Heather
05/18/2021, 9:17 AMNoah Talerman
05/19/2021, 1:57 PMHeather
05/19/2021, 2:06 PMNoah Talerman
05/19/2021, 9:27 PMtest with external usersOk I think I got it. Are you attempting to try Fleet by managing external devices (users) using the fleet preview environment? Orbit is still a bit over my head, so I’m going to phone in @zwass to help out on this use case.
zwass
05/19/2021, 11:02 PMfleetctl preview
doesn't actually generate a certificate... It just uses the existing self-signed cert with those SANs. It's all optimized for the quickest possible set up of a preview environment running locally. host.docker.internal
is what the Dockerized osquery containers use to connect, hence that SAN. The easiest way to expose the preview environment to external hosts would be to use something like ngrok (https://ngrok.com/), the free version works fine to serve a local port over a public IP with a legit SSL cert. You could also replace the configuration in ~/.fleet/preview
with your own certificate and whatever arguments you'd like to run the server with, then use docker-compose
to start everything up as needed.