I’ve just installed chef-server on an EC2 instance, and downloaded the starter-kit from chef-manage. Unfortunately, I can’t connect. The chef_server_url value contains the server’s private dns instead of the public one. I can manually update my knife.rb file with the public dns, but then I run into a certificate error because the server presents certificates for the private dns instead of the public one. How can I tell chef-server to use its public address?
Try deleting the certificate before running
chef-server-ctl reconfigure. I think the underlying cookbooks have a simple
not_if that just checks if the file is there instead of looking at the CN.
Good idea, but it still regenerates the same certificates with the private DNS.
Is this not just the api_fqdn setting: https://docs.chef.io/config_rb_server.html. If you have custom certificates (or have generated them locally) using your public fqdn you’ll need something like this in /etc/opscode/chef-server.rb (then reconfigure as above)
nginx['ssl_certificate'] = "/etc/opscode/mydomain-chef.crt"
nginx['ssl_certificate_key'] = "/etc/opscode/mydomain-chef.key"
Yep, that’s all it took.
I was following the standalone installation instructions at https://docs.chef.io/install_server.html. I wish they mentioned https://docs.chef.io/config_rb_server.html !
Thanks for pointing me in the right direction @stuartpreston!