feat(vpn): intégration Tailscale/Headscale + URLs publiques par sous-domaine

- Ajout d'un conteneur Tailscale côté serveur pour joindre les agents via IPs Tailscale
- Configuration Headscale exposé en HTTPS via Caddy (headscale.alfrednobel.edudeploy.com)
- Caddy configuré pour les sous-domaines avec TLS on-demand
- Middleware et route proxy Next.js pour router les sous-domaines vers les agents
- Ajout du champ domain sur Establishment et affichage de l'URL publique dans le dashboard
- Agent Windows v0.2.3 avec proxy Tailscale par instance pour contourner Docker Desktop
- Templates WordPress/PrestaShop bindés sur 0.0.0.0 pour être accessibles via Tailscale
This commit is contained in:
root
2026-06-12 21:41:56 +00:00
parent 2dc9ba7b55
commit 852171cc59
18 changed files with 453 additions and 51 deletions
+28
View File
@@ -0,0 +1,28 @@
import { NextRequest, NextResponse } from "next/server";
import { prisma } from "@/lib/prisma";
const MAIN_DOMAIN = process.env.MAIN_DOMAIN || "alfrednobel.edudeploy.com";
export async function GET(req: NextRequest) {
const { searchParams } = new URL(req.url);
const domain = searchParams.get("domain");
if (!domain) {
return NextResponse.json({ ok: false }, { status: 400 });
}
if (domain === MAIN_DOMAIN || domain === `headscale.${MAIN_DOMAIN}`) {
return NextResponse.json({ ok: true });
}
if (!domain.endsWith(`.${MAIN_DOMAIN}`)) {
return NextResponse.json({ ok: false }, { status: 400 });
}
const subdomain = domain.replace(`.${MAIN_DOMAIN}`, "");
const instance = await prisma.instance.findUnique({
where: { id: subdomain },
});
return NextResponse.json({ ok: !!instance });
}
+51 -5
View File
@@ -18,10 +18,37 @@ export async function GET(req: NextRequest) {
const instances = await prisma.instance.findMany({
where,
include: { node: { include: { student: { include: { class: true } } } }, template: true },
include: {
node: {
include: {
student: {
include: {
class: {
include: {
establishment: true,
},
},
},
},
},
},
template: true,
},
orderBy: { createdAt: "desc" },
});
return NextResponse.json(instances);
const enriched = instances.map((inst) => {
const domain = inst.node.student?.class.establishment?.domain;
const publicUrl = domain
? `https://${inst.id}.${domain}`
: null;
return {
...inst,
publicUrl,
};
});
return NextResponse.json(enriched);
}
export async function POST(req: NextRequest) {
@@ -35,12 +62,24 @@ export async function POST(req: NextRequest) {
data: { nodeId, templateId, port: port || 8080, status: "stopped" },
});
const node = await prisma.node.findUnique({
where: { id: nodeId },
include: { student: { include: { class: { include: { establishment: true } } } } },
});
const domain = node?.student?.class.establishment?.domain;
const publicUrl = domain ? `https://${instance.id}.${domain}` : null;
const sent = sendToNode(nodeId, {
action: "start",
instanceId: instance.id,
type: template.type,
port: instance.port,
composeConfig: template.composeConfig.replace(/{PORT}/g, String(instance.port)).replace(/{INSTANCE_ID}/g, instance.id),
composeConfig: template.composeConfig
.replace(/{PORT}/g, String(instance.port))
.replace(/{INSTANCE_ID}/g, instance.id)
.replace(/{PUBLIC_URL}/g, publicUrl || `http://localhost:${instance.port}`)
.replace(/{PUBLIC_DOMAIN}/g, domain || "localhost"),
});
if (!sent) {
@@ -53,9 +92,12 @@ export async function POST(req: NextRequest) {
export async function PATCH(req: NextRequest) {
const body = await req.json();
const { id, action } = body;
const instance = await prisma.instance.findUnique({ where: { id }, include: { template: true } });
const instance = await prisma.instance.findUnique({ where: { id }, include: { template: true, node: { include: { student: { include: { class: { include: { establishment: true } } } } } } } });
if (!instance) return NextResponse.json({ error: "Not found" }, { status: 404 });
const domain = instance.node.student?.class.establishment?.domain;
const publicUrl = domain ? `https://${instance.id}.${domain}` : null;
if (action === "stop") {
sendToNode(instance.nodeId, { action: "stop", instanceId: instance.id });
await prisma.instance.update({ where: { id }, data: { status: "stopped" } });
@@ -65,7 +107,11 @@ export async function PATCH(req: NextRequest) {
instanceId: instance.id,
type: instance.template.type,
port: instance.port,
composeConfig: instance.template.composeConfig.replace(/{PORT}/g, String(instance.port)).replace(/{INSTANCE_ID}/g, instance.id),
composeConfig: instance.template.composeConfig
.replace(/{PORT}/g, String(instance.port))
.replace(/{INSTANCE_ID}/g, instance.id)
.replace(/{PUBLIC_URL}/g, publicUrl || `http://localhost:${instance.port}`)
.replace(/{PUBLIC_DOMAIN}/g, domain || "localhost"),
});
if (!sent) await prisma.instance.update({ where: { id }, data: { status: "error" } });
} else if (action === "reset") {
+63
View File
@@ -0,0 +1,63 @@
import { NextRequest, NextResponse } from "next/server";
import { prisma } from "@/lib/prisma";
const MAIN_DOMAIN = process.env.MAIN_DOMAIN || "alfrednobel.edudeploy.com";
async function proxyRequest(req: NextRequest) {
const host = req.headers.get("host") || "";
const cleanHost = host.split(":")[0];
if (!cleanHost.endsWith(`.${MAIN_DOMAIN}`)) {
return NextResponse.json({ error: "Invalid host" }, { status: 404 });
}
const subdomain = cleanHost.replace(`.${MAIN_DOMAIN}`, "");
const instance = await prisma.instance.findUnique({
where: { id: subdomain },
include: { node: true },
});
if (!instance || !instance.node?.tailscaleIp) {
return NextResponse.json(
{ error: "Instance not found or not connected" },
{ status: 404 }
);
}
const targetUrl = new URL(req.url);
const upstream = `http://${instance.node.tailscaleIp}:${instance.port}${targetUrl.pathname}${targetUrl.search}`;
const headers = new Headers(req.headers);
headers.delete("host");
headers.set("host", cleanHost);
const upstreamRes = await fetch(upstream, {
method: req.method,
headers,
body:
req.method !== "GET" && req.method !== "HEAD"
? (req.body as BodyInit)
: undefined,
redirect: "manual",
});
const responseHeaders = new Headers(upstreamRes.headers);
// Remove content-encoding because Next.js/fetch handles decompression automatically
responseHeaders.delete("content-encoding");
responseHeaders.delete("content-length");
return new Response(upstreamRes.body, {
status: upstreamRes.status,
statusText: upstreamRes.statusText,
headers: responseHeaders,
});
}
export const GET = proxyRequest;
export const POST = proxyRequest;
export const PUT = proxyRequest;
export const PATCH = proxyRequest;
export const DELETE = proxyRequest;
export const HEAD = proxyRequest;
export const OPTIONS = proxyRequest;
+15 -3
View File
@@ -21,10 +21,18 @@ export default async function InstancesPage() {
where: establishmentId
? { node: { student: { class: { establishmentId } } } }
: {},
include: { node: { include: { student: { include: { class: true } } } }, template: true },
include: { node: { include: { student: { include: { class: { include: { establishment: true } } } } } }, template: true },
orderBy: { createdAt: "desc" },
});
const enrichedInstances = instances.map((inst) => {
const domain = inst.node.student?.class.establishment?.domain;
return {
...inst,
publicUrl: domain ? `https://${inst.id}.${domain}` : null,
};
});
return (
<div className="space-y-6">
<div className="flex items-center justify-between">
@@ -44,11 +52,12 @@ export default async function InstancesPage() {
<TableHead>Étudiant</TableHead>
<TableHead>Port</TableHead>
<TableHead>Statut</TableHead>
<TableHead>URL publique</TableHead>
<TableHead>Actions</TableHead>
</TableRow>
</TableHeader>
<TableBody>
{instances.map((inst) => (
{enrichedInstances.map((inst: any) => (
<TableRow key={inst.id}>
<TableCell className="font-medium">{inst.id.slice(0, 8)}...</TableCell>
<TableCell>{inst.template.name}</TableCell>
@@ -58,6 +67,9 @@ export default async function InstancesPage() {
<TableCell>
<Badge variant={inst.status === "running" ? "success" : inst.status === "error" ? "destructive" : "secondary"}>{inst.status}</Badge>
</TableCell>
<TableCell>
{inst.publicUrl ? <a href={inst.publicUrl} target="_blank" rel="noopener" className="text-blue-600 hover:underline">{inst.publicUrl}</a> : "-"}
</TableCell>
<TableCell>
<InstanceActions instanceId={inst.id} status={inst.status} />
</TableCell>
@@ -65,7 +77,7 @@ export default async function InstancesPage() {
))}
{instances.length === 0 && (
<TableRow>
<TableCell colSpan={7} className="text-center text-muted-foreground">Aucune instance</TableCell>
<TableCell colSpan={8} className="text-center text-muted-foreground">Aucune instance</TableCell>
</TableRow>
)}
</TableBody>