nginx-auth no longer works after Magic DNS GA #6048
Labels
Comments
DentonGentry
added a commit
that referenced
this issue
Oct 25, 2022
We need a new release to handle TCD changes after MagicDNS GA Updates #6048 Signed-off-by: Denton Gentry <dgentry@tailscale.com>
DentonGentry
added a commit
that referenced
this issue
Oct 25, 2022
We need a new release to handle TCD changes after MagicDNS GA Updates #6048 Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
We released a tailscale-nginx-auth 0.1.2 update which incorporates the changes made for MagicDNS GA. |
|
Thanks for the quick response! I won’t be at a laptop till later tonight/early tomorrow - I’ll comment/close this out once I can test that it works for me. |
|
I'm going to optimistically assume this is fixed, please reopen if it still doesn't work. |
|
thanks! can confirm that this is now fixed for me after updating the package and changing the expected tailnet name (including adding a trailing period). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the issue?
Hi!
I've been happily using the nginx auth command for a while, following the instructions in https://tailscale.com/blog/tailscale-auth-nginx/
I noticed that recently I can no longer access any of my domains, with nginx giving a 401 Authorization Required error.
After talking to @maisem we narrowed the issue down -- the name of my tailnet changed after I started to use Magic DNS. Unfortunately, changing the expected tailnet name to match in my nginx config did not work. I tried removing the "expected-tailnet" check in the config but it's still broken - there is a bug in the code that complains the client presents an invalid hostname - my logs are full of this:
I believe cfbbcf6 fixes the bug, but there is no newer version of the package that has this commit (at the time of this writing, I'm on 0.1.1 and trying to upgrade says I'm on the latest version).
Ideally, I'd expect this to work out of the box - and since this may require config changes for people, maybe a notification to users is warranted (not sure how it would be delivered, just flagging).
Steps to reproduce
Set up an nginx config following https://tailscale.com/blog/tailscale-auth-nginx/ and then visiting a URL.
This previously worked but now gives 401s.
Are there any recent changes that introduced the issue?
I believe the Magic DNS launch combined with me changing my tailnet name broke this. As mentioned above, cfbbcf6 fixes this (I think, would have to be tested) but a new package needs to be published
OS
Linux
OS version
Ubuntu 22.04.1
Tailscale version
1.32.1
Bug report
BUG-fda7735932997695d0a5d63c0a7dc098a98e9237d6736d1d48268c6d514060a3-20221024233852Z-de276e057fb40584
The text was updated successfully, but these errors were encountered: