diff --git a/dist/dist-packages/linux/openziti-controller/bootstrap.bash b/dist/dist-packages/linux/openziti-controller/bootstrap.bash index 6b2849beb..98fa9b19d 100755 --- a/dist/dist-packages/linux/openziti-controller/bootstrap.bash +++ b/dist/dist-packages/linux/openziti-controller/bootstrap.bash @@ -50,6 +50,8 @@ issueLeafCerts() { # create server and client keys # + local _dns_san_csv _ip_san_csv + if [[ "${ZITI_SERVER_FILE}" == "${ZITI_CLIENT_FILE}" ]]; then echo "ERROR: ZITI_SERVER_FILE and ZITI_CLIENT_FILE must be different" >&2 return 1 @@ -71,14 +73,22 @@ issueLeafCerts() { ZITI_PKI_CTRL_SERVER_CERT="${ZITI_PKI_ROOT}/${ZITI_INTERMEDIATE_FILE}/certs/${ZITI_SERVER_FILE}.chain.pem" if [[ "${ZITI_AUTO_RENEW_CERTS}" == true || ! -s "$ZITI_PKI_CTRL_SERVER_CERT" ]]; then # server cert + if [[ "${ZITI_CTRL_ADVERTISED_ADDRESS}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + _dns_san_csv="localhost" + _ip_san_csv="${ZITI_CTRL_ADVERTISED_ADDRESS},127.0.0.1,::1" + else + _dns_san_csv="${ZITI_CTRL_ADVERTISED_ADDRESS},localhost" + _ip_san_csv="127.0.0.1,::1" + fi ziti pki create server \ --pki-root "${ZITI_PKI_ROOT}" \ --ca-name "${ZITI_INTERMEDIATE_FILE}" \ --key-file "${ZITI_SERVER_FILE}" \ --server-file "${ZITI_SERVER_FILE}" \ - --dns "localhost,${ZITI_CTRL_ADVERTISED_ADDRESS}" \ - --ip "127.0.0.1,::1" \ + --dns "${_dns_san_csv}" \ + --ip "${_ip_san_csv}" \ --allow-overwrite >&3 # write to debug fd because this runs every startup + echo "DEBUG: issued server cert with DNS SANs '${_dns_san_csv}' and IP SANs '${_ip_san_csv}'" >&3 fi # client cert @@ -284,7 +294,7 @@ loadEnvFiles() { } promptCtrlAddress() { - if [[ -z "${ZITI_CTRL_ADVERTISED_ADDRESS:-}" || "${ZITI_CTRL_ADVERTISED_ADDRESS}" =~ ^[:0-9] ]]; then + if [[ -z "${ZITI_CTRL_ADVERTISED_ADDRESS:-}" ]]; then if ! ZITI_CTRL_ADVERTISED_ADDRESS="$(prompt "Enter DNS name of the controller [required]: ")"; then echo "ERROR: missing required DNS name ZITI_CTRL_ADVERTISED_ADDRESS in ${BOOT_ENV_FILE}" >&2 return 1