mirror of https://github.com/coder/coder.git
feat: allow disabling stun addresses via env (#7066)
* feat: allow disabling stun addresses via env Resolves #6791 * Specify a dummy access URL so the tunnel wouldn't start * Document --------- Co-authored-by: Kyle Carberry <kyle@carberry.com>
This commit is contained in:
parent
25c1e45930
commit
c6b2861493
|
@ -390,6 +390,19 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
|
|||
if !cfg.DERP.Server.Enable {
|
||||
defaultRegion = nil
|
||||
}
|
||||
|
||||
// HACK: see https://github.com/coder/coder/issues/6791.
|
||||
for _, addr := range cfg.DERP.Server.STUNAddresses {
|
||||
if addr != "disable" {
|
||||
continue
|
||||
}
|
||||
err := cfg.DERP.Server.STUNAddresses.Replace(nil)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
break
|
||||
}
|
||||
|
||||
derpMap, err := tailnet.NewDERPMap(
|
||||
ctx, defaultRegion, cfg.DERP.Server.STUNAddresses,
|
||||
cfg.DERP.Config.URL.String(), cfg.DERP.Config.Path.String(),
|
||||
|
|
|
@ -1491,6 +1491,31 @@ func TestServer(t *testing.T) {
|
|||
w.RequireSuccess()
|
||||
})
|
||||
})
|
||||
t.Run("DisableDERP", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
// Make sure that $CODER_DERP_SERVER_STUN_ADDRESSES can be set to
|
||||
// disable STUN.
|
||||
|
||||
inv, cfg := clitest.New(t,
|
||||
"server",
|
||||
"--in-memory",
|
||||
"--http-address", ":0",
|
||||
"--access-url", "https://example.com",
|
||||
)
|
||||
inv.Environ.Set("CODER_DERP_SERVER_STUN_ADDRESSES", "disable")
|
||||
ptytest.New(t).Attach(inv)
|
||||
clitest.Start(t, inv)
|
||||
gotURL := waitAccessURL(t, cfg)
|
||||
client := codersdk.New(gotURL)
|
||||
|
||||
ctx := testutil.Context(t, testutil.WaitMedium)
|
||||
_ = coderdtest.CreateFirstUser(t, client)
|
||||
gotConfig, err := client.DeploymentConfig(ctx)
|
||||
require.NoError(t, err)
|
||||
|
||||
require.Len(t, gotConfig.Values.DERP.Server.STUNAddresses, 0)
|
||||
})
|
||||
}
|
||||
|
||||
func generateTLSCertificate(t testing.TB, commonName ...string) (certPath, keyPath string) {
|
||||
|
|
|
@ -168,8 +168,8 @@ backed by Tailscale and WireGuard.
|
|||
Region name that for the embedded DERP server.
|
||||
|
||||
--derp-server-stun-addresses string-array, $CODER_DERP_SERVER_STUN_ADDRESSES (default: stun.l.google.com:19302)
|
||||
Addresses for STUN servers to establish P2P connections. Set empty to
|
||||
disable P2P connections.
|
||||
Addresses for STUN servers to establish P2P connections. Use special
|
||||
value 'disable' to turn off STUN.
|
||||
|
||||
[1mNetworking / HTTP Options[0m
|
||||
--disable-password-auth bool, $CODER_DISABLE_PASSWORD_AUTH
|
||||
|
|
|
@ -105,8 +105,8 @@ networking:
|
|||
# Region name that for the embedded DERP server.
|
||||
# (default: Coder Embedded Relay, type: string)
|
||||
regionName: Coder Embedded Relay
|
||||
# Addresses for STUN servers to establish P2P connections. Set empty to disable
|
||||
# P2P connections.
|
||||
# Addresses for STUN servers to establish P2P connections. Use special value
|
||||
# 'disable' to turn off STUN.
|
||||
# (default: stun.l.google.com:19302, type: string-array)
|
||||
stunAddresses:
|
||||
- stun.l.google.com:19302
|
||||
|
|
|
@ -666,7 +666,7 @@ when required by your organization's security policy.`,
|
|||
},
|
||||
{
|
||||
Name: "DERP Server STUN Addresses",
|
||||
Description: "Addresses for STUN servers to establish P2P connections. Set empty to disable P2P connections.",
|
||||
Description: "Addresses for STUN servers to establish P2P connections. Use special value 'disable' to turn off STUN.",
|
||||
Flag: "derp-server-stun-addresses",
|
||||
Env: "CODER_DERP_SERVER_STUN_ADDRESSES",
|
||||
Default: "stun.l.google.com:19302",
|
||||
|
|
|
@ -171,7 +171,7 @@ An HTTP URL that is accessible by other replicas to relay DERP traffic. Required
|
|||
| YAML | <code>networking.derp.stunAddresses</code> |
|
||||
| Default | <code>stun.l.google.com:19302</code> |
|
||||
|
||||
Addresses for STUN servers to establish P2P connections. Set empty to disable P2P connections.
|
||||
Addresses for STUN servers to establish P2P connections. Use special value 'disable' to turn off STUN.
|
||||
|
||||
### --disable-owner-workspace-access
|
||||
|
||||
|
|
Loading…
Reference in New Issue