pkg/caddy-tailscale
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Enable [Tailscale](https://tailscale.com)-based authentication in [Caddy](https://caddyserver.com)
11 commits 1 branch 8 tags 105 KiB
Find a file
AKP 707ad4a78a
Basic README.md
2024-10-11 15:57:46 +01:00
.gitignore Add .gitignore 2024-10-10 13:16:34 +01:00
caddyfile.go Use the same header names as used in Tailscale's serve command 2024-10-11 15:38:10 +01:00
go.mod Alter 5 files 2024-10-09 23:22:12 +01:00
go.sum Alter 5 files 2024-10-09 23:22:12 +01:00
README.md Basic README.md 2024-10-11 15:57:46 +01:00
tailscaleAuth.go Add timeout to Tailscale WhoIs call 2024-10-10 13:15:14 +01:00

README.md

Tailscale authentication in Caddy

This is a plugin for the Caddy webserver that enables Tailscale-based authentication. It functions similarly to the default basic_auth Caddyfile directive except using the local Tailscale daemon and the remote address of a connection to authenticate based on if a connection is coming via a Tailnet and if so, who it is.

Optionally, the Tailscale-User-{Id,Login,Name} headers are set on the incoming request to allow this to be used as an analogue for forward_auth.

Limitations

This module requires the Tailscale daemon to be running on the same machine as the Caddy server.

Example usage

Require all incoming connections to be from within a Tailnet

www.example.com {
  tailscale_auth
  reverse_proxy localhost:9090
}

Require all incoming connections to be from within a Tailnet, setting headers

www.example.com {
  tailscale_auth set_headers
  reverse_proxy localhost:9090
}