starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-13 12:50:32 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed #454

New Issue
Closed
opened 2025-12-29 01:29:35 +01:00 by adam · 10 comments
adam commented 2025-12-29 01:29:35 +01:00
Owner
Copy Link

Originally created by @itzhang89 on GitHub (Mar 28, 2023).

After install the headscale and config a nginx as reverse-proxy. I can add the node and register success, but the headscale service display lots of the error message.

root@oci2:/home/ubuntu# headscale version
v0.21.0
root@oci2:/home/ubuntu# tailscale version
1.38.2
  tailscale commit: 22b8d09d60c4610a36409bbf8e46db3561486d44
  other commit: 1c4d8e1f51552d22312b4cfe01efe5a61f35b3fb
  go version: go1.20.1-tsdb4dc90
root@oci2:/home/ubuntu# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.1 LTS
Release:	22.04
Codename:	jammy

my config.yaml is

root@oci2:/home/ubuntu# cat /etc/headscale/config.yaml
---
server_url: https://headscale.xxx.xxx
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 127.0.0.1:9090
grpc_listen_addr: 127.0.0.1:50443
grpc_allow_insecure: false
private_key_path: /var/lib/headscale/private.key
noise:
  private_key_path: /var/lib/headscale/noise_private.key

ip_prefixes:
  - fd7a:115c:a1e0::/48
  - 10.0.10.0/24

derp:
  server:
    enabled: false
    region_id: 999
    region_code: "headscale"
    region_name: "Headscale Embedded DERP"
    stun_listen_addr: "0.0.0.0:3478"
  urls:
    - https://controlplane.tailscale.com/derpmap/default
  paths: []
  auto_update_enabled: true
  update_frequency: 24h
disable_check_updates: false
ephemeral_node_inactivity_timeout: 30m
node_update_check_interval: 10s
db_type: sqlite3
db_path: /var/lib/headscale/db.sqlite

log:
  format: text
  level: info
acl_policy_path: ""
dns_config:
  override_local_dns: true
  nameservers:
    - 114.114.114.114
  domains: []
  magic_dns: true
  base_domain: example.com
unix_socket: /var/run/headscale/headscale.sock
unix_socket_permission: "0770"
logtail:
  enabled: false
randomize_client_port: false

the nginx config is config according the document

root@oci1:/home/ubuntu# cat /etc/nginx/conf.d/headscale.conf
map $http_upgrade $connection_upgrade {
    default      keep-alive;
    'websocket'  upgrade;
    ''           close;
}

server {
    listen 80;
	listen [::]:80;

	listen 443      ssl http2;
	listen [::]:443 ssl http2;

    server_name headscale.xxx.xxx;

    ssl_certificate cert/9510651_headscale.xxx.xxx.pem;
    ssl_certificate_key cert/9510651_headscale.xxx.xxx.key;
    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
        proxy_pass http://oci2:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $server_name;
        proxy_redirect http:// https://;
        proxy_buffering off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    }
}

Context info

This error message appears very frequently

root@oci2:/home/ubuntu# systemctl status headscale
● headscale.service - headscale controller
     Loaded: loaded (/etc/systemd/system/headscale.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-03-28 15:17:59 UTC; 23min ago
   Main PID: 855 (headscale)
      Tasks: 8 (limit: 1074)
     Memory: 51.0M
        CPU: 2.474s
     CGroup: /system.slice/headscale.service
             └─855 /usr/local/bin/headscale serve

Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285)
Mar 28 15:41:21 oci2 headscale[855]: 2023-03-28T15:41:21Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed"
Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50)
Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285)
Mar 28 15:41:50 oci2 headscale[855]: 2023-03-28T15:41:50Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed"
Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50)
Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285)
Mar 28 15:41:50 oci2 headscale[855]: 2023-03-28T15:41:50Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed"
Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50)
Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285)
Originally created by @itzhang89 on GitHub (Mar 28, 2023). <!-- Headscale is a multinational community across the globe. Our common language is English. Please consider raising the bug report in this language. --> After install the headscale and config a nginx as reverse-proxy. I can add the node and register success, but the headscale service display lots of the error message. ``` root@oci2:/home/ubuntu# headscale version v0.21.0 root@oci2:/home/ubuntu# tailscale version 1.38.2 tailscale commit: 22b8d09d60c4610a36409bbf8e46db3561486d44 other commit: 1c4d8e1f51552d22312b4cfe01efe5a61f35b3fb go version: go1.20.1-tsdb4dc90 root@oci2:/home/ubuntu# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.1 LTS Release: 22.04 Codename: jammy ``` <!-- A clear and concise description of what the bug is. Describe the expected bahavior and how it is currently different. If you are unsure if it is a bug, consider discussing it on our Discord server first. --> my config.yaml is ``` root@oci2:/home/ubuntu# cat /etc/headscale/config.yaml --- server_url: https://headscale.xxx.xxx listen_addr: 0.0.0.0:8080 metrics_listen_addr: 127.0.0.1:9090 grpc_listen_addr: 127.0.0.1:50443 grpc_allow_insecure: false private_key_path: /var/lib/headscale/private.key noise: private_key_path: /var/lib/headscale/noise_private.key ip_prefixes: - fd7a:115c:a1e0::/48 - 10.0.10.0/24 derp: server: enabled: false region_id: 999 region_code: "headscale" region_name: "Headscale Embedded DERP" stun_listen_addr: "0.0.0.0:3478" urls: - https://controlplane.tailscale.com/derpmap/default paths: [] auto_update_enabled: true update_frequency: 24h disable_check_updates: false ephemeral_node_inactivity_timeout: 30m node_update_check_interval: 10s db_type: sqlite3 db_path: /var/lib/headscale/db.sqlite log: format: text level: info acl_policy_path: "" dns_config: override_local_dns: true nameservers: - 114.114.114.114 domains: [] magic_dns: true base_domain: example.com unix_socket: /var/run/headscale/headscale.sock unix_socket_permission: "0770" logtail: enabled: false randomize_client_port: false ``` the nginx config is config according the document ``` root@oci1:/home/ubuntu# cat /etc/nginx/conf.d/headscale.conf map $http_upgrade $connection_upgrade { default keep-alive; 'websocket' upgrade; '' close; } server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name headscale.xxx.xxx; ssl_certificate cert/9510651_headscale.xxx.xxx.pem; ssl_certificate_key cert/9510651_headscale.xxx.xxx.key; ssl_protocols TLSv1.2 TLSv1.3; location / { proxy_pass http://oci2:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $server_name; proxy_redirect http:// https://; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; } } ``` <!-- Steps to reproduce the behavior. --> **Context info** <!-- Please add relevant information about your system. For example: - Version of headscale used - Version of tailscale client - OS (e.g. Linux, Mac, Cygwin, WSL, etc.) and version - Kernel version - The relevant config parameters you used - Log output --> This error message appears very frequently ``` root@oci2:/home/ubuntu# systemctl status headscale ● headscale.service - headscale controller Loaded: loaded (/etc/systemd/system/headscale.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2023-03-28 15:17:59 UTC; 23min ago Main PID: 855 (headscale) Tasks: 8 (limit: 1074) Memory: 51.0M CPU: 2.474s CGroup: /system.slice/headscale.service └─855 /usr/local/bin/headscale serve Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285) Mar 28 15:41:21 oci2 headscale[855]: 2023-03-28T15:41:21Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed" Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50) Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285) Mar 28 15:41:50 oci2 headscale[855]: 2023-03-28T15:41:50Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed" Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50) Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285) Mar 28 15:41:50 oci2 headscale[855]: 2023-03-28T15:41:50Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed" Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50) Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285) ```
adam added the bug label 2025-12-29 01:29:35 +01:00
adam closed this issue 2025-12-29 01:29:36 +01:00
adam commented 2025-12-29 01:29:36 +01:00
Author
Owner
Copy Link

@stazeng commented on GitHub (Apr 10, 2023):

After install the headscale and config a nginx as reverse-proxy. I can add the node and register success, but the headscale service display lots of the error message.

root@oci2:/home/ubuntu# headscale version
v0.21.0
root@oci2:/home/ubuntu# tailscale version
1.38.2
  tailscale commit: 22b8d09d60c4610a36409bbf8e46db3561486d44
  other commit: 1c4d8e1f51552d22312b4cfe01efe5a61f35b3fb
  go version: go1.20.1-tsdb4dc90
root@oci2:/home/ubuntu# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.1 LTS
Release:	22.04
Codename:	jammy

my config.yaml is

root@oci2:/home/ubuntu# cat /etc/headscale/config.yaml
---
server_url: https://headscale.xxx.xxx
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 127.0.0.1:9090
grpc_listen_addr: 127.0.0.1:50443
grpc_allow_insecure: false
private_key_path: /var/lib/headscale/private.key
noise:
  private_key_path: /var/lib/headscale/noise_private.key

ip_prefixes:
  - fd7a:115c:a1e0::/48
  - 10.0.10.0/24

derp:
  server:
    enabled: false
    region_id: 999
    region_code: "headscale"
    region_name: "Headscale Embedded DERP"
    stun_listen_addr: "0.0.0.0:3478"
  urls:
    - https://controlplane.tailscale.com/derpmap/default
  paths: []
  auto_update_enabled: true
  update_frequency: 24h
disable_check_updates: false
ephemeral_node_inactivity_timeout: 30m
node_update_check_interval: 10s
db_type: sqlite3
db_path: /var/lib/headscale/db.sqlite

log:
  format: text
  level: info
acl_policy_path: ""
dns_config:
  override_local_dns: true
  nameservers:
    - 114.114.114.114
  domains: []
  magic_dns: true
  base_domain: example.com
unix_socket: /var/run/headscale/headscale.sock
unix_socket_permission: "0770"
logtail:
  enabled: false
randomize_client_port: false

the nginx config is config according the document

root@oci1:/home/ubuntu# cat /etc/nginx/conf.d/headscale.conf
map $http_upgrade $connection_upgrade {
    default      keep-alive;
    'websocket'  upgrade;
    ''           close;
}

server {
    listen 80;
	listen [::]:80;

	listen 443      ssl http2;
	listen [::]:443 ssl http2;

    server_name headscale.xxx.xxx;

    ssl_certificate cert/9510651_headscale.xxx.xxx.pem;
    ssl_certificate_key cert/9510651_headscale.xxx.xxx.key;
    ssl_protocols TLSv1.2 TLSv1.3;

    location / {
        proxy_pass http://oci2:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Host $server_name;
        proxy_redirect http:// https://;
        proxy_buffering off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    }
}

Context info

This error message appears very frequently

root@oci2:/home/ubuntu# systemctl status headscale
● headscale.service - headscale controller
     Loaded: loaded (/etc/systemd/system/headscale.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-03-28 15:17:59 UTC; 23min ago
   Main PID: 855 (headscale)
      Tasks: 8 (limit: 1074)
     Memory: 51.0M
        CPU: 2.474s
     CGroup: /system.slice/headscale.service
             └─855 /usr/local/bin/headscale serve

Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285)
Mar 28 15:41:21 oci2 headscale[855]: 2023-03-28T15:41:21Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed"
Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50)
Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285)
Mar 28 15:41:50 oci2 headscale[855]: 2023-03-28T15:41:50Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed"
Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50)
Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285)
Mar 28 15:41:50 oci2 headscale[855]: 2023-03-28T15:41:50Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed"
Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50)
Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285)

请在反向代理中开启“websocket support”选项。

@stazeng commented on GitHub (Apr 10, 2023): > After install the headscale and config a nginx as reverse-proxy. I can add the node and register success, but the headscale service display lots of the error message. > > ``` > root@oci2:/home/ubuntu# headscale version > v0.21.0 > root@oci2:/home/ubuntu# tailscale version > 1.38.2 > tailscale commit: 22b8d09d60c4610a36409bbf8e46db3561486d44 > other commit: 1c4d8e1f51552d22312b4cfe01efe5a61f35b3fb > go version: go1.20.1-tsdb4dc90 > root@oci2:/home/ubuntu# lsb_release -a > No LSB modules are available. > Distributor ID: Ubuntu > Description: Ubuntu 22.04.1 LTS > Release: 22.04 > Codename: jammy > ``` > > my config.yaml is > > ``` > root@oci2:/home/ubuntu# cat /etc/headscale/config.yaml > --- > server_url: https://headscale.xxx.xxx > listen_addr: 0.0.0.0:8080 > metrics_listen_addr: 127.0.0.1:9090 > grpc_listen_addr: 127.0.0.1:50443 > grpc_allow_insecure: false > private_key_path: /var/lib/headscale/private.key > noise: > private_key_path: /var/lib/headscale/noise_private.key > > ip_prefixes: > - fd7a:115c:a1e0::/48 > - 10.0.10.0/24 > > derp: > server: > enabled: false > region_id: 999 > region_code: "headscale" > region_name: "Headscale Embedded DERP" > stun_listen_addr: "0.0.0.0:3478" > urls: > - https://controlplane.tailscale.com/derpmap/default > paths: [] > auto_update_enabled: true > update_frequency: 24h > disable_check_updates: false > ephemeral_node_inactivity_timeout: 30m > node_update_check_interval: 10s > db_type: sqlite3 > db_path: /var/lib/headscale/db.sqlite > > log: > format: text > level: info > acl_policy_path: "" > dns_config: > override_local_dns: true > nameservers: > - 114.114.114.114 > domains: [] > magic_dns: true > base_domain: example.com > unix_socket: /var/run/headscale/headscale.sock > unix_socket_permission: "0770" > logtail: > enabled: false > randomize_client_port: false > ``` > > the nginx config is config according the document > > ``` > root@oci1:/home/ubuntu# cat /etc/nginx/conf.d/headscale.conf > map $http_upgrade $connection_upgrade { > default keep-alive; > 'websocket' upgrade; > '' close; > } > > server { > listen 80; > listen [::]:80; > > listen 443 ssl http2; > listen [::]:443 ssl http2; > > server_name headscale.xxx.xxx; > > ssl_certificate cert/9510651_headscale.xxx.xxx.pem; > ssl_certificate_key cert/9510651_headscale.xxx.xxx.key; > ssl_protocols TLSv1.2 TLSv1.3; > > location / { > proxy_pass http://oci2:8080; > proxy_http_version 1.1; > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection $connection_upgrade; > proxy_set_header Host $server_name; > proxy_redirect http:// https://; > proxy_buffering off; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; > add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; > } > } > ``` > > **Context info** > > This error message appears very frequently > > ``` > root@oci2:/home/ubuntu# systemctl status headscale > ● headscale.service - headscale controller > Loaded: loaded (/etc/systemd/system/headscale.service; enabled; vendor preset: enabled) > Active: active (running) since Tue 2023-03-28 15:17:59 UTC; 23min ago > Main PID: 855 (headscale) > Tasks: 8 (limit: 1074) > Memory: 51.0M > CPU: 2.474s > CGroup: /system.slice/headscale.service > └─855 /usr/local/bin/headscale serve > > Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285) > Mar 28 15:41:21 oci2 headscale[855]: 2023-03-28T15:41:21Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed" > Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50) > Mar 28 15:41:21 oci2 headscale[855]: 2023/03/28 15:41:21 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285) > Mar 28 15:41:50 oci2 headscale[855]: 2023-03-28T15:41:50Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed" > Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50) > Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285) > Mar 28 15:41:50 oci2 headscale[855]: 2023-03-28T15:41:50Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed" > Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale.(*Headscale).NoiseUpgradeHandler (noise.go:50) > Mar 28 15:41:50 oci2 headscale[855]: 2023/03/28 15:41:50 http: response.Write on hijacked connection from fmt.Fprintln (print.go:285) > ``` 请在反向代理中开启“websocket support”选项。
adam commented 2025-12-29 01:29:36 +01:00
Author
Owner
Copy Link

@juanfont commented on GitHub (May 7, 2023):

Please take a look to our community-maintained reverse proxy documentation https://headscale.net/reverse-proxy/

@juanfont commented on GitHub (May 7, 2023): Please take a look to our community-maintained reverse proxy documentation https://headscale.net/reverse-proxy/
adam commented 2025-12-29 01:29:36 +01:00
Author
Owner
Copy Link

@qinshuang commented on GitHub (May 17, 2024):

I still have this problem. I tried to add the WebSocket proxy at nginx's config. but still prints logs frequently.

Environment:

  • healheadscale:0.23.0-alpha11

Error log:

headscale     | 2024-05-17T00:20:26-07:00 ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed"
headscale     | 2024/05/17 00:20:26 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale/hscontrol.(*Headscale).NoiseUpgradeHandler (noise.go:84)
headscale     | 2024/05/17 00:20:26 http: response.Write on hijacked connection from fmt.Fprintln (print.go:305)
headscale     | 2024-05-17T00:20:28-07:00 ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed"
headscale     | 2024/05/17 00:20:28 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale/hscontrol.(*Headscale).NoiseUpgradeHandler (noise.go:84)
headscale     | 2024/05/17 00:20:28 http: response.Write on hijacked connection from fmt.Fprintln (print.go:305)
@qinshuang commented on GitHub (May 17, 2024): I still have this problem. I tried to add the WebSocket proxy at nginx's config. but still prints logs frequently. Environment: * healheadscale:0.23.0-alpha11 Error log: ``` headscale | 2024-05-17T00:20:26-07:00 ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed" headscale | 2024/05/17 00:20:26 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale/hscontrol.(*Headscale).NoiseUpgradeHandler (noise.go:84) headscale | 2024/05/17 00:20:26 http: response.Write on hijacked connection from fmt.Fprintln (print.go:305) headscale | 2024-05-17T00:20:28-07:00 ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed" headscale | 2024/05/17 00:20:28 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale/hscontrol.(*Headscale).NoiseUpgradeHandler (noise.go:84) headscale | 2024/05/17 00:20:28 http: response.Write on hijacked connection from fmt.Fprintln (print.go:305) ```
adam commented 2025-12-29 01:29:37 +01:00
Author
Owner
Copy Link

@ghost commented on GitHub (May 24, 2024):

Same issue here on v0.23.0-alpha9, but I am still able to add nodes:

24 16:49:28 fasttrack headscale[1379]: 2024-05-24T16:49:28Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed" May 24 16:49:28 fasttrack headscale[1379]: 2024/05/24 16:49:28 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale/hscontrol.(*Headscale).NoiseUpgradeHandler (noise.go:84) May 24 16:49:28 fasttrack headscale[1379]: 2024/05/24 16:49:28 http: response.Write on hijacked connection from fmt.Fprintln (print.go:305)

@ghost commented on GitHub (May 24, 2024): Same issue here on v0.23.0-alpha9, but I am still able to add nodes: ` 24 16:49:28 fasttrack headscale[1379]: 2024-05-24T16:49:28Z ERR noise upgrade failed error="noise handshake failed: decrypting machine key: chacha20poly1305: message authentication failed" May 24 16:49:28 fasttrack headscale[1379]: 2024/05/24 16:49:28 http: response.WriteHeader on hijacked connection from github.com/juanfont/headscale/hscontrol.(*Headscale).NoiseUpgradeHandler (noise.go:84) May 24 16:49:28 fasttrack headscale[1379]: 2024/05/24 16:49:28 http: response.Write on hijacked connection from fmt.Fprintln (print.go:305)`
adam commented 2025-12-29 01:29:38 +01:00
Author
Owner
Copy Link

@ZacharyRen77 commented on GitHub (Oct 28, 2024):

how did you fix it

@ZacharyRen77 commented on GitHub (Oct 28, 2024): how did you fix it
adam commented 2025-12-29 01:29:38 +01:00
Author
Owner
Copy Link

@TornaxO7 commented on GitHub (Jan 17, 2025):

I'm using v0.24.0 with traefik and it's still happening after setting

listen_addr: 0.0.0.0:8080
@TornaxO7 commented on GitHub (Jan 17, 2025): I'm using v0.24.0 with traefik and it's still happening after setting ```yaml listen_addr: 0.0.0.0:8080 ```
adam commented 2025-12-29 01:29:38 +01:00
Author
Owner
Copy Link

@TornaxO7 commented on GitHub (Jan 18, 2025):

Is it a security bug or is it fine to let it be?

@TornaxO7 commented on GitHub (Jan 18, 2025): Is it a security bug or is it fine to let it be?
adam commented 2025-12-29 01:29:38 +01:00
Author
Owner
Copy Link

@wx2020 commented on GitHub (May 17, 2025):

the latest v0.26.0 STILL show it.

@wx2020 commented on GitHub (May 17, 2025): the latest v0.26.0 STILL show it.
adam commented 2025-12-29 01:29:39 +01:00
Author
Owner
Copy Link

@DutchEllie commented on GitHub (Jun 21, 2025):

How in god's name is this still broken, years later, with NO solution!?
What the fuck!? I innocently upgraded from an ancient version to the latest version, but I never expected the software to just be broken for the last two years.

@DutchEllie commented on GitHub (Jun 21, 2025): How in god's name is this still broken, years later, with NO solution!? What the fuck!? I innocently upgraded from an ancient version to the latest version, but I never expected the software to just be broken for the last two years.
adam commented 2025-12-29 01:29:39 +01:00
Author
Owner
Copy Link

@f5guy commented on GitHub (Sep 16, 2025):

pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.88.1.pkg

@f5guy commented on GitHub (Sep 16, 2025): pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.88.1.pkg
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
CLI
DERP
DNS
Nix
OIDC
SSH
bug
database
documentation
duplicate
enhancement
faq
good first issue
grants
help wanted
might-come
needs design doc
needs investigation
no-stale-bot
out of scope
performance
policy 📝
pull-request
Mirrored from GitHub Pull Request
 question
regression
routes
stale
tags
tailscale-feature-gap
well described ❤️
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/headscale#454
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?