Hi,
I'm writing to ask for advice for configuring the "headscale" port
regarding the TLS part of the config.
For context, the headscale port runs under user "_headscale" and comes
with a mostly complete
configuration. The developers on the GitHub readme specify that they
discourage the use of reverse
proxies like nginx and relayd as headscale is meant to run completely on
its own
(see
https://github.com/juanfont/headscale?tab=readme-ov-file#running-headscale).
Additionally, it's designed to administer its own certs. On OpenBSD,
ports lower than 1024 are only
accessible by root processes, so headscale running under user _headscale
has a bit of an issue. What's
the recommended approach here? Would it be a good idea to make the
iptables forward any incoming
connection from port 80 to another port that headscale has access to
(i.e. 8081)?
--
Regards,
Yiannis Charalambous
