Skip to content

Commit

Permalink
Merge pull request #851 from rosmo/nginx-tls-fix
Browse files Browse the repository at this point in the history 
nginx-tls: only use hostname part for TLS certificate
  • Loading branch information
@rosmo
rosmo authored Sep 30, 2022
2 parents 4f6cf40 + 8072be5 commit 8e6e365
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions modules/cloud-config-container/nginx-tls/files/customize.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

HOSTNAME=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/hostname)
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj /CN=$HOSTNAME/ -keyout /etc/ssl/self-signed.key -out /etc/ssl/self-signed.crt
FQDN=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/hostname)
HOSTNAME=$(echo $FQDN | cut -d"." -f1)
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj /CN=$HOSTNAME/ -addext "subjectAltName = DNS:$FQDN" -keyout /etc/ssl/self-signed.key -out /etc/ssl/self-signed.crt
sed -i "s/HOSTNAME/${HOSTNAME}/" /etc/nginx/conf.d/default.conf

0 comments on commit 8e6e365

Please sign in to comment.