Skip to content

dstack-ingress: new optional SAN field on certs#86

Open
Garandor wants to merge 3 commits intoDstack-TEE:mainfrom
Garandor:san_issuance
Open

dstack-ingress: new optional SAN field on certs#86
Garandor wants to merge 3 commits intoDstack-TEE:mainfrom
Garandor:san_issuance

Conversation

@Garandor
Copy link

@Garandor Garandor commented Mar 23, 2026
edited
Loading

Adds ALIAS_DOMAIN environment variable support to dstack-ingress. When set:

  • certbot issues a SAN certificate covering both DOMAIN and ALIAS_DOMAIN (via --expand -d)
  • nginx server_name includes ALIAS_DOMAIN so requests arriving via either hostname are accepted

This change is DNS-provider agnostic.

This PR was scoped down from #83
Thanks to the original author @wwwehr !

@cl4wb0t cl4wb0t mentioned this pull request Mar 23, 2026
Closed
4 tasks
@Garandor
Copy link
Author

Garandor commented Mar 23, 2026
edited
Loading

for future discussion: We may want to prevent traffic that arrives on the per-node domain from being accepted to prevent people from circumventing an external load balancer.

A followup PR may be needed to (optionally) let nginx only accept on the ALIAS_DOMAIN.

h4x3rotab
h4x3rotab approved these changes Mar 23, 2026
View reviewed changes
Copy link
Contributor

@h4x3rotab h4x3rotab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for the contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@h4x3rotab h4x3rotab h4x3rotab approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Garandor @h4x3rotab