From 8072be5619b3ce9e4b1435dbe6f64310a4724fa5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Taneli=20Lepp=C3=A4?= <taneli@google.com>
Date: Fri, 30 Sep 2022 13:34:11 +0200
Subject: [PATCH] nginx-tls: only use hostname part for certificate as the FQDN
 might be too long (>64 chars).

---
 modules/cloud-config-container/nginx-tls/files/customize.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/cloud-config-container/nginx-tls/files/customize.sh b/modules/cloud-config-container/nginx-tls/files/customize.sh
index 297203454f..0d77377174 100644
--- a/modules/cloud-config-container/nginx-tls/files/customize.sh
+++ b/modules/cloud-config-container/nginx-tls/files/customize.sh
@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-HOSTNAME=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/hostname)
-openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj /CN=$HOSTNAME/ -keyout /etc/ssl/self-signed.key  -out /etc/ssl/self-signed.crt
+FQDN=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/hostname)
+HOSTNAME=$(echo $FQDN | cut -d"." -f1)
+openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj /CN=$HOSTNAME/ -addext "subjectAltName = DNS:$FQDN" -keyout /etc/ssl/self-signed.key -out /etc/ssl/self-signed.crt
 sed -i "s/HOSTNAME/${HOSTNAME}/" /etc/nginx/conf.d/default.conf
\ No newline at end of file