How to make chef-server use public DNS as hostname?


#1

I’ve just installed chef-server on an EC2 instance, and downloaded the starter-kit from chef-manage. Unfortunately, I can’t connect. The chef_server_url value contains the server’s private dns instead of the public one. I can manually update my knife.rb file with the public dns, but then I run into a certificate error because the server presents certificates for the private dns instead of the public one. How can I tell chef-server to use its public address?

thanks


#2

Try deleting the certificate before running chef-server-ctl reconfigure. I think the underlying cookbooks have a simple not_if that just checks if the file is there instead of looking at the CN.


#3

Good idea, but it still regenerates the same certificates with the private DNS.


#4

Is this not just the api_fqdn setting: https://docs.chef.io/config_rb_server.html. If you have custom certificates (or have generated them locally) using your public fqdn you’ll need something like this in /etc/opscode/chef-server.rb (then reconfigure as above)

api_fqdn "chef.mydomain.com"
nginx['ssl_certificate'] = "/etc/opscode/mydomain-chef.crt"
nginx['ssl_certificate_key'] = "/etc/opscode/mydomain-chef.key"

#5

Yep, that’s all it took.
I was following the standalone installation instructions at https://docs.chef.io/install_server.html. I wish they mentioned https://docs.chef.io/config_rb_server.html !
Thanks for pointing me in the right direction @stuartpreston!