I tried to follow BrowZero's example video step by step. I have a domain name icebear.store and an AWS server. In the first step, I applied for a certificate using wildcard_ URL=icebear.store, export EXCERNAL_DNS="xxx. sample. amazonaws. com", everything went smoothly next. The controller and routing both prompted running, but curl https://ctrl. ${wildcard_url}: ${ZITI_CTRL_EDGE-ADVERTISED_PORT}
curl: (6) Could not resolve host: ctrl. icebear.store, try curl - sk https://${ZITI_CTRL_EDGE-ADVERTISED_ADDRESS}: ${ZITI_CTRL_EDGE-ADVERTISED-PORT},the data was displayed, but pasting it on Google prompted an unexpected termination of the link。I don't know where there was a mistake,I need help, thank you。
Hi @McGonagall666, welcome to the forum and to OpenZiti!
Would you kindly share the link to the video you followed? Is it the one linked in the doc: Example Enabling BrowZer | OpenZiti or a different one?
In that curl statement, can you "echo" it to make sure the variables are set in your shell? For example like this:
echo "curl - sk https://${ZITI_CTRL_EDGE-ADVERTISED_ADDRESS}: ${ZITI_CTRL_EDGE-ADVERTISED-PORT}"
From the screen shot, i see you have your controller running. I couldn't connect to it, so presumably you don't have the security group open to the public? That's fine, just fyi.
If you can open that port to world, I could probe your install to see what the PKI looks like, but maybe it's as simple as you don't have the shell variables set?
Oh, i also see this in your logs:
That tells me you don't have the wildcard domain setup quite right too. For example you should be able to query the wildcard domain *.icebear.store:
That's probably step one, getting that figured out. Here you can see an example of what it should look like:
My mistake, the security group cannot access it, and the domain name needs to be resolved to the server's IP address
Thank you