make https port configurable

hassio-addons · Oct 23, 2023 · c0c7332 · c0c7332
1 parent 7382fe4
commit c0c7332
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 12 deletions.
diff --git a/tailscale/DOCS.md b/tailscale/DOCS.md
@@ -158,10 +158,6 @@ More information: [Tailscale Funnel][tailscale_info_funnel]
 **Note**: _After initial setup, it can take up to 10 minutes for the domain to
 be publicly available._
 
-**Note:** _You should not use any port number in the URL that you used
-previously to access Home Assistant. Tailscale Funnel works on the default HTTPS
-port 443._
-
 **Note:** _If you encounter strange browser behaviour or strange error messages,
 try to clear all site related cookies, clear all browser cache, restart browser._
 
@@ -257,10 +253,6 @@ More information: [Enabling HTTPS][tailscale_info_https]
 
 1. Restart the add-on.
 
-**Note:** _You should not use any port number in the URL that you used
-previously to access Home Assistant. Tailscale Proxy works on the default HTTPS
-port 443._
-
 ### Option: `snat_subnet_routes`
 
 This option allows subnet devices to see the traffic originating from the subnet

diff --git a/tailscale/config.yaml b/tailscale/config.yaml
@@ -41,3 +41,7 @@ schema:
   tags: ["match(^tag:[a-zA-Z0-9]-?[a-zA-Z0-9]+$)?"]
   taildrop: bool?
   userspace_networking: bool?
+ports:
+  443/tcp: 443
+ports_description:
+  443/tcp: Tailscale Proxy and Funnel port
diff --git a/tailscale/rootfs/etc/s6-overlay/s6-rc.d/funnel/run b/tailscale/rootfs/etc/s6-overlay/s6-rc.d/funnel/run
@@ -6,6 +6,7 @@
 # ==============================================================================
 
 declare already_configured_funnel_port
+declare https_port
 declare domain
 
 # Tailscale serve and funnel configuration is persistent between restarts
@@ -25,6 +26,14 @@ done
 # Enable funnel service only when it has been explicitly enabled
 if bashio::config.true 'proxy' && bashio::config.true 'funnel'; then
 
+  https_port=$(bashio::addon.port 443)
+
+  # Check if HTTPS port is configured properly
+  if ! bashio::var.has_value "${https_port}"; then
+    bashio::log.error "No HTTPS port is configured"
+    bashio::exit.nok
+  fi
+
   # Check if Tailscale HTTPS is enabled
   if ! /opt/tailscale status --self=true --peers=false --json \
     | jq -rce '.Self.CapMap | has("https")' > /dev/null;
@@ -44,12 +53,12 @@ if bashio::config.true 'proxy' && bashio::config.true 'funnel'; then
   fi
 
   # Set up funnel
-  if ! /opt/tailscale funnel 443 on; then
+  if ! /opt/tailscale funnel "${https_port}" on; then
     bashio::log.error "Unable to configure Tailscale Funnel"
     bashio::exit.nok
   fi
   bashio::log.info "Tailscale Funnel is enabled:"
   bashio::log.info "  Your Home Assistant instance is publicly available on the internet at"
-  bashio::log.info "  https://${domain}"
+  bashio::log.info "  https://${domain}:${https_port}"
 
 fi
diff --git a/tailscale/rootfs/etc/s6-overlay/s6-rc.d/proxy/run b/tailscale/rootfs/etc/s6-overlay/s6-rc.d/proxy/run
@@ -5,6 +5,7 @@
 # Enables Tailscale Proxy feature
 # ==============================================================================
 
+declare https_port
 declare domain
 
 # Tailscale serve and funnel configuration is persistent between restarts
@@ -17,6 +18,14 @@ fi
 # Enable proxy service only when it has been explicitly enabled
 if bashio::config.true 'proxy'; then
 
+  https_port=$(bashio::addon.port 443)
+
+  # Check if HTTPS port is configured properly
+  if ! bashio::var.has_value "${https_port}"; then
+    bashio::log.error "No HTTPS port is configured"
+    bashio::exit.nok
+  fi
+
   # Check if Tailscale HTTPS is enabled
   if ! /opt/tailscale status --self=true --peers=false --json \
     | jq -rce '.Self.CapMap | has("https")' > /dev/null;
@@ -46,12 +55,12 @@ if bashio::config.true 'proxy'; then
   fi
 
   # Set up proxy
-  if ! /opt/tailscale serve https:443 / "http://127.0.0.1:$(bashio::core.port)"; then
+  if ! /opt/tailscale serve "https:${https_port}" / "http://127.0.0.1:$(bashio::core.port)"; then
     bashio::log.error "Unable to configure Tailscale Proxy"
     bashio::exit.nok
   fi
   bashio::log.info "Tailscale Proxy is enabled:"
   bashio::log.info "  Your Home Assistant instance is available within your Tailnet VPN at"
-  bashio::log.info "  https://${domain}"
+  bashio::log.info "  https://${domain}:${https_port}"
 
 fi
diff --git a/tailscale/translations/en.yaml b/tailscale/translations/en.yaml
@@ -77,3 +77,8 @@ configuration:
       Assistant instance, disable userspace networking mode, which will create a
       `tailscale0` network interface on your host.
       When not set, this option is enabled by default.
+network:
+  443/tcp: >-
+    This option allows you to configure the port the Tailscale Proxy and Funnel
+    features are accessible on.
+    Only port number 443, 8443 and 10000 is allowed by Tailscale Funnel.