I am working through the scenario where you can make the management API only accessible over the local host. (time got away from me)

… this was covered in this post

When I started to investigate this further… I noticed the following.

my controller yaml file only has an entry for client-management

there is no entry for

• management-apis

maybe I have an old config… as its been a while since I installed ziti from scratch

So… I thought to confirm

1. if there is no entry… then by default… the management API would not be accessible… as there is no listener configured to find it

2. could this be why I cannot access the management API documentation?
   … as when I try to access it using the following url

https://IP-address:8441/edge/management/v1/docs

… it retrieves the client documentation instead.

Actually… to clarify further… I just realised the following

… in the example provided… the entry of client-management is split into

• management-apis
• client-apis

…
change this entry

web:

• name: client-management
  bindPoints:
  • interface: 0.0.0.0:8441
    address: ec2-18-188-201-183.us-east-2.compute.amazonaws.com:8441

to look like this:

web:

• name: management-apis

bindPoints:
- interface: 127.0.0.1:5309
address: “127.0.0.1:5309”
identity: (removed section for brevity)
options: (

• name: client-apis
  bindPoints:
  • interface: 0.0.0.0:8441
    address: ec2-18-188-201-183.us-east-2.compute.amazonaws.com:8441
    options:
    apis:
  • binding: edge-client
    options: {

So… I guess the naming of the entries does not really matter that much…

What is important is the details of the details of the bindings

this is documented pretty well in the change log ziti/CHANGELOG.md at release-next · openziti/ziti · GitHub