FQDN or non-FQDN hostname for Standalone?

[dmitrydonskih]

Hello everyone.

We are preparing to deploy a standalone installation. Target server itself has an FQDN hostname, which is one of requirements for our infra.
However, I was told by one of our team that hostname must be changed to non-FQDN, maybe for correct cert issuance or other unexplained reasons.

Is this correct? Couldn't find any mention of such requirement in docs.

What problems shall I run into if I decline and install on FQDN-named host?

[rh-ops]

Depending on how its configured, there is potential for certificate and firewall as well as fleet issues.

You can use a non FQDN for the hostname and then configure the FQDN internally. It would be possible to use an FQDN in conjunction with local hosts files rather than DNS -- first change the url_base to the FQDN, so that's used in the rewrites, then update the hosts file on all external hosts to map the NATted IP to the FQDN.

If you are using deployed elastic agents you will need to re-download and re-deploy the ea binaries to take into account the ip -> fqdn change

https://docs.securityonion.net/en/2.4/elastic-fleet.html#custom-fqdn-url

https://docs.securityonion.net/en/2.4/url-base.html#web-access-url