Open
Conversation
🆕 New Headscale Config Options+ v4
+ v6``` |
There was a problem hiding this comment.
Pull request overview
This PR refactors scripts/container-entrypoint.sh to reduce duplicated conditional logic around choosing the HTTPS vs cleartext Caddy configuration, by introducing a single caddy_config_file variable used for both config generation and Caddy startup.
Changes:
- Introduces
caddy_config_fileas the single source of truth for the chosen Caddy config path. - Removes the dedicated
create_headscale_config/create_caddyfilehelpers and callscreate_config_from_templatedirectly. - Simplifies
start_caddy_serviceto always start Caddy withcaddy_config_file.
Comments suppressed due to low confidence (1)
scripts/container-entrypoint.sh:330
check_caddy_environment_variablescurrently returns early when HTTPS is enabled (the default), which skipsrequire_env_var "ACME_ISSUANCE_EMAIL"and the ACME-related block setup. Conversely, whenDISABLE_HTTPSis set it falls through and does requireACME_ISSUANCE_EMAIL, which will break the cleartext mode. The control flow looks inverted: only the cleartext/DISABLE_HTTPSpath should short-circuit; the HTTPS path should continue to validate ACME settings and populate blocks.
if env_var_is_defined "CADDY_FRONTEND" && [[ "${CADDY_FRONTEND}" = "DISABLE_HTTPS" ]]; then
https_enabled=false
caddy_config_file="${caddyfile_cleartext}"
else
caddy_config_file="${caddyfile_https}"
return
fi
require_env_var "ACME_ISSUANCE_EMAIL"
check_cloudflare_dns_api_key
check_zerossl_eab
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+467
to
+469
| caddy start --config "${caddy_config_file}" || { | ||
| log_error "Failed to start Caddy" | ||
| return |
There was a problem hiding this comment.
The new log message on Caddy startup failure is less actionable than before (it no longer indicates which config file/mode was used). Consider including ${caddy_config_file} (and/or whether HTTPS is enabled) in the error to make container logs easier to troubleshoot.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request simplifies the handling of Caddy configuration in the
container-entrypoint.shscript. The main improvement is the consolidation of logic for selecting and using the appropriate Caddy configuration file, reducing code duplication and making the script easier to maintain. The changes also remove some now-unnecessary helper functions.Improvements to configuration handling:
Introduced the
caddy_config_filevariable to consistently reference the correct Caddy configuration file (either HTTPS or cleartext) throughout the script, reducing repeated conditional logic. [1] [2]Updated the process for creating configuration files to use
create_config_from_templatedirectly with the newcaddy_config_filevariable, removing the dedicatedcreate_headscale_configandcreate_caddyfilehelper functions. [1] [2]Simplification of Caddy startup logic:
start_caddy_servicefunction to always usecaddy_config_filewhen starting Caddy, eliminating the need for repeated conditional checks onhttps_enabled.