v0.18.0-beta3

• Reworked routing and added support for subnet router failover #1024
• Added an OIDC AllowGroups Configuration options and authorization check #1041
• Set db_ssl to false by default #1052
• Fix duplicate nodes due to incorrect implementation of the protocol #1058
• Report if a machine is online in CLI more accurately #1062
• Added config option for custom DNS records #1035
• Expire nodes based on OIDC token expiry #1067
• Remove ephemeral nodes on logout #1098

v0.18.0-beta2

Changelog

• Reworked routing and added support for subnet router failover #1024
• Added an OIDC AllowGroups Configuration options and authorization check #1041
• Set db_ssl to false by default #1052
• Fix duplicate nodes due to incorrect implementation of the protocol #1058
• Report if a machine is online in CLI more accurately #1062

v0.18.0-beta1

Changes

• Reworked routing and added support for subnet router failover #1024
• Added an OIDC AllowGroups Configuration options and authorization check #1041
• Set db_ssl to false by default #1052

Changelog

• 7b8cf5e Add 1.34.0 to integration tests
• fba77de Add Route DB model and migration from existing field
• 63cd312 Add breaking change about noise private path
• bd4b2da Add changelog entry to correct version
• 95d3062 Add github action updater
• 4de676c Add instructions for macOS GUI
• 70f2f5d Added an OIDC AllowGroups option for authorization.
• 6718ff7 Added helper methods for subnet failover + unit tests
• ac8bff7 Call processMachineRoutes when a new Map is received
• 5a70ea7 Correct typo on standalone (fixes #1021)
• 6c2d6fa Do not explicitly set the protocols when ommited in ACL
• 6f4c6c1 Ignore tparallel where it doesnt make sense
• 19f12f9 Make goreleaser use Nix
• 946d38e Minor linting fixes
• 4453728 Murder docker container and network before run
• 52862b8 Port integration tests routes CLI to v2
• 68c72d0 Prep changelog for new release
• b62acff Refactor machine.go, and move functionality to routes.go + unit tests
• 34631df Refactored route grpc glue code
• 8170f5e Removed unused code and linting fixes
• a506d0f Run handlePrimarySubnetFailover() with a ticker when Serve
• 134c72f Set db_ssl to false by default, fixes #1043
• 06f7e7c Tag dockerfiles to minor version so we dont have to care about patch
• a58a552 Update macos/windows doc
• 0db16c7 Update nix deps, get go 1.19.3 in
• 1b557ac Update protobuf definitions + support methods for the API
• 34107f9 Updated changelog
• 8fa9755 Updated generated pb code
• 86fa136 Upgrade go dependencies
• 1015bc3 Upgrade to Tailscale 1.34.0
• 78819be Use the new routes API from the CLI
• 89c1207 added changelog for 0.17.1
• d1bca10 docs(README): update contributors
• 638a3d4 fix nix run
• 54f701f generateACLPolicy() no longer a Headscale method

v0.17.1

Changes

• Correct typo on macOS standalone profile link #1028
• Update platform docs with Fast User Switching #1016

v0.17.0

BREAKING

• noise.private_key_path has been added and is required for the new noise protocol.
• Log level option log_level was moved to a distinct log config section and renamed to level #768
• Removed Alpine Linux container image #962

Important Changes

• Added support for Tailscale TS2021 protocol #738
• Add experimental support for SSH ACL (see docs for limitations) #847
  • Please note that this support should be considered partially implemented
  • SSH ACLs status:
    • Support accept and check (SSH can be enabled and used for connecting and authentication)
    • Rejecting connections are not supported, meaning that if you enable SSH, then assume that all ssh connections will be allowed.
    • If you decied to try this feature, please carefully managed permissions by blocking port 22 with regular ACLs or do not set --ssh on your clients.
    • We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
  • This feature should be considered dangerous and it is disabled by default. Enable by setting HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1.

Changes

• Add ability to specify config location via env var HEADSCALE_CONFIG #674
• Target Go 1.19 for Headscale #778
• Target Tailscale v1.30.0 to build Headscale #780
• Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
• Fix subnet routers with Primary Routes #811
• Added support for JSON logs #653
• Sanitise the node key passed to registration url #823
• Add support for generating pre-auth keys with tags #767
• Add support for evaluating autoApprovers ACL entries when a machine is registered #763
• Add config flag to allow Headscale to start if OIDC provider is down #829
• Fix prefix length comparison bug in AutoApprovers route evaluation #862
• Random node DNS suffix only applied if names collide in namespace. #766
• Remove ip_prefix configuration option and warning #899
• Add dns_config.override_local_dns option #905
• Fix some DNS config issues #660
• Make it possible to disable TS2019 with build flag #928
• Fix OIDC registration issues #960 and #971
• Add support for specifying NextDNS DNS-over-HTTPS resolver #940
• Make more sslmode available for postgresql connection #927

Commits

• c28ca27 Add SSH ACL to changelog
• 52a323b Add SSH capability advertisement
• d4e3bf1 Add experimental flag to unit test
• c6d3174 Add feature flag for SSH, and warning
• cfaa36e Add method to expose container id
• e28d308 Add negative tests
• 36b8862 Add notes about current ssh status
• 91ed6e2 Allow WithEnv to be passed multiple times
• 8a79c2e Do not retry on permission denied in ssh
• 22da5bf Enable SSH for tests
• d207c30 Ensure we have ssh in container
• 3695284 Make simple initial test case
• d71aef3 Mark all tests with Parallel
• c02e105 Mark the flag properly experimental
• 519f22f SSH integration test setup
• fd6d25b SSH: Lint and typos
• f610be6 SSH: add test between namespaces
• f34e7c3 Strip newline from hostname
• eb072a1 mark some changes as more important

v0.17.0-beta5

BREAKING

• Log level option log_level was moved to a distinct log config section and renamed to level #768
• Removed Alpine Linux container image #962

Changes

• Added support for Tailscale TS2021 protocol #738
• Add ability to specify config location via env var HEADSCALE_CONFIG #674
• Target Go 1.19 for Headscale #778
• Target Tailscale v1.30.0 to build Headscale #780
• Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
• Fix subnet routers with Primary Routes #811
• Added support for JSON logs #653
• Sanitise the node key passed to registration url #823
• Add support for generating pre-auth keys with tags #767
• Add support for evaluating autoApprovers ACL entries when a machine is registered #763
• Add config flag to allow Headscale to start if OIDC provider is down #829
• Fix prefix length comparison bug in AutoApprovers route evaluation #862
• Random node DNS suffix only applied if names collide in namespace. #766
• Remove ip_prefix configuration option and warning #899
• Add dns_config.override_local_dns option #905
• Fix some DNS config issues #660
• Make it possible to disable TS2019 with build flag #928
• Fix OIDC registration issues #960 and #971
• Add support for specifying NextDNS DNS-over-HTTPS resolver #940
• Make more sslmode available for postgresql connection #927

v0.17.0-beta4

CHANGELOG

0.17.0 (2022-XX-XX)

BREAKING

• Log level option log_level was moved to a distinct log config section and renamed to level #768
• Removed Alpine Linux container image #962

Changes

• Added support for Tailscale TS2021 protocol #738
• Add ability to specify config location via env var HEADSCALE_CONFIG #674
• Target Go 1.19 for Headscale #778
• Target Tailscale v1.30.0 to build Headscale #780
• Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
• Fix subnet routers with Primary Routes #811
• Added support for JSON logs #653
• Sanitise the node key passed to registration url #823
• Add support for generating pre-auth keys with tags #767
• Add support for evaluating autoApprovers ACL entries when a machine is registered #763
• Add config flag to allow Headscale to start if OIDC provider is down #829
• Fix prefix length comparison bug in AutoApprovers route evaluation #862
• Random node DNS suffix only applied if names collide in namespace. #766
• Remove ip_prefix configuration option and warning #899
• Add dns_config.override_local_dns option #905
• Fix some DNS config issues #660
• Make it possible to disable TS2019 with build flag #928
• Fix OIDC registration issues #960 and #971

v0.17.0-beta3

BREAKING

• Log level option log_level was moved to a distinct log config section and renamed to level #768

Changes

• Added support for Tailscale TS2021 protocol #738
• Add ability to specify config location via env var HEADSCALE_CONFIG #674
• Target Go 1.19 for Headscale #778
• Target Tailscale v1.30.0 to build Headscale #780
• Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
• Fix subnet routers with Primary Routes #811
• Added support for JSON logs #653
• Sanitise the node key passed to registration url #823
• Add support for generating pre-auth keys with tags #767
• Add support for evaluating autoApprovers ACL entries when a machine is registered #763
• Add config flag to allow Headscale to start if OIDC provider is down #829
• Fix prefix length comparison bug in AutoApprovers route evaluation #862
• Random node DNS suffix only applied if names collide in namespace. #766
• Remove ip_prefix configuration option and warning #899
• Add dns_config.override_local_dns option #905
• Fix some DNS config issues #660
• Make it possible to disable TS2019 with build flag #928

v0.17.0-beta2

Changelog

0.17.0 (2022-XX-XX)

BREAKING

• Log level option log_level was moved to a distinct log config section and renamed to level #768

Changes

• Added support for Tailscale TS2021 protocol #738
• Add ability to specify config location via env var HEADSCALE_CONFIG #674
• Target Go 1.19 for Headscale #778
• Target Tailscale v1.30.0 to build Headscale #780
• Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
• Fix subnet routers with Primary Routes #811
• Added support for JSON logs #653
• Sanitise the node key passed to registration url #823
• Add support for generating pre-auth keys with tags #767
• Add support for evaluating autoApprovers ACL entries when a machine is registered #763
• Add config flag to allow Headscale to start if OIDC provider is down #829
• Fix prefix length comparison bug in AutoApprovers route evaluation #862
• Random node DNS suffix only applied if names collide in namespace. #766
• Remove ip_prefix configuration option and warning #899
• Add dns_config.override_local_dns option #905
• Fix some DNS config issues #660

Commits

• 8a07381 Fix prefix length comparison bug in AutoApprovers route evaluation (#862)

v0.17.0-beta1

Changelog

0.17.0 (2022-XX-XX)

BREAKING

• Log level option log_level was moved to a distinct log config section and renamed to level #768

Changes

• Added support for Tailscale TS2021 protocol #738
• Add ability to specify config location via env var HEADSCALE_CONFIG #674
• Target Go 1.19 for Headscale #778
• Target Tailscale v1.30.0 to build Headscale #780
• Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
• Fix subnet routers with Primary Routes #811
• Added support for JSON logs #653
• Sanitise the node key passed to registration url #823
• Add support for generating pre-auth keys with tags #767
• Add support for evaluating autoApprovers ACL entries when a machine is registered #763
• Add config flag to allow Headscale to start if OIDC provider is down #829
• Random node DNS suffix only applied if names collide in namespace. #766
• Remove ip_prefix configuration option and warning #899
• Add dns_config.override_local_dns option #905
• Fix some DNS config issues #660

Commits

• 2c0488d Add Execute helper for controlserver
• ff217cc Add back head and unstable, ts 1.32.0
• ed2236a Add buildtags to pls
• 13aa845 Add comment about scenario test
• 25e39d9 Add get ips command to scenario
• d8144ee Add initial pingallbyhostname
• cb61a49 Add namespace command test
• 2bf50bc Add new integration tests to ci
• 0cf9c4c Add nolint since go os has weird casing
• 239ef16 Add preauthkey command test
• 5013187 Add some sort stability
• ca8bca9 Add support for "override local DNS" (#905)
• 0db608a Add tailscale versions, waiters and helpers for scenario
• 3951f39 Add wait for peers and status to tsic
• 308b9e7 Defince control server interface
• a9c3b14 Define a "scenario", which is a controlserver with nodes
• a846e13 Expose and use ports consistently
• 7155b22 Factor out some commonly used patterns
• 8893100 Fail correctly if container exist
• 6b67584 Fix DERP name in integration tests
• aca3a66 Fix declaration of pointer
• a0ec369 Fix error declaration
• 12ee9bc Fix golangcilint
• 6d8c18d Fix golangcilint
• 4e8b95e Fix issue 660 (#874)
• 40c048f Fix lint
• e8b3de4 Fix lint
• df36bcf Fix machine test from marger
• bc1c1f5 Fix most nil pointers, actually make it check for unique across headscale
• d56ad29 Fix nolint comment
• 073308f Fix the proposed noise private_key_path
• 70ecda6 Fix warning on success
• 9f58eeb Fix zero arguments error
• 53b4bb2 Fixup after ts interface
• 79864e0 Fmt md with prettier
• 21ec543 Give user better feedback if headscale socket is unwritable
• 23a0946 Integration, remove retry
• f109b54 Join test suite container to network, allowing seperate networks
• 37a4d41 Make addr configurable
• d242cea Make hostname dns safe, allow string in ping command
• 4904ccc Make sure mock container is removed before started
• 201f81c Make sure mockoidc is up, has unique name and removed if exist
• 830d59f Merge branch 'main' into feature-random-suffix-on-collision
• 40b3de9 Merge branch 'main' into feature-random-suffix-on-collision
• 03194e2 Merge branch 'main' into feature-random-suffix-on-collision
• 611f7c3 Merge branch 'main' into integration-remove-v1-genera
• e112514 Merge branch 'main' into integration-ts-interface
• 73eae8e Merge branch 'main' into integration-v2-cli
• 2ca286e Merge branch 'main' into integration-v2-cli
• 21b06f6 Merge branch 'main' into integration-v2-no-verbose
• e7e2c78 Merge branch 'main' into integration-v2-resolve-magicdns
• 907aa07 Merge branch 'main' into main
• 852cb90 Merge branch 'main' into main
• 463180c Merge branch 'main' into main
• 88d1287 Merge branch 'main' into patch-1
• 1eea9c9 Merge branch 'main' into patch-1
• 5333df2 Merge branch 'main' into sanitise-machine-key-url
• d06ba7b Merge branch 'main' into sanitise-machine-key-url
• d69a5f6 Merge branch 'main' into update-xsync-version
• babd303 Merge pull request #771 from shanna/feature-random-suffix-on-collision
• d575dac Merge pull request #823 from kradalby/sanitise-machine-key-url
• 98f5b7f Merge pull request #837 from ShadowJonathan/patch-1
• c00e559 Merge pull request #840 from juanfont/update-contributors
• 9c16d5e Merge pull request #843 from phpmalik/patch-1
• f18e222 Merge pull request #844 from kradalby/container-exist-fix
• 399c325 Merge pull request #852 from kevin1sMe/main
• 0048ed0 Merge pull request #853 from zhzy0077/patch-1
• cf40d2a Merge pull request #854 from kradalby/integration-split
• 4dd2eef Merge pull request #855 from Donran/main
• 587a016 Merge pull request #856 from kradalby/integration-v2
• e96bcee Merge pull request #859 from kradalby/new-integration-versions
• a395045 Merge pull request #865 from kradalby/integration-no-build-tags
• 129afdb Merge pull request #871 from kradalby/integration-ts-interface
• ecce82d Merge pull request #875 from thetillhoff/main
• ae189c0 Merge pull request #884 from kradalby/integration-v2-ping-by-hostname
• 9c30939 Merge pull request #887 from kradalby/integration-v2-taildrop
• 8d46986 Merge pull request #888 from juanfont/update-contributors
• a647e6a Merge pull request #889 from kradalby/integration-v2-resolve-magicdns
• 91c0a15 Merge pull request #890 from kradalby/integration-v2-cli
• a14f482 Merge pull request #891 from kradalby/integration-ditch-retry
• 5c9c4f2 Merge pull request #892 from kradalby/integration-v2-no-verbose
• 341db0c Merge pull request #895 from puzpuzpuz/update-xsync-version
• 7f69b08 Merge pull request #896 from kradalby/update-golines
• c1c22a4 Merge pull request #897 from kradalby/integration-remove-v1-genera
• 018b1d6 Migrate taildrop test to v2
• 0b0fb0a Minor change
• f68ba75 Move some helper functions into dockertestutil package
• 22cabc1 No interactive tty
• b2bca2a Only run integration tests from dir in new tests
• 39bc6f7 Port PingAll test to new test suite
• 7e6ab19 Port preauthkey subcommand tests
• 93082b8 Protect against user injection for registration CLI page
• 2aebd29 Random suffix only on collision.
• d706c35 Remove 1.16 from FQDN, bump 1.32.1
• 2b10226 Remove extra line
• dde39aa Remove general v1 makefile entry
• 94ad0a1 Remove ip_prefix, its been deprecated for a long time (#899)
• e45ba37 Remove v1 general integration tests
• bcdd34b Remove v1 general integration tests code
• 86c132c Remove verbose flag for v2 tests, increase timeout
• fa3d21c Rename pingall test to signal ip
• a94ed05 Run all integration tests fully in docker
• 85df2c8 Run oidc tests fully in docker
• 4cb7d63 Set better names for different integration tests
• 0e12b66 Simplify code around latest state change map updates
• eda4321 Skip integration tests on short or lack of docker
• 21dd212 Split integration tests into seperate jobs
• 8ee35c9 Stuff
• f3dbfc9 Style change
• c6f82c3 Switch from hacking buildtags to selecting tests
• 382a37f Test against last patch version
• 54e3a0d Test with a longer timeout
• 701f990 Unify code snippet comment location
• 75a8fc8 Update changelog
• 3a6257b Update everything else
• 5d3c027 Update golines
• 62e3fa0 Update nix
• 3659461 Update reverse-proxy document for istio/envoy
• ad31378 Update vendor sha in nix
• 06e12f7 Update: tips about warnning log
• fafa3f8 Upgrade tailscale
• cbbf9fb Use FQDN from tailscale client
• c9823ce Use TailscaleClient interface instead of tsic
• dfadb96 Use short test to signal that we dont run integration
• 2bb3475 Validate the incoming nodekey with regex before attempting to parse
• 4df47de add nolint to integrationtests, they are going away ™️
• 32c21a0 cache go mod in docker, speed up local
• a3d3ad2 docs(README): update contributors
• b22e628 docs(README): update contributors
• 72e2fa4 docs(README): update contributors
• 8502a0a dont request tty
• d900f48 expose right porsts
• 84f9f60 go mod tidy
• 8be14ef gofumpt
• 36ad000 golangci-lint --fix
• b331e3f hsic: ControlServer implementation of headscale in docker
• 8c4744a make TailscaleClient interface
• fe4e05b only print stdout on err
• 7015d72 port resolve magicdns test
• 76689c2 remove fixed todo
• c90d0dd remove the need to bind host port
• b0a4ee4 test login with one node
• fa8b02a tsic: Tailscale in Container abstraction
• 1469425 update flake vendor hash
• 2d170fe update tests
• 2f36a11 use short flag for nix build test
• aef77a1 use variable for namespace