v0.18.0-beta4

Changelog

• Reworked routing and added support for subnet router failover #1024
• Added an OIDC AllowGroups Configuration options and authorization check #1041
• Set db_ssl to false by default #1052
• Fix duplicate nodes due to incorrect implementation of the protocol #1058
• Report if a machine is online in CLI more accurately #1062
• Added config option for custom DNS records #1035
• Expire nodes based on OIDC token expiry #1067
• Remove ephemeral nodes on logout #1098
• Performance improvements in ACLs #1129

v0.18.0-beta3

• Reworked routing and added support for subnet router failover #1024
• Added an OIDC AllowGroups Configuration options and authorization check #1041
• Set db_ssl to false by default #1052
• Fix duplicate nodes due to incorrect implementation of the protocol #1058
• Report if a machine is online in CLI more accurately #1062
• Added config option for custom DNS records #1035
• Expire nodes based on OIDC token expiry #1067
• Remove ephemeral nodes on logout #1098

v0.18.0-beta2

Changelog

• Reworked routing and added support for subnet router failover #1024
• Added an OIDC AllowGroups Configuration options and authorization check #1041
• Set db_ssl to false by default #1052
• Fix duplicate nodes due to incorrect implementation of the protocol #1058
• Report if a machine is online in CLI more accurately #1062

v0.18.0-beta1

Changes

• Reworked routing and added support for subnet router failover #1024
• Added an OIDC AllowGroups Configuration options and authorization check #1041
• Set db_ssl to false by default #1052

Changelog

• 7b8cf5e Add 1.34.0 to integration tests
• fba77de Add Route DB model and migration from existing field
• 63cd312 Add breaking change about noise private path
• bd4b2da Add changelog entry to correct version
• 95d3062 Add github action updater
• 4de676c Add instructions for macOS GUI
• 70f2f5d Added an OIDC AllowGroups option for authorization.
• 6718ff7 Added helper methods for subnet failover + unit tests
• ac8bff7 Call processMachineRoutes when a new Map is received
• 5a70ea7 Correct typo on standalone (fixes #1021)
• 6c2d6fa Do not explicitly set the protocols when ommited in ACL
• 6f4c6c1 Ignore tparallel where it doesnt make sense
• 19f12f9 Make goreleaser use Nix
• 946d38e Minor linting fixes
• 4453728 Murder docker container and network before run
• 52862b8 Port integration tests routes CLI to v2
• 68c72d0 Prep changelog for new release
• b62acff Refactor machine.go, and move functionality to routes.go + unit tests
• 34631df Refactored route grpc glue code
• 8170f5e Removed unused code and linting fixes
• a506d0f Run handlePrimarySubnetFailover() with a ticker when Serve
• 134c72f Set db_ssl to false by default, fixes #1043
• 06f7e7c Tag dockerfiles to minor version so we dont have to care about patch
• a58a552 Update macos/windows doc
• 0db16c7 Update nix deps, get go 1.19.3 in
• 1b557ac Update protobuf definitions + support methods for the API
• 34107f9 Updated changelog
• 8fa9755 Updated generated pb code
• 86fa136 Upgrade go dependencies
• 1015bc3 Upgrade to Tailscale 1.34.0
• 78819be Use the new routes API from the CLI
• 89c1207 added changelog for 0.17.1
• d1bca10 docs(README): update contributors
• 638a3d4 fix nix run
• 54f701f generateACLPolicy() no longer a Headscale method

v0.17.1

Changes

• Correct typo on macOS standalone profile link #1028
• Update platform docs with Fast User Switching #1016

v0.17.0

BREAKING

• noise.private_key_path has been added and is required for the new noise protocol.
• Log level option log_level was moved to a distinct log config section and renamed to level #768
• Removed Alpine Linux container image #962

Important Changes

• Added support for Tailscale TS2021 protocol #738
• Add experimental support for SSH ACL (see docs for limitations) #847
  • Please note that this support should be considered partially implemented
  • SSH ACLs status:
    • Support accept and check (SSH can be enabled and used for connecting and authentication)
    • Rejecting connections are not supported, meaning that if you enable SSH, then assume that all ssh connections will be allowed.
    • If you decied to try this feature, please carefully managed permissions by blocking port 22 with regular ACLs or do not set --ssh on your clients.
    • We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
  • This feature should be considered dangerous and it is disabled by default. Enable by setting HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1.

Changes

• Add ability to specify config location via env var HEADSCALE_CONFIG #674
• Target Go 1.19 for Headscale #778
• Target Tailscale v1.30.0 to build Headscale #780
• Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
• Fix subnet routers with Primary Routes #811
• Added support for JSON logs #653
• Sanitise the node key passed to registration url #823
• Add support for generating pre-auth keys with tags #767
• Add support for evaluating autoApprovers ACL entries when a machine is registered #763
• Add config flag to allow Headscale to start if OIDC provider is down #829
• Fix prefix length comparison bug in AutoApprovers route evaluation #862
• Random node DNS suffix only applied if names collide in namespace. #766
• Remove ip_prefix configuration option and warning #899
• Add dns_config.override_local_dns option #905
• Fix some DNS config issues #660
• Make it possible to disable TS2019 with build flag #928
• Fix OIDC registration issues #960 and #971
• Add support for specifying NextDNS DNS-over-HTTPS resolver #940
• Make more sslmode available for postgresql connection #927

Commits

• c28ca27 Add SSH ACL to changelog
• 52a323b Add SSH capability advertisement
• d4e3bf1 Add experimental flag to unit test
• c6d3174 Add feature flag for SSH, and warning
• cfaa36e Add method to expose container id
• e28d308 Add negative tests
• 36b8862 Add notes about current ssh status
• 91ed6e2 Allow WithEnv to be passed multiple times
• 8a79c2e Do not retry on permission denied in ssh
• 22da5bf Enable SSH for tests
• d207c30 Ensure we have ssh in container
• 3695284 Make simple initial test case
• d71aef3 Mark all tests with Parallel
• c02e105 Mark the flag properly experimental
• 519f22f SSH integration test setup
• fd6d25b SSH: Lint and typos
• f610be6 SSH: add test between namespaces
• f34e7c3 Strip newline from hostname
• eb072a1 mark some changes as more important

v0.17.0-beta5

BREAKING

• Log level option log_level was moved to a distinct log config section and renamed to level #768
• Removed Alpine Linux container image #962

Changes

• Added support for Tailscale TS2021 protocol #738
• Add ability to specify config location via env var HEADSCALE_CONFIG #674
• Target Go 1.19 for Headscale #778
• Target Tailscale v1.30.0 to build Headscale #780
• Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
• Fix subnet routers with Primary Routes #811
• Added support for JSON logs #653
• Sanitise the node key passed to registration url #823
• Add support for generating pre-auth keys with tags #767
• Add support for evaluating autoApprovers ACL entries when a machine is registered #763
• Add config flag to allow Headscale to start if OIDC provider is down #829
• Fix prefix length comparison bug in AutoApprovers route evaluation #862
• Random node DNS suffix only applied if names collide in namespace. #766
• Remove ip_prefix configuration option and warning #899
• Add dns_config.override_local_dns option #905
• Fix some DNS config issues #660
• Make it possible to disable TS2019 with build flag #928
• Fix OIDC registration issues #960 and #971
• Add support for specifying NextDNS DNS-over-HTTPS resolver #940
• Make more sslmode available for postgresql connection #927

v0.17.0-beta4

CHANGELOG

0.17.0 (2022-XX-XX)

BREAKING

• Log level option log_level was moved to a distinct log config section and renamed to level #768
• Removed Alpine Linux container image #962

Changes

• Added support for Tailscale TS2021 protocol #738
• Add ability to specify config location via env var HEADSCALE_CONFIG #674
• Target Go 1.19 for Headscale #778
• Target Tailscale v1.30.0 to build Headscale #780
• Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
• Fix subnet routers with Primary Routes #811
• Added support for JSON logs #653
• Sanitise the node key passed to registration url #823
• Add support for generating pre-auth keys with tags #767
• Add support for evaluating autoApprovers ACL entries when a machine is registered #763
• Add config flag to allow Headscale to start if OIDC provider is down #829
• Fix prefix length comparison bug in AutoApprovers route evaluation #862
• Random node DNS suffix only applied if names collide in namespace. #766
• Remove ip_prefix configuration option and warning #899
• Add dns_config.override_local_dns option #905
• Fix some DNS config issues #660
• Make it possible to disable TS2019 with build flag #928
• Fix OIDC registration issues #960 and #971

v0.17.0-beta3

BREAKING

• Log level option log_level was moved to a distinct log config section and renamed to level #768

Changes

• Added support for Tailscale TS2021 protocol #738
• Add ability to specify config location via env var HEADSCALE_CONFIG #674
• Target Go 1.19 for Headscale #778
• Target Tailscale v1.30.0 to build Headscale #780
• Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
• Fix subnet routers with Primary Routes #811
• Added support for JSON logs #653
• Sanitise the node key passed to registration url #823
• Add support for generating pre-auth keys with tags #767
• Add support for evaluating autoApprovers ACL entries when a machine is registered #763
• Add config flag to allow Headscale to start if OIDC provider is down #829
• Fix prefix length comparison bug in AutoApprovers route evaluation #862
• Random node DNS suffix only applied if names collide in namespace. #766
• Remove ip_prefix configuration option and warning #899
• Add dns_config.override_local_dns option #905
• Fix some DNS config issues #660
• Make it possible to disable TS2019 with build flag #928

v0.17.0-beta2

Changelog

0.17.0 (2022-XX-XX)

BREAKING

• Log level option log_level was moved to a distinct log config section and renamed to level #768

Changes

• Added support for Tailscale TS2021 protocol #738
• Add ability to specify config location via env var HEADSCALE_CONFIG #674
• Target Go 1.19 for Headscale #778
• Target Tailscale v1.30.0 to build Headscale #780
• Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
• Fix subnet routers with Primary Routes #811
• Added support for JSON logs #653
• Sanitise the node key passed to registration url #823
• Add support for generating pre-auth keys with tags #767
• Add support for evaluating autoApprovers ACL entries when a machine is registered #763
• Add config flag to allow Headscale to start if OIDC provider is down #829
• Fix prefix length comparison bug in AutoApprovers route evaluation #862
• Random node DNS suffix only applied if names collide in namespace. #766
• Remove ip_prefix configuration option and warning #899
• Add dns_config.override_local_dns option #905
• Fix some DNS config issues #660

Commits

• 8a07381 Fix prefix length comparison bug in AutoApprovers route evaluation (#862)