2.7 KiB
Advanced Integration
The advanced integration methods unlock the full capabilities of Headplane. This is the closest you can get to the SaaS experience if you were paying for Tailscale.
Configuration Management
The advanced integration allows you to manage the Headscale configuration via
the Headplane UI. When the configuration is available for editing, the DNS
and Settings tabs will become available. When using the Docker or Kubernetes
integration, changes to the configuration file will be automatically applied
to Headscale.
By default, the configuration file is read from
/etc/headscale/config.yaml. This can be overridden by setting theCONFIG_FILEenvironment variable. Any variables includingHEADSCALE_URL,OIDC_CLIENT_ID,OIDC_ISSUER, andOIDC_CLIENT_SECRETwill take priority over the configuration file.
Access Control Lists (ACLs)
The advanced integration allows you to manage the ACLs via the Headplane UI.
When the ACL file is available for editing, the Access Controls tab will
become available. All of the integrations support automatic reloading of the
ACLs when the file is changed.
By default, the ACL file is read from
/etc/headscale/acl_policy.json. Ifpolicy.pathis set andpolicy.modeis set tofile, the ACL file will be read from the path specified in the configuration file instead.
Deployment
Requirements:
- Headscale 0.23 or newer
- Headscale and Headplane need a Reverse Proxy (NGINX, Traefik, Caddy, etc)
Currently there are 3 integration providers that can do this for you:
Once configured, the Headplane UI will be available at the /admin path
of the server you deployed it on. This is currently not configurable unless
you build the Docker image yourself or run the Node.js server directly.
Additionally, if you require access to health information for either Docker
or Kubernetes, the /admin/healthz path will be available. This is useful for
monitoring services like Prometheus or Grafana.