- Notifications
You must be signed in to change notification settings - Fork928
fix: direct embedded derp traffic directly to the server#6595
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
coderd/workspaceagents.go Outdated
| Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)}, | ||
| DERPMap: derpMap, | ||
| Logger: api.Logger.Named("tailnet"), | ||
| BlockEndpoints: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Why do we set BlockEndpoints now? I'm sure there's a reason, just wondering. 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This is a mistake! Fantastic catch 🥴🥴🥴
| }) | ||
| if err != nil { | ||
| _ = clientConn.Close() | ||
| _ = serverConn.Close() | ||
| return nil, xerrors.Errorf("create tailnet conn: %w", err) | ||
| } | ||
| conn.SetDERPRegionDialer(func(_ context.Context, region *tailcfg.DERPRegion) net.Conn { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
There's a comment above in the code that seems outdated now?
// TODO: This should dial directly to execute the// DERP server instead of contacting localhost.//// This requires modification of Tailscale internals// to pipe through a proxy function per-region, so// this is an easy and mostly reliable hack for now.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Great point! I'm happy we're able to take out a TODO!
Prior to this change, DERP traffic would route from `coderd` to the`CODER_ACCESS_URL` to reach the internal DERP server, which may haveresulted in slower connections due to proxying, or the failure ofweb traffic entirely.If your Coder deployment has a proxy in front of it, your traffic throughweb terminals, apps, and port-forwarding is about to get a lot faster!
Prior to this change, DERP traffic would route from
coderdto theCODER_ACCESS_URLto reach the internal DERP server, which may have resulted in slower connections due to proxying, or the failure of web traffic entirely.If your Coder deployment has a proxy in front of it, your traffic through web terminals, apps, and port-forwarding is about to get a lot faster!
Seecoder/tailscale#13