Alright here are the steps for a deployment that looks like this... I made two routers, one in the cloud and one at my house. Replace the variables as you want.
start the controller
docker run \
--name ziti-controller \
-e ZITI_CTRL_ADVERTISED_ADDRESS=ec2-3-134-108-218.us-east-2.compute.amazonaws.com \
-e ZITI_CTRL_ADVERTISED_PORT=8441 \
-e ZITI_CTRL_EDGE_ADVERTISED_ADDRESS=ec2-3-134-108-218.us-east-2.compute.amazonaws.com \
-e ZITI_CTRL_EDGE_ADVERTISED_PORT=8441 \
-e ZITI_USER=admin \
-e ZITI_PWD=myzitipasswordhere \
-p 8441:8441 \
-it \
--rm \
-v openziti-controller-files:/persistent \
openziti/quickstart \
/var/openziti/scripts/run-controller.sh
Add some default policies
docker run \
-it \
--rm \
-e ZITI_CTRL_ADVERTISED_ADDRESS=ec2-3-134-108-218.us-east-2.compute.amazonaws.com \
-e ZITI_CTRL_ADVERTISED_PORT=8441 \
-e ZITI_CTRL_EDGE_ADVERTISED_ADDRESS=ec2-3-134-108-218.us-east-2.compute.amazonaws.com \
-e ZITI_CTRL_EDGE_ADVERTISED_PORT=8441 \
-e ZITI_USER=admin \
-e ZITI_PWD=myzitipasswordhere \
openziti/quickstart \
/var/openziti/scripts/run-with-ziti-cli.sh /var/openziti/scripts/access-control.sh
Start your first router
docker run \
--name ziti-edge-router-1 \
-e ZITI_CTRL_ADVERTISED_ADDRESS=ec2-3-134-108-218.us-east-2.compute.amazonaws.com \
-e ZITI_CTRL_ADVERTISED_PORT=8441 \
-e ZITI_CTRL_EDGE_ADVERTISED_ADDRESS=ec2-3-134-108-218.us-east-2.compute.amazonaws.com \
-e ZITI_CTRL_EDGE_ADVERTISED_PORT=8441 \
-e ZITI_USER=admin \
-e ZITI_PWD=myzitipasswordhere \
-e ZITI_ROUTER_NAME=ziti-edge-router-1 \
-e ZITI_ROUTER_ADVERTISED_ADDRESS=ziti-edge-router-1 \
-e ZITI_ROUTER_ROLES=public \
-e ZITI_ROUTER_LISTENER_BIND_PORT=3022 \
-p 3022:3022 \
-it \
--rm \
-v openziti-router-1-files:/persistent \
openziti/quickstart \
/var/openziti/scripts/run-router.sh edge
Start another router
docker run \
--name ziti-edge-router-2 \
-e ZITI_CTRL_ADVERTISED_ADDRESS=ec2-3-134-108-218.us-east-2.compute.amazonaws.com \
-e ZITI_CTRL_ADVERTISED_PORT=8441 \
-e ZITI_CTRL_EDGE_ADVERTISED_ADDRESS=ec2-3-134-108-218.us-east-2.compute.amazonaws.com \
-e ZITI_CTRL_EDGE_ADVERTISED_PORT=8441 \
-e ZITI_USER=admin \
-e ZITI_PWD=myzitipasswordhere \
-e ZITI_ROUTER_NAME=ziti-edge-router-2 \
-e ZITI_ROUTER_ADVERTISED_ADDRESS=ec2-13-58-222-94.us-east-2.compute.amazonaws.com \
-e ZITI_ROUTER_ROLES=public \
-e ZITI_ROUTER_LISTENER_BIND_PORT=8477 \
-p 8477:8477 \
-it \
--rm \
-v openziti-router-2-files:/persistent \
openziti/quickstart \
/var/openziti/scripts/run-router.sh edge
two possibly interesting things to notice:
My "Router 1" is at my house and behind a firewall. My Router 2 cannot connect TO router 1 but router 1 CAN connect to router 2 so they can form a link. verified by running:
ziti fabric list links
╭────────────────────────┬────────────────────┬────────────────────┬─────────────┬─────────────┬─────────────┬───────────┬────────┬───────────╮
│ ID │ DIALER │ ACCEPTOR │ STATIC COST │ SRC LATENCY │ DST LATENCY │ STATE │ STATUS │ FULL COST │
├────────────────────────┼────────────────────┼────────────────────┼─────────────┼─────────────┼─────────────┼───────────┼────────┼───────────┤
│ 5WRp7PgZwHcwy87uQN4iSD │ ziti-edge-router-1 │ ziti-edge-router-2 │ 1 │ 41.1ms │ 46.0ms │ Connected │ up │ 88 │
╰────────────────────────┴────────────────────┴────────────────────┴─────────────┴─────────────┴─────────────┴───────────┴────────┴───────────╯
results: 1-1 of 1
You should have two routers online then (obviously)
ziti edge list ers
╭────────────┬────────────────────┬────────┬───────────────┬──────┬────────────╮
│ ID │ NAME │ ONLINE │ ALLOW TRANSIT │ COST │ ATTRIBUTES │
├────────────┼────────────────────┼────────┼───────────────┼──────┼────────────┤
│ xRUdZnU59c │ ziti-edge-router-1 │ true │ true │ 0 │ public │
│ zCIdZnx5.c │ ziti-edge-router-2 │ true │ true │ 0 │ public │
╰────────────┴────────────────────┴────────┴───────────────┴──────┴────────────╯
results: 1-2 of 2
hope that helps