.Header().Set("Content-Type", "text/plain")
 		writer.WriteHeader(http.StatusUpgradeRequired)

From c28e559da49fe44b83fa9535572f23727a8e7972 Mon Sep 17 00:00:00 2001
From: Juan Font Alonso <juanfontalonso@gmail.com>
Date: Sun, 4 Sep 2022 16:23:46 +0200
Subject: [PATCH 4/4] Updated changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6fc0e593..cf0afb7f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
 - Add ability to specify config location via env var `HEADSCALE_CONFIG` [#674](https://github.com/juanfont/headscale/issues/674)
 - Target Go 1.19 for Headscale [#778](https://github.com/juanfont/headscale/pull/778)
 - Target Tailscale v1.30.0 to build Headscale [#780](https://github.com/juanfont/headscale/pull/780)
+- Give a warning when running Headscale with reverse proxy improperly configured for WebSockets [#788](https://github.com/juanfont/headscale/pull/788)
 
 ## 0.16.4 (2022-08-21)