From b057af71ff7acd54f6069efad1443326b4ac8bfb Mon Sep 17 00:00:00 2001
From: 9547 <nivefive9547@gmail.com>
Date: Thu, 24 Jun 2021 12:19:23 +0800
Subject: [PATCH] cluster/tls: add 127.0.0.1,localhost to cert list (#1446)

---
 pkg/cluster/task/tls.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/pkg/cluster/task/tls.go b/pkg/cluster/task/tls.go
index 803d13eda5..5006f2a764 100644
--- a/pkg/cluster/task/tls.go
+++ b/pkg/cluster/task/tls.go
@@ -45,10 +45,14 @@ func (c *TLSCert) Execute(ctx context.Context) error {
 		return err
 	}
 
-	hosts := []string{c.host}
-	ips := []string{}
-	if net.ParseIP(c.host) != nil {
-		hosts, ips = ips, hosts
+	// Add localhost and 127.0.0.1 to the trust list,
+	// then it is easy for some scripts to request a local interface directly
+	hosts := []string{"localhost"}
+	ips := []string{"127.0.0.1"}
+	if host := c.host; net.ParseIP(host) != nil && host != "127.0.0.1" {
+		ips = append(ips, host)
+	} else if host != "localhost" {
+		hosts = append(hosts, host)
 	}
 	csr, err := privKey.CSR(c.role, c.comp, hosts, ips)
 	if err != nil {