Files
57_Wolve 1ca79938cd feat(headscale): add headplane web UI at /admin
Integrate headplane (ghcr.io/tale/headplane) into the headscale stack, served
by Caddy at /admin. API-only (no Docker socket); deploy.sh mints a headscale
API key on first run, generates headplane.yaml, and wires optional OIDC login
via pocket-id (second client, /admin/oidc/callback). Adds HEADPLANE_* env,
compose service, Caddy routing; rebuild embedded archive.
2026-06-12 16:15:34 -05:00

47 lines
1.2 KiB
Caddyfile

# Caddyfile for headscale stack.
#
# Auto-issues a Let's Encrypt cert for $HEADSCALE_DOMAIN and reverse-proxies
# to headscale's HTTP listener on :8080. Tailscale clients require this
# exact hostname over HTTPS.
{
email {$ACME_EMAIL}
}
{$HEADSCALE_DOMAIN} {
encode zstd gzip
# Headplane web UI lives at /admin. Pass the path through unchanged
# (headplane serves itself under /admin). Everything else is headscale's
# control protocol.
@admin path /admin /admin/*
handle @admin {
reverse_proxy headplane:3000
}
handle {
reverse_proxy headscale:8080 {
header_up X-Real-IP {http.request.remote.host}
# Long-lived noise/wireguard control streams; lift the default
# idle limit so they don't get torn down.
flush_interval -1
transport http {
read_timeout 10m
write_timeout 10m
}
}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin"
-Server
}
log {
output stdout
format console
}
}