Headscale Versions Save

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869
• Log available update as warning #1877
• Add autogroup:internet to Policy #1917

Commits

• 10e37ec Add contributing document
• ff427cc Apply suggestions from code review
• 3927784 Apply suggestions from code review
• aba4b36 Clarify relation with Tailscale (#1908)
• fef8261 Do not access node ID when node is not found (#1912)
• 50a7d15 Update CONTRIBUTING.md
• d740ee4 Update CONTRIBUTING.md
• 87e2ae4 add autogroup:internet, fix reduce filter rules (#1917)
• cb0b495 batch updates in notifier (#1905)
• 9229d17 remove examples/, and kustomize (#1906)
• c62d557 remove multistep build, build go last, allowing cached build layers (#1903)
• 318d5d2 replace issue templates with github issue forms

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869

Commits

• 2fb7428 Add FAQ question about using the same machine as server and client
• 2858ab4 Add new shasum for flake.nix
• c1d4fef Downgrade update sent to debug (#1843)
• a244eab Ephemeral keys can now be reusable and non-reusable
• 785b150 Fix typo in docs - DB file path (#1546)
• 4d90210 Fix/improve documentation formatting (#1575)
• 2ce23df Migrate IP fields in database to dedicated columns (#1869)
• 0fcfd64 More concise
• 58c94d2 Rework map session
• 84de185 Run prettier
• bdf54e8 Update answer based on comment
• b477e5f Update docker related doc (#1421)
• 6efc507 Update docs/faq.md
• dbe3282 Update docs/faq.md
• 1d3eae8 Update flake.lock (#1657)
• 7bea885 Updated dependencies, fixing segfault for OpenBSD Fixes #1857
• 8a8e25a [docs] Use modern Apt command to install package (#1420)
• bf4fd07 clean up use of log.Error where errors could be wrapped
• 20bf377 docs(README): update contributors (#1834)
• 95004de docs/reverse-proxy: use standard map, correct X-Forwarded-Proto variable for nginx (#1790)
• c9966ba fix postgres migration (#1802)
• c29eddd flake.lock: Update (#1833)
• dd693c4 flake.lock: Update (#1848)
• 1704977 improve testing of route failover logic
• 60f0cf9 more log.Error -> fmt.Errorf cleanup
• 7d62e9f move "embedded derp" settings into With options for integration tests (#1872)
• e15a083 simplify integration testing with matrix jobs (#1799)
• 74ff14e update docs workflow (#1832)
• ef26f58 update gh workflow actions (#1809)
• 85cef84 use newer fork of termcolor (#1842)
• d4af0c3 Log available update as warning (#1877)
• 4095372 fix ip migration
• c4c8cfe Fix crash when a prefix family was empty
• 6850358 Add test stage to docs (#1893)
• e2afd30 Add the latest UI to the website
• c906aaf Allow to remove forced tags of a node
• bd04792 Move pprof to metrics router (#1902)
• 580f96c Remove unused node check interval
• 7d81784 chore: fix function names in comment (#1866)
• 9375b09 chore: use errors.New to replace fmt.Errorf with no parameters will much better
• 803269a docs(readme): change contributors section (#1889)
• 8394208 fix prettier
• ba614a5 metrics, tuning in tests, db cleanups, fix concurrency issue (#1895)

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869

Commits

• 2fb7428 Add FAQ question about using the same machine as server and client
• 2858ab4 Add new shasum for flake.nix
• c1d4fef Downgrade update sent to debug (#1843)
• a244eab Ephemeral keys can now be reusable and non-reusable
• 785b150 Fix typo in docs - DB file path (#1546)
• 4d90210 Fix/improve documentation formatting (#1575)
• 2ce23df Migrate IP fields in database to dedicated columns (#1869)
• 0fcfd64 More concise
• 58c94d2 Rework map session
• 84de185 Run prettier
• bdf54e8 Update answer based on comment
• b477e5f Update docker related doc (#1421)
• 6efc507 Update docs/faq.md
• dbe3282 Update docs/faq.md
• 1d3eae8 Update flake.lock (#1657)
• 7bea885 Updated dependencies, fixing segfault for OpenBSD Fixes #1857
• 8a8e25a [docs] Use modern Apt command to install package (#1420)
• bf4fd07 clean up use of log.Error where errors could be wrapped
• 20bf377 docs(README): update contributors (#1834)
• 95004de docs/reverse-proxy: use standard map, correct X-Forwarded-Proto variable for nginx (#1790)
• c9966ba fix postgres migration (#1802)
• c29eddd flake.lock: Update (#1833)
• dd693c4 flake.lock: Update (#1848)
• 1704977 improve testing of route failover logic
• 60f0cf9 more log.Error -> fmt.Errorf cleanup
• 7d62e9f move "embedded derp" settings into With options for integration tests (#1872)
• e15a083 simplify integration testing with matrix jobs (#1799)
• 74ff14e update docs workflow (#1832)
• ef26f58 update gh workflow actions (#1809)
• 85cef84 use newer fork of termcolor (#1842)
• d4af0c3 Log available update as warning (#1877)
• 4095372 fix ip migration
• c4c8cfe Fix crash when a prefix family was empty

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869

Commits

• 2fb7428 Add FAQ question about using the same machine as server and client

• 2858ab4 Add new shasum for flake.nix

• c1d4fef Downgrade update sent to debug (#1843)

• a244eab Ephemeral keys can now be reusable and non-reusable

• 785b150 Fix typo in docs - DB file path (#1546)

• 4d90210 Fix/improve documentation formatting (#1575)

• 2ce23df Migrate IP fields in database to dedicated columns (#1869)

• 0fcfd64 More concise

• 58c94d2 Rework map session

• 84de185 Run prettier

• bdf54e8 Update answer based on comment

• b477e5f Update docker related doc (#1421)

• 6efc507 Update docs/faq.md

• dbe3282 Update docs/faq.md

• 1d3eae8 Update flake.lock (#1657)

• 7bea885 Updated dependencies, fixing segfault for OpenBSD Fixes #1857

• 8a8e25a [docs] Use modern Apt command to install package (#1420)

• bf4fd07 clean up use of log.Error where errors could be wrapped

• 20bf377 docs(README): update contributors (#1834)

• 95004de docs/reverse-proxy: use standard map, correct X-Forwarded-Proto variable for nginx (#1790)

• c9966ba fix postgres migration (#1802)

• c29eddd flake.lock: Update (#1833)

• dd693c4 flake.lock: Update (#1848)

• 1704977 improve testing of route failover logic

• 60f0cf9 more log.Error -> fmt.Errorf cleanup

• 7d62e9f move "embedded derp" settings into With options for integration tests (#1872)

• e15a083 simplify integration testing with matrix jobs (#1799)

• 74ff14e update docs workflow (#1832)

• ef26f58 update gh workflow actions (#1809)

• 85cef84 use newer fork of termcolor (#1842)

• d4af0c3 Log available update as warning (#1877)

• 4095372 fix ip migration

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702

Commits

• 5dbd59c Get integration test netmap from watch-ipn command (#1729)
• 1b01b9e Reduce poll logging to debug (#1746)
• 5717c82 Use result of fmt.Errorf call (#1668)
• 3f162c2 drop unused last_successful_update field from node table (#1754)
• 8b2c31a fix ifs in goreleaser gotemplate (#1781)
• b60ee9d improve errors for missing directories (#1765)
• c73e847 make database configuration change breaking (#1766)
• 7a920ee move debug inside if in docker goreleaser tag (#1783)
• 384ca03 new IP allocator and add postgres to integration tests. (#1756)
• f581d4d replace linter actions with nix to ensure consistent version (#1773)
• 1904d79 rework docker tags (#1763)
• 6055d0b rollback gorm, broke migration #1755 (#1762)

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure is now considered deprecated and will be removed in the future.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• Add support for deleting api keys #1702

Commits

• 00e7550 Add assert func for verifying status, netmap and netcheck (#1723)
• e3553aa Allow when user has only a subnet route (#1734)
• 0333e97 Build docker images with ko (goreleaser) (#1716)
• 82c64f6 Docs: fix path to nologin shell (#1610)
• 4ea12f4 Fix failover to disabled route #1706 (#1707)
• cbf57e2 Login with OIDC after having been logged out (#1719)
• 68a8ece Prepare notify channel before sending first update (#1730)
• 83769ba Replace database locks with transactions (#1701)
• 94b30ab Restructure database config (#1700)
• 7afc2fd TLS documentation updates (#1733)
• b4210e2 Trim client secret after reading from file (#1697)
• 91bb85e Update bug_report.md (#1672)
• 3f2b238 Upgrade to Go 1.22 and update deps (#1728)
• c3257e2 docs(windows-client): add Windows registry command (#1658)
• c4beb0b document setting oidc client secret cia env (#1649)
• c42f25b fix ko dockerhub builds (#1751)
• a369d57 fix node expire error due to type in gorm model Update (#1692)
• 5109af9 login to docker registries (#1744)
• 905fdaa remove quotes from command (#1742)
• 4740593 ✨ feat(apikey): adds command to delete api keys (#1702)
• 9047c09 ✨ feat: add pqsql configs for open and idle connections (#1583)

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.36
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path

Changes

Use versioned migrations #1644 Make the OIDC callback page better #1484 SSH support #1487 State management has been improved #1492 Use error group handling to ensure tests actually pass #1535 based on #1460 Fix hang on SIGTERM #1492 taken from #1480 Send logs to stderr by default #1524 Fix TS-2023-006 security UPnP issue #1563 Turn off gRPC logging #1640 fixes #1259 Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565

Commits

• 7e8bf4b Add Customization Options to DERP Map entry of integrated DERP server (#1565)
• 054b06d add 1.54 and 1.56 to integration tests (#1652)
• 55ca078 embed (hidden) tailsql for debugging (#1663)
• 65376e2 ensure renabled auto-approve routes works (#1670)
• a592ae5 fix issue where advertise tags causes hang (#1669)
• 3b10328 implement selfupdate and pass expiry (#1647)
• 1e22f17 node selfupdate and fix subnet router when ACL is enabled (#1673)

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.32
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path

Changes

Use versioned migrations #1644 Make the OIDC callback page better #1484 SSH support #1487 State management has been improved #1492 Use error group handling to ensure tests actually pass #1535 based on #1460 Fix hang on SIGTERM #1492 taken from #1480 Send logs to stderr by default #1524 Fix TS-2023-006 security UPnP issue #1563 Turn off gRPC logging #1640 fixes #1259

Commits

• d0d6438 Add workflow to autoupdate flake.lock deps (#1588)
• f13cf64 Docs: Update running-headscale-container.md - fix link to example config (#1618)
• 85e92db Enhance pipeline stability and automatically retry unstable tests (#1566)
• 4c608a4 Fix Github Actions docs pipeline (#1622)
• a59aab2 Remove support for non-noise clients (pre-1.32) (#1611)
• 48c7d76 Update flake.lock (#1589)
• 2f558be Update flake.lock (#1598)
• 2c8fc9b Update flake.lock (#1632)
• 6c9c557 Update xsync to v3.0.2 (#1597)
• fb4ed95 Upgrade Go 1.21, Tailscale 1.50 and add Capability version support (#1563)
• ed4e199 Use tailscale key types instead of strings (#1609)
• 9982ae5 add breaking entry of derp priv key (#1641)
• 6049ec7 add versioned migrations (#1644)
• 2af71c9 docs(README): update contributors (#1592)
• b359939 docs(README): update contributors (#1639)
• f65f4ec ensure online status and route changes are propagated (#1564)
• 790bbe5 fix hostinfo db column spelling (#1642)
• ac910fd make stale shorter (#1646)
• b918aa0 move to use tailscfg types over strings/custom types (#1612)
• 42b7f8f redundant line removed from systemd.service (#1587)
• c0fd06e remove the use key stripping and store the proper keys (#1603)
• cf8ffea turn off grpc communication logging (#1640)
• 0153e26 upgrade go dependencies (#1628)

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• API: Machine is now Node #1553

Changes

• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524

Commits

• 56cf4b0 Add github stale action (#1559)
• 084d1d5 Add initial test for mapresponse
• 53a9e28 Add missing return in shutdown
• 36c9b5c Adjust the template for the OIDC callback login page
• 9c425a1 Finish SSH
• 6567af7 Fix IP Address Order Bug
• c72401a Fix IPv6 in ACLs
• fb203a2 Format code
• 1766e6b General fixups discovered by checking errors
• b4a4d0f Handle errors in integration test setups
• bce8427 Map route into machine
• 3bef63b Remove LastSuccessfulUpdate from Machine
• f9f6e15 Remove complicated testcase obsoleated by tailNode test
• 387aa03 Remove database from Mapper
• 725bbd7 Remove variables and leftovers of pregenerated ACL content
• 0030af3 Rename Machine to Node (#1553)
• 66ff1fc Replace the timestamp based state system
• c957f89 Return simple responses immediatly
• e3acc95 Send logs to stderr, rather than stdout
• 64c0a65 Set online status in lite requests (#1555)
• feb1536 Split code into modules
• 4b65cf4 Split up MapResponse
• 3b0749a Update packetfilter when peers change
• 7edc953 Update tsic.go
• 4c12c02 Upgrade go and debian in headscale docker
• b27e8ab add 0.23.0 changelog entry (#1557)
• b7c6e0e add annoying linter to golangci
• 78268d7 add debug option to save all map responses
• 665a3cc add generic logerr func to shorten code
• f73172f add less/jq to hs debug container
• 9ccf87c add lock around saving ts clients
• 9c5301e add maprequest to all mapper calls
• 84fbca9 add note about db backup to changelog (#1560)
• 591ff8d add pprof endpoint
• 13fe4ec add script to run integration tests
• 47255d2 add script to run integration tests
• e0ba325 additional debug logging, use mapper pointer
• 14e29a7 create DB struct
• a1a3ff4 disable online map by default for now
• 699655a docs(README): update contributors
• 6cd0f77 docs(README): update contributors (#1558)
• 593b3ad filter out peers without endpoints
• d36336a fix lint
• 13a7285 fix lint
• 12a04f9 fix relogin test, pass accept route flag
• 056d3a8 format with prettier 3.0
• ca4a48a gitignore infolder tailscale
• 2434d76 give ci more tollerance for timeouts
• 096ac31 handle route updates correctly
• 217ccd6 improve debug logging, rw lock for notifier
• f8a58aa introduce a version subset we must test against
• f7f472a introduce mapper package
• eff529f introduce rw lock for db, ish...
• db6cf4a make GenerateFilterRules take machine and peers
• 161243c make generateFilterRules take machine and peers
• 2675ff4 make parse destination string into a func
• 155cc07 migrate last acl tests away from database
• 2289a2a move Config definitions into types
• 432e975 move MapResponse peer logic into function and reuse
• 8c4c4c8 move derp.go to derp module
• 80ea87c move derp_server to derp server module
• c1218ad move reminder of dns funcs to util
• e55fe06 only send lite map responses when omitpeers
• 88ca250 only send relevant filterrules to nodes
• 14f8c1b order path
• 2d87085 rearrange channel closing defers
• a8079a2 rearrange poll, lock, notify
• e2c08db reduce filter rules at the end, so we filter nodes correctly
• 717abe8 remove "stripEmailDomain" argument
• 5bad48a remove DB dependency of tailNode conversion, add test
• 01b85e5 remove readonly case for mapresponse, dont think it is used (#1556)
• fcdc7a6 remove redundant tests
• e90a669 remove retries for pings in tsic
• 19dc0ac rename acl "get" funcs to "expand" for consistency
• 0562260 rename handler files
• 63caf9a update flake, fix prettier lint
• 3577027 upgrade tailscale
• 23a3adf use cmp.Diff instead of reflect.DeepEqual
• fe75b71 use nix caching and docker caching in CI

Changelog

• Added missing ca-certificates in Docker image #1463