• h

    Heather

    1 year ago
    Is it possible to maybe add whatever hostname/ip is specified as the Fleet App URL as a SAN on the fleet.pem that's generated when using fleet preview?
  • Noah Talerman

    Noah Talerman

    1 year ago
    Hi @Heather, I don’t immediately know the answer to your question. What are you trying to achieve with Fleet preview?
  • h

    Heather

    1 year ago
    I'd like to be able to test with external users using orbit built with a self signed cert - obviously then having the SAN's localhost, docker.internal (?), and 127.0.0.1 is not useful.
  • Noah Talerman

    Noah Talerman

    1 year ago
    test with external users Ok I think I got it. Are you attempting to try Fleet by managing external devices (users) using the fleet preview environment?
    Orbit is still a bit over my head, so I’m going to phone in @zwass to help out on this use case.
  • zwass

    zwass

    1 year ago
    fleetctl preview
    doesn't actually generate a certificate... It just uses the existing self-signed cert with those SANs. It's all optimized for the quickest possible set up of a preview environment running locally.
    host.docker.internal
    is what the Dockerized osquery containers use to connect, hence that SAN. The easiest way to expose the preview environment to external hosts would be to use something like ngrok (https://ngrok.com/), the free version works fine to serve a local port over a public IP with a legit SSL cert. You could also replace the configuration in
    ~/.fleet/preview
    with your own certificate and whatever arguments you'd like to run the server with, then use
    docker-compose
    to start everything up as needed.