Some months ago I checked out tsnet, which “just worked”, and IIRC I also successfully tested out serving HTTPS.
But now I fail to write a working HTTPS server.
EDIT Please see next post. HTTPS is a red herring. Keeping original here, maybe it helps someone else observing the same symptoms.
Based on the example in Virtual private services with tsnet · Tailscale I changed a handful of lines:
ln, err := s.Listen("tcp", ":443")
// ...
hs := http.Server{
// Handler: ...
TLSConfig: &tls.Config{
GetCertificate: lc.GetCertificate,
},
}
// ...
err := hs.ServeTLS(ln, "", "")
When I try running this, on the client side I see:
# curl -vvv https://thing
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
# hangs here forever
Server-side:
2023-03-06 09:42:03 DBG Accept: TCP{a.b.c.d:65336 > d.c.b.a:443} 60 tcp ok
2023-03-06 09:42:03 DBG Accept: TCP{a.b.c.d:65336 > d.c.b.a:443} 52 tcp non-syn
2023-03-06 09:42:03 DBG Accept: TCP{a.b.c.d:65336 > d.c.b.a:443} 569 tcp non-syn
And only once I interrupt curl:
2023/03/06 09:44:03 http: TLS handshake error from a.b.c.d:65358: EOF
All clients show the same behavior.
Without further ideas on debugging this, this seems, that the client thinks they’ve sent some message, but the server either never receives it, or thinks it’s incomplete.
I hope for an embarrassing error on my part. Anyone any ideas?