Add TAILSCALE_API_URL environment variable support: update Docker Compose, backend configuration, and README to include optional API URL for Tailscale integration, enhancing flexibility for users with region-specific endpoints. #4

rajsinghtech · rajsinghtech · commit 5bef350a10ca · 2025-06-26T13:42:33.000-05:00
diff --git a/README.md b/README.md
@@ -71,11 +71,19 @@ OAuth provides better security through automatic token refresh and fine-grained
 2. Your organization name is displayed in the Organization section (used by the Tailscale API)
 3. Use this exact organization name for the `TAILSCALE_TAILNET` variable
 
+#### API URL (Optional)
+For most users, the default API URL works fine. However, some users may need to use region-specific endpoints:
+- Default: `https://api.tailscale.com`
+- US-specific: `https://api.us.tailscale.com`
+
+Set `TAILSCALE_API_URL=https://api.us.tailscale.com` if you need the US-specific endpoint.
+
 ### Environment Variables
 
 | Variable | Description | Required | Default |
 |----------|-------------|----------|---------|
 | `TAILSCALE_TAILNET` | Your organization name | Yes | - |
+| `TAILSCALE_API_URL` | Tailscale API endpoint URL | No | `https://api.tailscale.com` |
 | **OAuth Method** |
 | `TAILSCALE_OAUTH_CLIENT_ID` | OAuth client ID | Yes* | - |
 | `TAILSCALE_OAUTH_CLIENT_SECRET` | OAuth client secret | Yes* | - |
diff --git a/backend/internal/config/config.go b/backend/internal/config/config.go
@@ -11,6 +11,7 @@ import (
 type Config struct {
 	TailscaleAPIKey            string
 	TailscaleTailnet           string
+	TailscaleAPIURL            string
 	TailscaleOAuthClientID     string
 	TailscaleOAuthClientSecret string
 	TailscaleOAuthScopes       []string
@@ -23,6 +24,7 @@ func Load() *Config {
 	return &Config{
 		TailscaleAPIKey:            os.Getenv("TAILSCALE_API_KEY"),
 		TailscaleTailnet:           os.Getenv("TAILSCALE_TAILNET"),
+		TailscaleAPIURL:            getEnvWithDefault("TAILSCALE_API_URL", "https://api.tailscale.com"),
 		TailscaleOAuthClientID:     os.Getenv("TAILSCALE_OAUTH_CLIENT_ID"),
 		TailscaleOAuthClientSecret: os.Getenv("TAILSCALE_OAUTH_CLIENT_SECRET"),
 		TailscaleOAuthScopes:       parseScopes(os.Getenv("TAILSCALE_OAUTH_SCOPES")),
diff --git a/backend/internal/services/tailscale.go b/backend/internal/services/tailscale.go
@@ -17,6 +17,7 @@ type TailscaleService struct {
 	apiKey      string
 	oauthConfig *clientcredentials.Config
 	tailnet     string
+	baseURL     string
 	client      *http.Client
 	useOAuth    bool
 }
@@ -67,6 +68,7 @@ type NetworkLogsResponse struct {
 func NewTailscaleService(cfg *config.Config) *TailscaleService {
 	ts := &TailscaleService{
 		tailnet: cfg.TailscaleTailnet,
+		baseURL: cfg.TailscaleAPIURL,
 	}
 
 	// Prioritize OAuth if configured, fallback to API key
@@ -75,7 +77,7 @@ func NewTailscaleService(cfg *config.Config) *TailscaleService {
 			ClientID:     cfg.TailscaleOAuthClientID,
 			ClientSecret: cfg.TailscaleOAuthClientSecret,
 			Scopes:       cfg.TailscaleOAuthScopes,
-			TokenURL:     "https://api.tailscale.com/api/v2/oauth/token",
+			TokenURL:     cfg.TailscaleAPIURL + "/api/v2/oauth/token",
 		}
 		ts.client = ts.oauthConfig.Client(context.Background())
 		ts.client.Timeout = 2 * time.Minute
@@ -93,7 +95,7 @@ func NewTailscaleService(cfg *config.Config) *TailscaleService {
 
 // makeRequest makes an authenticated request to the Tailscale API
 func (ts *TailscaleService) makeRequest(endpoint string) ([]byte, error) {
-	url := fmt.Sprintf("https://api.tailscale.com/api/v2%s", endpoint)
+	url := fmt.Sprintf("%s/api/v2%s", ts.baseURL, endpoint)
 
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
diff --git a/backend/main.go b/backend/main.go
@@ -76,6 +76,7 @@ func main() {
 
 	log.Printf("Starting TSFlow server on port %s", port)
 	log.Printf("Tailnet: %s", cfg.TailscaleTailnet)
+	log.Printf("API URL: %s", cfg.TailscaleAPIURL)
 	log.Printf("Environment: %s", cfg.Environment)
 	
 	// Log authentication method being used
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,6 +6,7 @@ services:
     environment:
       - TAILSCALE_API_KEY=${TAILSCALE_API_KEY}
       - TAILSCALE_TAILNET=${TAILSCALE_TAILNET}
+      - TAILSCALE_API_URL=${TAILSCALE_API_URL}
       - TAILSCALE_OAUTH_CLIENT_ID=${TAILSCALE_OAUTH_CLIENT_ID}
       - TAILSCALE_OAUTH_CLIENT_SECRET=${TAILSCALE_OAUTH_CLIENT_SECRET}
       - TAILSCALE_OAUTH_SCOPES=${TAILSCALE_OAUTH_SCOPES}
diff --git a/k8s/secret.yaml b/k8s/secret.yaml
@@ -6,6 +6,7 @@ type: Opaque
 stringData:
   TAILSCALE_API_KEY: ${TAILSCALE_API_KEY}
   TAILSCALE_TAILNET: ${TAILSCALE_TAILNET}
+  TAILSCALE_API_URL: ${TAILSCALE_API_URL}
   TAILSCALE_OAUTH_CLIENT_ID: ${TAILSCALE_OAUTH_CLIENT_ID}
   TAILSCALE_OAUTH_CLIENT_SECRET: ${TAILSCALE_OAUTH_CLIENT_SECRET}
   TAILSCALE_OAUTH_SCOPES: ${TAILSCALE_OAUTH_SCOPES}
