tailscale-dev/tclip

"HTTPS is not enabled in the admin panel" despite it being enabled

Closed this issue · 10 comments

I have both MagicDNS and HTTPS enabled in the Admin control panel but I still get the message in the title. I also set up the nodeAttrs ACL for funnel, is there anything I'm missing?

Is this for local development? I found this message would get printed when the server isn't able to authenticate with Tailscale. Checking the logs with --tsnet-verbose should give a clearer picture if the API key is being set.

@gmemstr This was deployed via Docker, when I turn off Tailscale Funnel via the env var it works though

@anaisbetts I got the same issue running tclip on my unraid instance. What env var did you use to disable the funnel option?
@gmemstr I guess I won't be able to try out the --tsnet-verbose parameter using docker?

I'm having the same issue when communicating with a custom tailscale server (headscale). I can see that the docker container is connecting, as it registers as a node. But the https communication fails.

I've passed the env var to disable funnel also.

Hi @anaisbetts, @arunoruto, @alijnclarke sorry for the long delay here, if either of you is still having this issue are you able to provide some information about the steps taken in your setup to reproduce it?

When I was testing tclip I did notice that the error HTTPS is not enabled in the admin panel ocurrs for a variety of generic connection errors, including things like the node name already existing under a diferent machine as well as likely other things.

If you are able to check the logs with --tsnet-verbose or TSNET_VERBOSE=true that can likely shed more light on the situation.

What env var did you use to disable the funnel option?

It should be off by default, but you can make sure by doing USE_FUNNEL=false variable.

I guess I won't be able to try out the --tsnet-verbose parameter using docker?

You can, either by adding it to the end of your docker command, or a bit easier by setting TSNET_VERBOSE=true in the environment of the container. The logs will then show up in the log output of the container.

Regarding custom tailscale servers, I added naive support for a custom control url with TSNET_CONTROL_URL however it is currently untested with Headscale. The error HTTPS is not enabled in the admin panel can happen if you are hitting the wrong control server for the authkey, however it can also mean other things (such as a full MagicDNS hostname not being available). If you encounter issues, please let me know.

I kinda gave up on the project, but now I dug it up again and lo and behold, it works :D But not without a bit of tweaking!

I got a problem about funnels not being enabled (I entered the USE_FUNNEL=false variable), so I went to my dashboard and assigned the funnel attr to my tag where tclip lives on, and now it works!

Thank you for confirming that!

For those looking to use this with Headscale, I've added two new options you'll need to use in order for it to work:

  • TSNET_CONTROL_URL needs to be set to your Headscale control server URL.
  • DISABLE_HTTPS=true needs to be set, due to Headscale not supporting Tailscale Serve.

If you don't use both those variables in that way, you will see failure with "HTTPS is not enabled in the admin panel".

A full list of configuration options is available here: https://github.com/tailscale-dev/tclip?tab=readme-ov-file#configuration

If you run into any issues, please set TSNET_VERBOSE=true and provide relevant log lines.

Hi again, I'm going to close this issue for now but if you do run into this issue again please respond here with relevant logs from setting TSNET_VERBOSE=true and it can be reopened. Thanks!