docs: add Tailscale authentication modes

almeidapaulopt · Jan 7, 2025 · 8ea80c1 · 8ea80c1
1 parent c871e5c
commit 8ea80c1
Show file tree

Hide file tree

Showing 10 changed files with 112 additions and 23 deletions.
diff --git a/docs/content/docs/advanced/_index.md b/docs/content/docs/advanced/_index.md
@@ -11,4 +11,5 @@ weight: 5
   <!-- {{< card link="headscale" title="Headscale" icon="server" >}} -->
   {{< card link="host-mode" title="Service with Host Network Mode" icon="view-boards" >}}
   {{< card link="icons" title="Dashboard icons" icon="view-boards" >}}
+  {{< card link="tailscale" title="Tailscale" icon="key" >}}
 {{< /cards >}}
diff --git a/docs/content/docs/advanced/dashboard.md b/docs/content/docs/advanced/dashboard.md
@@ -11,7 +11,7 @@ prev: /docs/advanced
 
 Update docker-compose.yml with the following:
 
-```yaml docker-compose.yml
+```yaml  {filename="/config/tsdproxy.yaml"}
     labels:
       - tsdproxy.enable=true
       - tsdproxy.name=dash
@@ -25,7 +25,7 @@ docker compose restart
 
 ### Standalone
 
-#### Configure files provider
+#### Configure with a Proxy List provider
 
 Configure a new files provider or configure it in any existing files provider.
 
@@ -35,7 +35,7 @@ files:
     filename: /config/proxies.yaml
 ```
 
-#### Add Dashboard entry on your files provider
+#### Add Dashboard entry on your Proxy List file
 
 ```yaml {filename="/config/proxies.yaml"}
 dash:

diff --git a/docs/content/docs/advanced/host-mode.md b/docs/content/docs/advanced/host-mode.md
@@ -1,6 +1,5 @@
 ---
 title: Service with host network_mode
-next: /docs/scenarios
 ---
 
 If you want to run a service in `network_mode: host`, TSDProxy tries to detect how

diff --git a/docs/content/docs/advanced/tailscale.md b/docs/content/docs/advanced/tailscale.md
@@ -0,0 +1,75 @@
+---
+title: Tailscale Authentication
+next: /docs/scenarios
+---
+
+
+## OAuth
+
+{{% steps %}}
+
+### Disable AuthKey
+
+OAuth authentication mode is enable if no AuthKey is set in the configuration
+for Tailscale provider.
+
+Like:
+
+```yaml {filename="/config/tsdproxy.yaml"}
+tailscale:
+  providers:
+    default: 
+      authKey: ""
+      authKeyFile: ""
+```
+
+When the proxy starts, it will wait to be authenticated with the Tailscale.
+
+### Authenticate
+
+Go to TSDProxy Dashboard and click on the Proxy that should show "Authentication" status.
+
+>[!TIP]
+> Set "Ephemeral" to false in the Tailscale provider to avoid the need of
+authentication next time. See [docker Ephemeral label](../../docker/#tsdproxyephemeral)
+or [Proxy List configuration](../../list/#proxy-list-file-options)
+
+{{% /steps %}}
+
+## AuthKey
+
+{{% steps %}}
+
+### Generate Authkey
+
+1. Go to [https://login.tailscale.com/admin/settings/keys](https://login.tailscale.com/admin/settings/keys)
+2. Click in "Generate auth key"
+3. Add a Description
+4. Enable Reusable
+5. Enable Ephemeral
+6. Add Tags if you need
+7. Click in "Generate key"
+
+>[!WARNING]
+> If tags were added to the key, all proxies initialized with the same authkey
+> will get the same tags.
+> Add a new Tailscale provider to the configuration if
+> you need to use different)
+
+### Add to configuration
+
+Add you key to the configuration as follow:
+
+```yaml {filename="/config/tsdproxy.yaml"}
+tailscale:
+  providers:
+    default: 
+      authKey: "GENERATED KEY HERE"
+      authKeyFile: ""
+```
+
+### Restart
+
+Restart TSDProxy
+
+{{% /steps %}}
diff --git a/docs/content/docs/changelog.md b/docs/content/docs/changelog.md
@@ -3,15 +3,26 @@ title: Changelog
 weight: 200 
 ---
 
-
 {{% steps %}}
 
+### 1.4.0
+
+#### New features
+
+- OAuth authentication using the Dashboard.
+- Dashboard has now proxy status.
+- Icons and Labels can be used to customize the Dashboard.
+
+#### Fixes
+
+- Error on port when autodetect is disabled.
+
 ### 1.3.0
 
 #### Braking changes
 
 Configuration files are now validated and doesn't allow invalid configuration keys
-[Verify valid configuration keys](/docs/serverconfig/#sample-configuration-file).
+[Verify valid configuration keys](../serverconfig/#sample-configuration-file).
 
 #### New features
 

diff --git a/docs/content/docs/getting-started.md b/docs/content/docs/getting-started.md
@@ -6,7 +6,9 @@ prev: /docs
 
 ## Quick Start
 
-Using Docker Compose, you can easily configure the proxy to your Tailscale containers. Here’s an example of how you can configure your services using Docker Compose:
+Using Docker Compose, you can easily configure the proxy to your Tailscale
+containers. Here’s an example of how you can configure your services using
+Docker Compose:
 
 {{% steps %}}
 
@@ -48,8 +50,8 @@ files: {}
 tailscale:
   providers:
     default: # name of the provider
-      authKey: your-authkey # define authkey here
-      authKeyFile: "" # use this to load authkey from file. If this is defined, Authkey is ignored
+      authKey: "" # optional, define authkey here
+      authKeyFile: "" # optional, use this to load authkey from file. If this is defined, Authkey is ignored
       controlUrl: https://controlplane.tailscale.com # use this to override the default control URL
   dataDir: /data/
 http:
@@ -63,9 +65,8 @@ proxyAccessLog: true # set to true to enable container access log
 
 #### Edit the configuration file
 
-1. Set your authkey in the file `/config/tsdproxy.yaml`.
-2. Change your docker host if you are not using the socket.
-3. restart the service.
+1. Change your docker host if you are not using the socket.
+2. Restart the service if you changed the configuration.
 
 ```bash
 docker compose restart
@@ -81,18 +82,16 @@ The container name is `sample-nginx`, expose port 8181, and add the
 docker run -d --name sample-nginx -p 8111:80 --label "tsdproxy.enable=true" nginx:latest
 ```
 
-### Test the sample service
+### Open Dashboard
 
-```bash
-curl https://sample-nginx.FUNNY-NAME.ts.net
-```
-
-> [!NOTE]
-> Note that you need to replace `FUNNY-NAME` with the name of your network.
+1. Visit the dashboard at http://<IP_ADDRESS>:8080.
+2. Sample-nginx should appear in the dashboard. Click the button and
+authenticate with Tailscale.
+3. After authentication, the proxy will be enabled.
 
 > [!IMPORTANT]
-> The first time you run the proxy, it will take a few seconds to start, because it
-> needs to connect to the Tailscale network, generate the certificates, and start
+> The first time you run the proxy, it will take a few seconds to start, because
+> it needs to connect to the Tailscale network, generate the certificates, and start
 > the proxy.
 
 {{% /steps %}}
diff --git a/docs/content/docs/serverconfig.md b/docs/content/docs/serverconfig.md
@@ -32,7 +32,7 @@ files:
 tailscale:
   providers:
     default: # name of the provider
-      authKey: your-authkey # define authkey here
+      authKey: "" # define authkey here
       authKeyFile: "" # use this to load authkey from file. If this is defined, Authkey is ignored
       controlUrl: https://controlplane.tailscale.com # use this to override the default control URL
   dataDir: /data/

diff --git a/docs/go.mod b/docs/go.mod
@@ -2,4 +2,4 @@ module github.com/imfing/hextra-starter-template
 
 go 1.23.4
 
-require github.com/imfing/hextra v0.9.0 // indirect
+require github.com/imfing/hextra v0.9.3 // indirect
diff --git a/docs/go.sum b/docs/go.sum
@@ -1,2 +1,4 @@
 github.com/imfing/hextra v0.9.0 h1:1UyLZgS1eayce2ETCOjAQssXpkRz3HDrIs/fljH0lkU=
 github.com/imfing/hextra v0.9.0/go.mod h1:cEfel3lU/bSx7lTE/+uuR4GJaphyOyiwNR3PTqFTXpI=
+github.com/imfing/hextra v0.9.3 h1:p4vDm2TSgt3RpJdJm2mqkpoJCH2S08wzySyyYodtgCc=
+github.com/imfing/hextra v0.9.3/go.mod h1:cEfel3lU/bSx7lTE/+uuR4GJaphyOyiwNR3PTqFTXpI=
diff --git a/docs/hugo.yaml b/docs/hugo.yaml
@@ -5,6 +5,8 @@ enableRobotsTXT: true
 enableGitInfo: true
 enableEmoji: true
 
+baseURL: https://almeidapaulopt.github.io/tsdproxy/
+
 defaultContentLanguage: en
 languages:
   en:
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,4 +2,4 @@ module github.com/imfing/hextra-starter-template

		go 1.23.4

		require github.com/imfing/hextra v0.9.0 // indirect
		require github.com/imfing/hextra v0.9.3 // indirect