- Notifications
You must be signed in to change notification settings - Fork928
feat: use custom wireguard reverse proxy for dev tunnel#1975
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
969613c tod3f1e22Compare| dev := device.NewDevice(tun, conn.NewDefaultBind(), device.NewLogger(device.LogLevelVerbose, "")) | ||
| err = dev.IpcSet(fmt.Sprintf(`private_key=%s | ||
| public_key=%s | ||
| endpoint=%s:55555 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Is55555 a static port we use?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Yeah, that's the UDP port on the server for Wireguard to connect to.
coderd/devtunnel/tunnel.go Outdated
| persistent_keepalive_interval=21 | ||
| allowed_ip=%s/128`, | ||
| hex.EncodeToString(cfg.PrivateKey[:]), | ||
| encodeBase64ToHex("+KNSMwed/IlqoesvTMSBNsHFaKVLrmmaCkn0bxIhUg0="), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Where does this come from?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This is the hardcoded public key of the server. I should probably move these to consts to make them more clear.
coderd/devtunnel/tunnel.go Outdated
| hex.EncodeToString(cfg.PrivateKey[:]), | ||
| encodeBase64ToHex("+KNSMwed/IlqoesvTMSBNsHFaKVLrmmaCkn0bxIhUg0="), | ||
| wgip.IP.String(), | ||
| netip.AddrFrom16(uuid.MustParse("fcad0000-0000-4000-8000-000000000001")).String(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
How does this UUID come to be?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Same here, it's the hardcoded IP of the server. I'll make this a const.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
* feat: update build url to @username/workspace/builds/buildnumber (#2234)* update build url to @username/workspace/builds/buildnumber* update errors thrown from the API* add unit tests for the new API* add t.parallel* get username and workspace name from params* fix: update icon (#2216)* feat: Show template description in `coder template init` (#2238)* fix: workspace schedule time displays (#2249)Summary:Various time displays weren't quite right.Details:- Display date (not just time) of upcoming workspace stop in workspacepage- Fix ttlShutdownAt for various cases + tests - manual to non-manual - unchanged/unmodified - isBefore --> isSameOrBefore - use the delta (off by _ error)- pluralize units in dayjs.add* fix: Remove easter egg mentioning competitor (#2250)This is more confusing than helpful!* feat: Warn on coderd startup if access URL is localhost (#2248)* feat: use custom wireguard reverse proxy for dev tunnel (#1975)* fix: use correct link in create from template button (#2253)* feat: store and display template creator (#2228)* design commit* add owner_id to templates table* add owner information in apis and ui* update minWidth for statItem* rename owner to created_by* missing refactor to created_by* handle errors in fetching created_by names* feat: update language on workspace page (#2220)* fix: ensure config dir exists before reading tunnel config (#2259)* fix(devtunnel): close `http.Server` before wireguard interface (#2263)* fix: ensure `agentResource` is non-nil (#2261)* chore: add hero image to OSS docs homepage (#2241)* fix: Do not write 2 errors to api on template fetch error (#2285)* feat: add tooltips to templates pageresolves#2242Co-authored-by: Abhineet Jain <AbhineetJain@users.noreply.github.com>Co-authored-by: Joe Previte <jjprevite@gmail.com>Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>Co-authored-by: G r e y <grey@coder.com>Co-authored-by: Kyle Carberry <kyle@coder.com>Co-authored-by: David Wahler <david@coder.com>Co-authored-by: Colin Adler <colin1adler@gmail.com>Co-authored-by: Garrett Delfosse <garrett@coder.com>Co-authored-by: Katie Horne <katie@coder.com>Co-authored-by: Steven Masley <Emyrk@users.noreply.github.com>
Uh oh!
There was an error while loading.Please reload this page.
This pr rewrites our current reverse proxy which usesfrp into a simple wireguard based one. It has a few benefits compared to the old one:
After this is merged for a period of time, I'll allow PG backed deploys to use our tunnel!
Note: debug logs for wireguard are currently turned on. They'll be turned off when merged into main.