[Bug] New Config.yaml ACL section does not work - Must use old acl_policy_path #762

New Issue

adam · 2025-12-29T02:23:32+01:00

adam commented

2025-12-29 02:23:32 +01:00

Originally created by @W1BTR on GitHub (Aug 12, 2024).

Is this a support request?

This is not a support request

Is there an existing issue for this?

I have searched the existing issues

Current Behavior

On the beta and alphas, the new config structure for enabling acls looks like this:

## Policy
# headscale supports Tailscale's ACL policies.
# Please have a look to their KB to better
# understand the concepts: https://tailscale.com/kb/1018/acls/
policy:
  # The mode can be "file" or "database" that defines
  # where the ACL policies are stored and read from.
  mode: file
  # If the mode is set to "file", the
  # path to a file containing ACL policies.
  # The file can be in YAML or HuJSON format.
  path: "/etc/headscale/acls.json"

However, this does not do anything. Instead, one must use the old config line: acl_policy_path: "" somewhere in the config (I put mine right under).

Expected Behavior

the ACL file is applied

Steps To Reproduce

Create and enable an ACL file
Nothing happens in the logs.

Environment

- OS:Ubuntu 24.04
- Headscale version: 0.23.0-alpha-12 and 0.23.0-beta1

Runtime environment

Headscale is behind a (reverse) proxy
Headscale runs in a container

Anything else?

No response

Originally created by @W1BTR on GitHub (Aug 12, 2024). ### Is this a support request? - [X] This is not a support request ### Is there an existing issue for this? - [X] I have searched the existing issues ### Current Behavior On the beta and alphas, the new config structure for enabling acls looks like this: ``` ## Policy # headscale supports Tailscale's ACL policies. # Please have a look to their KB to better # understand the concepts: https://tailscale.com/kb/1018/acls/ policy: # The mode can be "file" or "database" that defines # where the ACL policies are stored and read from. mode: file # If the mode is set to "file", the # path to a file containing ACL policies. # The file can be in YAML or HuJSON format. path: "/etc/headscale/acls.json" ``` However, this does not do anything. Instead, one must use the old config line: `acl_policy_path: ""` somewhere in the config (I put mine right under). ### Expected Behavior the ACL file is applied ### Steps To Reproduce 1. Create and enable an ACL file 2. Nothing happens in the logs. ### Environment ```markdown - OS:Ubuntu 24.04 - Headscale version: 0.23.0-alpha-12 and 0.23.0-beta1 ``` ### Runtime environment - [X] Headscale is behind a (reverse) proxy - [X] Headscale runs in a container ### Anything else? _No response_

adam added the bug label 2025-12-29 02:23:32 +01:00

adam closed this issue

2025-12-29 02:23:32 +01:00

adam commented

2025-12-29 02:23:32 +01:00

@hrtkpf commented on GitHub (Aug 13, 2024):

Duplicate of #2024

@hrtkpf commented on GitHub (Aug 13, 2024): Duplicate of #2024

adam commented

2025-12-29 02:23:32 +01:00

@W1BTR commented on GitHub (Aug 13, 2024):

Duplicate of #2024

Thanks. Searched but couldnt find it.

@W1BTR commented on GitHub (Aug 13, 2024): > Duplicate of #2024 Thanks. Searched but couldnt find it.

adam commented

2025-12-29 02:23:32 +01:00

@SuperSandro2000 commented on GitHub (Aug 16, 2024):

Could you close the issue if it is indeed duplicated?

@SuperSandro2000 commented on GitHub (Aug 16, 2024): Could you close the issue if it is indeed duplicated?

adam commented

2025-12-29 02:23:32 +01:00

@W1BTR commented on GitHub (Aug 19, 2024):

Thanks for closing it kradalby, only just seeing this update.

@W1BTR commented on GitHub (Aug 19, 2024): Thanks for closing it kradalby, only just seeing this update.

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#762