Attention ZAC users!
A change is rolling out with the 3.9.0 release that will impact those deploying ZAC via the NodeJS server.
How Do I Know If I'm Affected?
Anyone running the ZAC using node. This is probably only people with older ZAC installs or people running ZAC from a quickstart. If your ZAC is hosted on the same port as your controller API, this is unlikely to apply to you.
What's Changing?
Starting with this release, you'll need to define a list of pre-approved Ziti Edge Controller URLs to connect to your controller. Any controllers you have already saved/connected to should still show in the available list. However, if you wish to connect to a new edge controller, you will need to add the controller URL to the pre-defined list.
How to Update
To configure this, you'll first need to make sure you pull the latest version of ZAC. Either from source, or via docker. The ZAC should be at version 3.9.0+ for this to apply.
Then, you must define an environment variable called ZAC_CONTROLLER_URLS with a comma-separated list of URLs.
Here's some example's of how to set it up:
On Mac/Linux:
export ZAC_CONTROLLER_URLS=https://localhost:1280,https://example.domain.io:443
On Windows:
set ZAC_CONTROLLER_URLS=https://localhost:1280,https://example.domain.io:443
If you have any questions or need help, please don't hesitate to reach out to the team here on Discourse. Thanks!
To the community: consider switching to the new Ziti console mode that runs as part of the Ziti controller instead of a separate web application Node.js server.
There are deployment guides for Linux, Docker, and Kubernetes: Deploying to Production | OpenZiti
2 Likes
Ive pulled down the docker compose quickstart tonight to set up a new lab and got this error
Ive tried putting ZAC_CONTROLLER_URLS=https://ziti-edge-controller:1280 in the .env that was downloaded as part of the install but its made no difference on restart
Ive tried ```
export ZAC_CONTROLLER_URLS=https://ziti-edge-controller:1280 on the docker host and it also has not cleared the warning
Am I putting this in the correct location ?
Hi @misneach, when running from docker, supply a -e param to the docker command. Ryan has some doc updates coming. If you're running from docker (no compose) use:
docker run --rm \
--name zac \
-p 1408:1408 \
-p 8443:8443 \
-e ZAC_CONTROLLER_URLS="https://ziti-edge-controller:1280" \
-v "$HOME/.ziti/zac-pki/ziti-edge-controller-server.key":/usr/src/app/server.key \
-v "$HOME/.ziti/zac-pki/ziti-edge-controller-server.chain.pem":/usr/src/app/server.chain.pem \
openziti/zac
If you're using compose, update the compose file. I pushed that PR as well but it'd look something like:
- ZAC_CONTROLLER_URLS=${ZAC_CONTROLLER_URLS:-ziti-edge-controller:1280}
1 Like
That worked for me with docker compose, thanks
Here's the Docker all-in-one-liner that inclues the console:
temporary
docker run --name "myziti" --rm --entrypoint= \
--publish 127.0.0.1:8441:8441 \
--publish 127.0.0.1:8442:8442 \
openziti/ziti-controller:1.3.3 \
ziti edge quickstart \
--ctrl-address 127.0.0.1 \
--ctrl-port 8441 \
--router-address 127.0.0.1 \
--router-port 8442 \
--password ziti123
persistent
mkdir /tmp/myziti;
docker run --name "myziti" --entrypoint= \
--user $(id -u) \
--volume /tmp/myziti:/home/ziggy \
--publish 127.0.0.1:8441:8441 \
--publish 127.0.0.1:8442:8442 \
docker.io/openziti/ziti-controller:1.3.3 \
ziti edge quickstart \
--ctrl-address 127.0.0.1 \
--ctrl-port 8441 \
--router-address 127.0.0.1 \
--router-port 8442 \
--password ziti123 \
--home /home/ziggy/quickstart
Then, visit https://127.0.0.1:8441/zac/ in your web browser and login your CLI:
ziti edge login 127.0.0.1:8441 -u admin -p ziti123 --yes
compose file: https://get.openziti.io/dock/all-in-one/compose.yml
instructions: ziti/quickstart/docker/all-in-one at v1.3.3 · openziti/ziti · GitHub
1 Like
