let linux/docker controller address be an IPv4; resolves #1993

openziti · Sep 24, 2024 · ba3ca6f · ba3ca6f
1 parent d437ccd
commit ba3ca6f
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/dist/dist-packages/linux/openziti-controller/bootstrap.bash b/dist/dist-packages/linux/openziti-controller/bootstrap.bash
@@ -50,6 +50,8 @@ issueLeafCerts() {
   # create server and client keys
   #
 
+  local _dns_san_csv _ip_san_csv
+
   if [[ "${ZITI_SERVER_FILE}" == "${ZITI_CLIENT_FILE}" ]]; then
     echo "ERROR: ZITI_SERVER_FILE and ZITI_CLIENT_FILE must be different" >&2
     return 1
@@ -71,14 +73,22 @@ issueLeafCerts() {
   ZITI_PKI_CTRL_SERVER_CERT="${ZITI_PKI_ROOT}/${ZITI_INTERMEDIATE_FILE}/certs/${ZITI_SERVER_FILE}.chain.pem"
   if [[ "${ZITI_AUTO_RENEW_CERTS}" == true || ! -s "$ZITI_PKI_CTRL_SERVER_CERT" ]]; then
     # server cert
+    if [[ "${ZITI_CTRL_ADVERTISED_ADDRESS}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+      _dns_san_csv="localhost"
+      _ip_san_csv="${ZITI_CTRL_ADVERTISED_ADDRESS},127.0.0.1,::1"
+    else
+      _dns_san_csv="${ZITI_CTRL_ADVERTISED_ADDRESS},localhost"
+      _ip_san_csv="127.0.0.1,::1"
+    fi
     ziti pki create server \
       --pki-root "${ZITI_PKI_ROOT}" \
       --ca-name "${ZITI_INTERMEDIATE_FILE}" \
       --key-file "${ZITI_SERVER_FILE}" \
       --server-file "${ZITI_SERVER_FILE}" \
-      --dns "localhost,${ZITI_CTRL_ADVERTISED_ADDRESS}" \
-      --ip "127.0.0.1,::1" \
+      --dns "${_dns_san_csv}" \
+      --ip "${_ip_san_csv}" \
       --allow-overwrite >&3  # write to debug fd because this runs every startup
+    echo "DEBUG: issued server cert with DNS SANs '${_dns_san_csv}' and IP SANs '${_ip_san_csv}'" >&3
   fi
 
   # client cert
@@ -284,7 +294,7 @@ loadEnvFiles() {
 }
 
 promptCtrlAddress() {
-  if [[ -z "${ZITI_CTRL_ADVERTISED_ADDRESS:-}" || "${ZITI_CTRL_ADVERTISED_ADDRESS}" =~ ^[:0-9] ]]; then
+  if [[ -z "${ZITI_CTRL_ADVERTISED_ADDRESS:-}" ]]; then
     if ! ZITI_CTRL_ADVERTISED_ADDRESS="$(prompt "Enter DNS name of the controller [required]: ")"; then
       echo "ERROR: missing required DNS name ZITI_CTRL_ADVERTISED_ADDRESS in ${BOOT_ENV_FILE}" >&2
       return 1