diff --git a/cmd/tailscale/cli/cli.go b/cmd/tailscale/cli/cli.go
index 1d7f95766..99d533484 100644
--- a/cmd/tailscale/cli/cli.go
+++ b/cmd/tailscale/cli/cli.go
@@ -68,6 +68,7 @@ change in the future.
statusCmd,
pingCmd,
versionCmd,
+ webCmd,
},
FlagSet: rootfs,
Exec: func(context.Context, []string) error { return flag.ErrHelp },
diff --git a/cmd/tailscale/cli/web.go b/cmd/tailscale/cli/web.go
new file mode 100644
index 000000000..a3046efdb
--- /dev/null
+++ b/cmd/tailscale/cli/web.go
@@ -0,0 +1,212 @@
+// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cli
+
+import (
+ "bytes"
+ "context"
+ _ "embed"
+ "encoding/json"
+ "flag"
+ "fmt"
+ "html/template"
+ "log"
+ "net/http"
+ "net/http/cgi"
+ "os/exec"
+ "runtime"
+
+ "github.com/peterbourgon/ff/v2/ffcli"
+ "tailscale.com/client/tailscale"
+ "tailscale.com/ipn"
+ "tailscale.com/types/preftype"
+ "tailscale.com/version/distro"
+)
+
+//go:embed web.html
+var webHTML string
+
+var tmpl = template.Must(template.New("html").Parse(webHTML))
+
+type tmplData struct {
+ SynologyUser string
+ Status string
+ DeviceName string
+ IP string
+}
+
+var webCmd = &ffcli.Command{
+ Name: "web",
+ ShortUsage: "web [flags]",
+ ShortHelp: "Run a web server for controlling Tailscale",
+
+ FlagSet: (func() *flag.FlagSet {
+ webf := flag.NewFlagSet("web", flag.ExitOnError)
+ webf.StringVar(&webArgs.listen, "listen", "localhost:8088", "listen address; use port 0 for automatic")
+ webf.BoolVar(&webArgs.cgi, "cgi", false, "run as CGI script")
+ return webf
+ })(),
+ Exec: runWeb,
+}
+
+var webArgs struct {
+ listen string
+ cgi bool
+}
+
+func runWeb(ctx context.Context, args []string) error {
+ if len(args) > 0 {
+ log.Fatalf("too many non-flag arguments: %q", args)
+ }
+
+ if webArgs.cgi {
+ return cgi.Serve(http.HandlerFunc(webHandler))
+ }
+ return http.ListenAndServe(webArgs.listen, http.HandlerFunc(webHandler))
+}
+
+func auth() (string, error) {
+ if distro.Get() == distro.Synology {
+ cmd := exec.Command("/usr/syno/synoman/webman/modules/authenticate.cgi")
+ out, err := cmd.CombinedOutput()
+ if err != nil {
+ return "", fmt.Errorf("auth: %v: %s", err, out)
+ }
+ return string(out), nil
+ }
+
+ return "", nil
+}
+
+func synoTokenRedirect(w http.ResponseWriter, r *http.Request) bool {
+ if distro.Get() != distro.Synology {
+ return false
+ }
+ if r.Header.Get("X-Syno-Token") != "" {
+ return false
+ }
+ if r.URL.Query().Get("SynoToken") != "" {
+ return false
+ }
+ if r.Method == "POST" && r.FormValue("SynoToken") != "" {
+ return false
+ }
+ // We need a SynoToken for authenticate.cgi.
+ // So we tell the client to get one.
+ serverURL := r.URL.Scheme + "://" + r.URL.Host
+ fmt.Fprintf(w, synoTokenRedirectHTML, serverURL)
+ return true
+}
+
+const synoTokenRedirectHTML = `
+Redirecting with session token...
+
+
+`
+
+func webHandler(w http.ResponseWriter, r *http.Request) {
+ if synoTokenRedirect(w, r) {
+ return
+ }
+
+ user, err := auth()
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusForbidden)
+ return
+ }
+
+ if r.Method == "POST" {
+ type mi map[string]interface{}
+ w.Header().Set("Content-Type", "application/json")
+ url, err := tailscaleUp(r.Context())
+ if err != nil {
+ json.NewEncoder(w).Encode(mi{"error": err})
+ return
+ }
+ json.NewEncoder(w).Encode(mi{"url": url})
+ return
+ }
+
+ st, err := tailscale.Status(r.Context())
+ if err != nil {
+ http.Error(w, err.Error(), 500)
+ }
+
+ data := tmplData{
+ SynologyUser: user,
+ Status: st.BackendState,
+ DeviceName: st.Self.DNSName,
+ }
+ if len(st.TailscaleIPs) != 0 {
+ data.IP = st.TailscaleIPs[0].String()
+ }
+
+ buf := new(bytes.Buffer)
+ if err := tmpl.Execute(buf, data); err != nil {
+ http.Error(w, err.Error(), 500)
+ return
+ }
+ w.Write(buf.Bytes())
+}
+
+// TODO(crawshaw): some of this is very similar to the code in 'tailscale up', can we share anything?
+func tailscaleUp(ctx context.Context) (authURL string, retErr error) {
+ prefs := ipn.NewPrefs()
+ prefs.ControlURL = "https://login.tailscale.com"
+ prefs.WantRunning = true
+ prefs.CorpDNS = true
+ prefs.AllowSingleHosts = true
+ prefs.ForceDaemon = (runtime.GOOS == "windows")
+
+ if distro.Get() == distro.Synology {
+ prefs.NetfilterMode = preftype.NetfilterOff
+ }
+
+ c, bc, ctx, cancel := connect(ctx)
+ defer cancel()
+
+ bc.SetPrefs(prefs)
+
+ opts := ipn.Options{
+ StateKey: ipn.GlobalDaemonStateKey,
+ Notify: func(n ipn.Notify) {
+ if n.ErrMessage != nil {
+ msg := *n.ErrMessage
+ if msg == ipn.ErrMsgPermissionDenied {
+ switch runtime.GOOS {
+ case "windows":
+ msg += " (Tailscale service in use by other user?)"
+ default:
+ msg += " (try 'sudo tailscale up [...]')"
+ }
+ }
+ retErr = fmt.Errorf("backend error: %v", msg)
+ cancel()
+ } else if url := n.BrowseToURL; url != nil {
+ authURL = *url
+ cancel()
+ }
+ },
+ }
+ bc.Start(opts)
+ bc.StartLoginInteractive()
+ pump(ctx, bc, c)
+
+ if authURL == "" && retErr == nil {
+ return "", fmt.Errorf("login failed with no backend error message")
+ }
+ return authURL, retErr
+}
diff --git a/cmd/tailscale/cli/web.html b/cmd/tailscale/cli/web.html
new file mode 100644
index 000000000..99f54561f
--- /dev/null
+++ b/cmd/tailscale/cli/web.html
@@ -0,0 +1,47 @@
+
+Tailscale Client
+
Tailscale
+
{{.SynologyUser}}
+
+
Status:
{{.Status}}
+
Device Name:
{{.DeviceName}}
+
Tailscale IP:
{{.IP}}
+
+
+
+
+
+
+
+
diff --git a/cmd/tailscale/depaware.txt b/cmd/tailscale/depaware.txt
index 74ae1d54e..52bd2fefc 100644
--- a/cmd/tailscale/depaware.txt
+++ b/cmd/tailscale/depaware.txt
@@ -67,7 +67,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
golang.org/x/crypto/poly1305 from golang.org/x/crypto/chacha20poly1305+
golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+
golang.org/x/net/dns/dnsmessage from net
- golang.org/x/net/http/httpguts from net/http
+ golang.org/x/net/http/httpguts from net/http+
golang.org/x/net/http/httpproxy from net/http
golang.org/x/net/http2/hpack from net/http
golang.org/x/net/idna from golang.org/x/net/http/httpguts+
@@ -115,6 +115,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
debug/elf from rsc.io/goversion/version
debug/macho from rsc.io/goversion/version
debug/pe from rsc.io/goversion/version
+ embed from tailscale.com/cmd/tailscale/cli
encoding from encoding/json
encoding/asn1 from crypto/x509+
encoding/base64 from encoding/json+
@@ -130,7 +131,8 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
hash/adler32 from compress/zlib
hash/crc32 from compress/gzip+
hash/maphash from go4.org/mem
- html from tailscale.com/ipn/ipnstate
+ html from tailscale.com/ipn/ipnstate+
+ html/template from tailscale.com/cmd/tailscale/cli
io from bufio+
io/fs from crypto/rand+
io/ioutil from golang.org/x/sys/cpu+
@@ -144,6 +146,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
mime/quotedprintable from mime/multipart
net from crypto/tls+
net/http from expvar+
+ net/http/cgi from tailscale.com/cmd/tailscale/cli
net/http/httptrace from github.com/tcnksm/go-httpstat+
net/http/internal from net/http
net/textproto from golang.org/x/net/http/httpguts+
@@ -154,7 +157,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
path from debug/dwarf+
path/filepath from crypto/x509+
reflect from crypto/x509+
- regexp from rsc.io/goversion/version
+ regexp from rsc.io/goversion/version+
regexp/syntax from regexp
runtime/debug from golang.org/x/sync/singleflight
sort from compress/flate+
@@ -164,6 +167,8 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
sync/atomic from context+
syscall from crypto/rand+
text/tabwriter from github.com/peterbourgon/ff/v2/ffcli+
+ text/template from html/template
+ text/template/parse from html/template+
time from compress/gzip+
unicode from bytes+
unicode/utf16 from encoding/asn1+
diff --git a/cmd/tailscale/tailscale.go b/cmd/tailscale/tailscale.go
index 39d8bf955..c69c86f64 100644
--- a/cmd/tailscale/tailscale.go
+++ b/cmd/tailscale/tailscale.go
@@ -9,12 +9,18 @@ package main // import "tailscale.com/cmd/tailscale"
import (
"fmt"
"os"
+ "path/filepath"
+ "strings"
"tailscale.com/cmd/tailscale/cli"
)
func main() {
- if err := cli.Run(os.Args[1:]); err != nil {
+ args := os.Args[1:]
+ if name, _ := os.Executable(); strings.HasSuffix(filepath.Base(name), ".cgi") {
+ args = []string{"web", "-cgi"}
+ }
+ if err := cli.Run(args); err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}