Now I have a complete browzer, but I'm confused because the controller, router, and console are all on the same server, I didn't think it was a perfect proof that could add any network to a secure ziti network, so I tried moving the controller and console to another server, changing the bootloader's ZITI_CONTROLLER_HOST, and then using the bootloader to access it.If it works, then I can add my other services to ziti
, Unfortunately, the modified bootstrapper wouldn't start
Here is the bootstrapper error log
{"code":"ECONNRESET","errno":-104,"level":"error","message":"read ECONNRESET","stack":"Error: read ECONNRESET\n at TLSWrap.onStreamRead (node:internal/stream_base_commons:217:20)","syscall":"read","timestamp":"2024-01-12T05:13:34.464Z"}
This is the modified environment variable
cat $ZITI_HOME/browzer.env
ZITI_BROWZER_BOOTSTRAPPER_HOST="browzer.aly.aidenzj.online"
ZITI_BROWZER_BOOTSTRAPPER_LOGLEVEL="debug"
ZITI_BROWZER_RUNTIME_LOGLEVEL="debug"
ZITI_BROWZER_RUNTIME_HOTKEY="alt+F12"
ZITI_CONTROLLER_HOST="ctrl.my2.testzj.online"
ZITI_CONTROLLER_PORT="8441"
ZITI_BROWZER_BOOTSTRAPPER_SCHEME="https"
ZITI_BROWZER_BOOTSTRAPPER_CERTIFICATE_PATH="/etc/letsencrypt/live/aly.aidenzj.online/fullchain.pem"
ZITI_BROWZER_BOOTSTRAPPER_KEY_PATH="/etc/letsencrypt/live/aly.aidenzj.online/privkey.pem"
ZITI_BROWZER_BOOTSTRAPPER_LISTEN_PORT="8446"
ZITI_BROWZER_BOOTSTRAPPER_TARGETS=' {
"targetArray": [
{
"vhost": "brozac.my2.testzj.online ",
"service": "brozac",
"path": "/",
"scheme": "https",
"idp_issuer_base_url": "https://auth.keycloak.aidenzj.online:1234",
"idp_client_id": "account",
"idp_realm": "ziti",
"idp_type": "keycloak"
}
]
}'
NODE_EXTRA_CA_CERTS=node_modules/node_extra_ca_certs_mozilla_bundle/ca_bundle/ca_intermediate_root_bundle.pem
Is idea right? it's like a certificate issue again My two servers are different certificates and domain names
two servers, should start a router on each server?
Maybe they have to be together? browzer takes an existing service (like my private notes), wraps it with ziti, and then automatically verifies my identity when I access the notes ?
which is the right direction!