Dropserver Progress - May 2025

This is the progress report for Dropserver for May 2025. The previous report is here.

Quick one this month because I was away on vacation for a good chunk of May.

Tailscale Integration

Tailscale integration is nearly done now. I’m knocking out items on my todo list. The main thing I did this month was to experiment again with the open source alternatives to Tailscale Headscale and Ionscale.

I would really like for Dropserver to work with open alternatives to Tailscale, which is why I spent a decent amount of time trying both of them again.

Headscale

A major blocker with using Headscale with Dropserver is that it does not support serving over HTTPS. This means you do not get a Secure Context, which can affect some apps. In my Leftovers app, the lack of secure context blocks use of the camera, and you can’t take pictures of the food you put in the fridge. Bummer.

I had filed an issue some time ago which resulted in a long discussion but little action (I personally do not have it in me to implement this for the Headscale project, sorry). Now, there is a new issue by the maintainer laying out the roadmap for this feature to be implemented. So maybe Headscale will some day get HTTPS support for serve.

A separate issue I ran into was that tailnet peers are apparently not sent to tagged devices. This is a problem because Dropserver Tailnet nodes are tagged since they are non-user devices, and the list of peers is used to associate tailnet users to Dropserver and appspace users.

Ionscale

I had to fiddle quite a bit to get Ionscale going. There are a number of issues in the docs that slowed me down.

However I did get it working (to a point). Tags were not being sent to the node which caused ds-host to warn that a tag had to be applied to the node for it to work. Luckily this was resolved promptly.

I even got serve over HTTPS to work (though not before filing another issue). Ionscale is able to generate a certificate for your node if you provide it with a DNS nameserver and an API key.

Ionscale requires an OIDC provider to support the concept of a “user”. Wihtout that you don’t get peers at the node, and you have the same problme as with Headscale. I didn’t have it in me to sort out an OIDC situation after all the time spent on this, so I decided to move on. If someone wants to use Ionscale with Dropserver and it doesn’t work despite setting up OIDC, I hope they’ll file an issue.

Docs

I started writing docs for connecting to Dropserver and Appspaces using Tailscale or its alternative open source clones.

Good docs will be important here so I’m starting now.

Naming things

I grew uncomfortable having references to “Tailscale” in the UI when there is a chance that Headscale or Ionscale is used. The term tsnet which is the tailscale library has no meaning for users. I decided to change the UI to use the term “tailnet” as much as possible. I found that this term is used by both Headscale and Ionscale, and it is apparently not trademarked.

I’ll still use Tailscale when it’s directly relevant.

Finally I use it in the title of the UI box: “Tailscale Node”. If a user connects to a non-Tailscale tailnet, the title changes “Tailnet Node”. Tailscale has a lot of name recognition, and I think it will be easier for users to get what that UI offers by using the full brand name.

The Ever Dwindling TODO List

I’m at the phase of the project where the TODO list is no longer growing. In fact at this point it’s pretty short and it’s getting shorter.

I’m not going to say what I hope to have done by the end of June. Nope. Not gonna say it.

I’ll see you right here next month, whatever happens (or doesn’t happen).

Olivier Forget

Los Angeles, USA
RSS Email Mastodon BlueSky

Aerospace Engineer turned sofware developer and bootstrappin' entrepreneur.