The router instructions @ Create new router | OpenZiti Seem to automatically use the public IP for edge, link and listener configs. I need to use custom DNS since The routers are all internal on my intranet. Best I can tell it is come config of --edgeListeners --edgeListeners and --linkDialers
Using the ziti_router_auto_enroll
Hi @sam-ulrich1
If you remove the option --assumePublic from the command it will use the local IPs instead looking up the external IP.
You can read more about using the ziti_router_auto_enroll here.
If you really want completely custom listeners, here are some examples:
- link listener:
--linkListeners 'transport' 'tls:0.0.0.0:80' 'tls:myhost:80'
Format: 'BINDING TYPE' 'BIND' 'ADVERTISE'
with optional 'OUTQUESIZE'
- edge listener:
--edgeListeners 'ws:0.0.0.0:443' 'myhost:443'
Format: 'ADDRESS' 'ADVERTISE'
with optional 'MAXQUEUEDCONNECTS' 'MAXOUTSTANDINGCONNECTS' 'CONNECTTIMEOUTMS' 'LOOKUPAPISESSIONTIMEOUT'
Remember to replace the "myhost" & ports that you'd like to use.
Let me know if that helps.
Thanks that does. There are multiple local IPs so I configured a DNS route for them internally to ensure they are accessed on the correct network
What is the value of using ws instead of tls?
ws is no longer supported, but you can use wss. This allows connecting to an edge router over secure web sockets. You would use this if connecting to an edge router from code running in a browser (e.g., Ziti's sdk-golang compiled into WASM, or as part of the OpenZiti BrowZer solution).
I mean specifically in the --edgeListeners param. The default appears to use tls but @emoscardini showed ws
In general, I'd say use TLS. At some point in the future if you need a "web socket enabled" router, you'd use wss. It's to support browsers connecting to routers but you've likely not discovered/needed Browser/WASM support yet is all...
You usually want/use tls
The docs I copied/pasted need to be updated, I'll fix them & switch that from ws to wss