mirror of
https://github.com/tailscale/tailscale.git
synced 2025-12-22 05:27:08 +00:00
f4d34f38be
Based on PR #16700 by @lox, adapted to current codebase. Adds support for proxying HTTP requests to Unix domain sockets via tailscale serve unix:/path/to/socket, enabling exposure of services like Docker, containerd, PHP-FPM over Tailscale without TCP bridging. The implementation includes reasonable protections against exposure of tailscaled's own socket. Adaptations from original PR: - Use net.Dialer.DialContext instead of net.Dial for context propagation - Use http.Transport with Protocols API (current h2c approach, not http2.Transport) - Resolve conflicts with hasScheme variable in ExpandProxyTargetValue Updates #9771 Signed-off-by: Peter A. <ink.splatters@pm.me> Co-authored-by: Lachlan Donald <lachlan@ljd.cc>
83 lines
2.2 KiB
Go
83 lines
2.2 KiB
Go
// Copyright (c) Tailscale Inc & AUTHORS
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
package ipn
|
|
|
|
import (
|
|
"runtime"
|
|
"testing"
|
|
)
|
|
|
|
func TestExpandProxyTargetValueUnix(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
target string
|
|
supportedSchemes []string
|
|
defaultScheme string
|
|
want string
|
|
wantErr bool
|
|
skipOnWindows bool
|
|
}{
|
|
{
|
|
name: "unix-socket-absolute-path",
|
|
target: "unix:/tmp/myservice.sock",
|
|
supportedSchemes: []string{"http", "https", "unix"},
|
|
defaultScheme: "http",
|
|
want: "unix:/tmp/myservice.sock",
|
|
skipOnWindows: true,
|
|
},
|
|
{
|
|
name: "unix-socket-var-run",
|
|
target: "unix:/var/run/docker.sock",
|
|
supportedSchemes: []string{"http", "https", "unix"},
|
|
defaultScheme: "http",
|
|
want: "unix:/var/run/docker.sock",
|
|
skipOnWindows: true,
|
|
},
|
|
{
|
|
name: "unix-socket-relative-path",
|
|
target: "unix:./myservice.sock",
|
|
supportedSchemes: []string{"http", "https", "unix"},
|
|
defaultScheme: "http",
|
|
want: "unix:./myservice.sock",
|
|
skipOnWindows: true,
|
|
},
|
|
{
|
|
name: "unix-socket-empty-path",
|
|
target: "unix:",
|
|
supportedSchemes: []string{"http", "https", "unix"},
|
|
defaultScheme: "http",
|
|
wantErr: true,
|
|
},
|
|
{
|
|
name: "unix-socket-not-in-supported-schemes",
|
|
target: "unix:/tmp/myservice.sock",
|
|
supportedSchemes: []string{"http", "https"},
|
|
defaultScheme: "http",
|
|
wantErr: true,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if tt.skipOnWindows && runtime.GOOS == "windows" {
|
|
t.Skip("skipping unix socket test on Windows")
|
|
}
|
|
|
|
// On Windows, unix sockets should always error
|
|
if runtime.GOOS == "windows" && !tt.wantErr {
|
|
tt.wantErr = true
|
|
}
|
|
|
|
got, err := ExpandProxyTargetValue(tt.target, tt.supportedSchemes, tt.defaultScheme)
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf("ExpandProxyTargetValue() error = %v, wantErr %v", err, tt.wantErr)
|
|
return
|
|
}
|
|
if !tt.wantErr && got != tt.want {
|
|
t.Errorf("ExpandProxyTargetValue() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|