1
0
mirror of https://github.com/juanfont/headscale.git synced 2024-12-20 19:09:07 +01:00
juanfont.headscale/docs
Motiejus Jakštys bafb6791d3 oidc: allow reading the client secret from a file
Currently the most "secret" way to specify the oidc client secret is via
an environment variable `OIDC_CLIENT_SECRET`, which is problematic[1].
Lets allow reading oidc client secret from a file. For extra convenience
the path to the secret will resolve the environment variables.

[1]: https://systemd.io/CREDENTIALS/
2023-01-14 17:03:57 +01:00
..
examples
images
logo Add logo files 2022-09-05 15:29:30 +02:00
proposals Initial proposal for better routing 2022-11-21 21:58:22 +01:00
acls.md
android-client.md
dns-records.md fix spelling mistakes 2023-01-01 22:45:16 +01:00
glossary.md Update readme and glossary to reflect features and goals 2022-02-25 10:34:35 +01:00
oidc.md oidc: allow reading the client secret from a file 2023-01-14 17:03:57 +01:00
README.md oidc: add basic docs 2023-01-04 09:23:52 +01:00
remote-cli.md Update remote-cli.md 2022-12-19 19:16:48 +01:00
reverse-proxy.md Add Caddy instructions to reverse_proxy.md 2022-12-27 23:08:34 +01:00
running-headscale-container.md Correction in the sample config file 2022-11-20 17:12:13 +01:00
running-headscale-linux.md expanded arguments in useradd to be easier to understand for beginners 2022-04-21 11:00:17 +02:00
running-headscale-openbsd.md Minor doc change 2022-09-03 12:22:03 +02:00
tls.md Remove mTLS from doc and config example 2022-11-19 19:50:34 +01:00
windows-client.md Improve the windows client docs as per discord recommendations 2022-02-11 18:36:53 +00:00

headscale documentation

This page contains the official and community contributed documentation for headscale.

If you are having trouble with following the documentation or get unexpected results, please ask on Discord instead of opening an Issue.

Official documentation

How-to

References

Community documentation

Community documentation is not actively maintained by the headscale authors and is written by community members. It is not verified by headscale developers.

It might be outdated and it might miss necessary steps.

Misc

Policy ACLs

Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-hosted environment.

For instance, instead of referring to users when defining groups you must use namespaces (which are the equivalent to user/logins in Tailscale.com).

Please check https://tailscale.com/kb/1018/acls/, and ./tests/acls/ in this repo for working examples.

When using ACL's the Namespace borders are no longer applied. All machines whichever the Namespace have the ability to communicate with other hosts as long as the ACL's permits this exchange.

The ACLs document should help understand a fictional case of setting up ACLs in a small company. All concepts presented in this document could be applied outside of business oriented usage.

Apple devices

An endpoint with information on how to connect your Apple devices (currently macOS only) is available at /apple on your running instance.