-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nginx-auth no longer works after Magic DNS GA #6048
Comments
We need a new release to handle TCD changes after MagicDNS GA Updates #6048 Signed-off-by: Denton Gentry <dgentry@tailscale.com>
We need a new release to handle TCD changes after MagicDNS GA Updates #6048 Signed-off-by: Denton Gentry <dgentry@tailscale.com>
We released a tailscale-nginx-auth 0.1.2 update which incorporates the changes made for MagicDNS GA. |
Thanks for the quick response! I won’t be at a laptop till later tonight/early tomorrow - I’ll comment/close this out once I can test that it works for me. |
I'm going to optimistically assume this is fixed, please reopen if it still doesn't work. |
thanks! can confirm that this is now fixed for me after updating the package and changing the expected tailnet name (including adding a trailing period). |
What is the issue?
Hi!
I've been happily using the nginx auth command for a while, following the instructions in https://tailscale.com/blog/tailscale-auth-nginx/
I noticed that recently I can no longer access any of my domains, with nginx giving a 401 Authorization Required error.
After talking to @maisem we narrowed the issue down -- the name of my tailnet changed after I started to use Magic DNS. Unfortunately, changing the expected tailnet name to match in my nginx config did not work. I tried removing the "expected-tailnet" check in the config but it's still broken - there is a bug in the code that complains the client presents an invalid hostname - my logs are full of this:
I believe cfbbcf6 fixes the bug, but there is no newer version of the package that has this commit (at the time of this writing, I'm on 0.1.1 and trying to upgrade says I'm on the latest version).
Ideally, I'd expect this to work out of the box - and since this may require config changes for people, maybe a notification to users is warranted (not sure how it would be delivered, just flagging).
Steps to reproduce
Set up an nginx config following https://tailscale.com/blog/tailscale-auth-nginx/ and then visiting a URL.
This previously worked but now gives 401s.
Are there any recent changes that introduced the issue?
I believe the Magic DNS launch combined with me changing my tailnet name broke this. As mentioned above, cfbbcf6 fixes this (I think, would have to be tested) but a new package needs to be published
OS
Linux
OS version
Ubuntu 22.04.1
Tailscale version
1.32.1
Bug report
BUG-fda7735932997695d0a5d63c0a7dc098a98e9237d6736d1d48268c6d514060a3-20221024233852Z-de276e057fb40584
The text was updated successfully, but these errors were encountered: