You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently for a remote CLI you have no choice but to setup TLS. As a result, the public HTTP endpoints also end up encrypted, and in some configurations this sacrifices significant observability (currently my linkerd2 sidecar containers are unable to inspect traffic, monitor endpoint performance, and enforce per-route ACLs). While workarounds are possible (for example running headscale without TLS, and a proxy terminating TLS for gRPC), they would be far from ideal.
Description
One solution is adding split TLS options - to allow a user to enable TLS for gRPC, while not enabling it for other endpoints.
I'm happy to work on this if it's an acceptable change.
The text was updated successfully, but these errors were encountered:
Why
Currently for a remote CLI you have no choice but to setup TLS. As a result, the public HTTP endpoints also end up encrypted, and in some configurations this sacrifices significant observability (currently my linkerd2 sidecar containers are unable to inspect traffic, monitor endpoint performance, and enforce per-route ACLs). While workarounds are possible (for example running headscale without TLS, and a proxy terminating TLS for gRPC), they would be far from ideal.
Description
One solution is adding split TLS options - to allow a user to enable TLS for gRPC, while not enabling it for other endpoints.
I'm happy to work on this if it's an acceptable change.
The text was updated successfully, but these errors were encountered: