Skip to content

fix: direct embedded derp traffic directly to the server #6595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 14, 2023
Merged

fix: direct embedded derp traffic directly to the server #6595

merged 1 commit into from
Mar 14, 2023
+34 −38

Conversation

kylecarbs
Copy link
Member

Prior to this change, DERP traffic would route from coderd to the CODER_ACCESS_URL to reach the internal DERP server, which may have resulted in slower connections due to proxying, or the failure of web traffic entirely.

If your Coder deployment has a proxy in front of it, your traffic through web terminals, apps, and port-forwarding is about to get a lot faster!

See coder/tailscale#13

@kylecarbs kylecarbs self-assigned this Mar 14, 2023
@kylecarbs kylecarbs requested a review from mafredri March 14, 2023 14:01
mafredri
mafredri approved these changes Mar 14, 2023
View reviewed changes
coderd/workspaceagents.go Outdated
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
DERPMap: derpMap,
Logger: api.Logger.Named("tailnet"),
BlockEndpoints: true,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we set BlockEndpoints now? I'm sure there's a reason, just wondering. 😄

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a mistake! Fantastic catch 🥴🥴🥴

coderd/workspaceagents.go
})
if err != nil {
_ = clientConn.Close()
_ = serverConn.Close()
return nil, xerrors.Errorf("create tailnet conn: %w", err)
}
conn.SetDERPRegionDialer(func(_ context.Context, region *tailcfg.DERPRegion) net.Conn {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a comment above in the code that seems outdated now?

		// TODO: This should dial directly to execute the
		// DERP server instead of contacting localhost.
		//
		// This requires modification of Tailscale internals
		// to pipe through a proxy function per-region, so
		// this is an easy and mostly reliable hack for now.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great point! I'm happy we're able to take out a TODO!

@kylecarbs
fix: direct embedded derp traffic directly to the server
44081bb 
Prior to this change, DERP traffic would route from `coderd` to the
`CODER_ACCESS_URL` to reach the internal DERP server, which may have
resulted in slower connections due to proxying, or the failure of
web traffic entirely.

If your Coder deployment has a proxy in front of it, your traffic through
web terminals, apps, and port-forwarding is about to get a lot faster!
@kylecarbs kylecarbs enabled auto-merge (squash) March 14, 2023 14:41
@kylecarbs kylecarbs merged commit 17bc579 into main Mar 14, 2023
@kylecarbs kylecarbs deleted the internalderp branch March 14, 2023 14:46
@github-actions github-actions bot locked and limited conversation to collaborators Mar 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mafredri mafredri mafredri approved these changes

Assignees

@kylecarbs kylecarbs

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kylecarbs @mafredri