shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: wire DERPTLSConfig through CLI, SDK, tailnet, VPN, agent, and health checks (#24435)

Browse Source 
Wire DERPTLSConfig through the CLI, SDK, tailnet, VPN client, agent, and
health checks to allow custom TLS configuration for DERP connections.
The main use case is to be able to set a custom CA and also present
client certs (mTLS). See https://github.com/coder/tailscale/pull/105 for
related changes.

Adds three new global CLI flags:
- `--client-tls-ca-file` / `CODER_CLIENT_TLS_CA_FILE`
- `--client-tls-cert-file` / `CODER_CLIENT_TLS_CERT_FILE`
- `--client-tls-key-file` / `CODER_CLIENT_TLS_KEY_FILE`

Based on community PR #22695 by @ibdafna, with autogeneration issues
fixed (protobuf version mismatches in .pb.go files, golden file
regeneration, lint fixes).

> [!NOTE]
> This PR was authored by Coder Agents on behalf of a Coder team member.

<details>
<summary>Relationship to #22695</summary>

This is a clean reimplementation of the changes from #22695 on top of
current `main`, with the following differences:
- **Removed**: Accidental protobuf version changes in `.pb.go` files
(contributor had `protoc v6.33.4` vs project's `protoc v4.23.4`)
- **Added**: Properly regenerated golden files and docs via `make gen`
- **Fixed**: Lint issue (`var-declaration` revive warning on explicit
type in `createHTTPClient`)
- All meaningful code changes are identical to the original PR
</details>
This commit is contained in:
Spike Curtis
2026-04-16 12:46:52 -04:00
committed by GitHub
parent 7270e01390
commit 4c1a32cd7c
12 changed files with 296 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cli/testdata/coder_--help.golden
Vendored
+11
View File
@@ -70,6 +70,17 @@ GLOBAL OPTIONS:
Global options are applied to all commands. They can be set using environment
variables or flags.
--client-tls-ca-file string, $CODER_CLIENT_TLS_CA_FILE
Path to a CA certificate file to trust for API and DERP connections.
--client-tls-cert-file string, $CODER_CLIENT_TLS_CERT_FILE
Path to a client certificate file for mTLS authentication with API and
DERP. Requires --client-tls-key-file.
--client-tls-key-file string, $CODER_CLIENT_TLS_KEY_FILE
Path to a client private key file for mTLS authentication with API and
DERP. Requires --client-tls-cert-file.
--debug-options bool
Print all options, how they're set, then exit.