Hi all,
I created a new Identity so I could see the QR code, when I try to scan this in to the mobile app I get an error that it cant resolve the hostname, which is expected as the hostname that appears in the error is the actual server hostname and not the external DNS entry I have in the config.
This is what I have in the users .bashrc file
export EXTERNAL_DNS="public.dns.co.uk"
export ZITI_HOME="/opt/openziti/T1SMGSZTG01"
export EDGE_CONTROLLER_PRIVATE_DNS_NAME=$(hostname)
export EDGE_CONTROLLER_EXTERNAL_IP_ADDRESS=xxx.xxx.xxx.xxx
export EDGE_CONTROLLER_PRIVATE_IP_ADDRESS=xxx.xxx.xxx.xxx
Hi @mphayesuk,
What mechanism are you using to start the overlay network? The "advertised" address of the controller are incorrect and must be changed. Since it's a new network, it's going to be easiest to fix the config and then redo the network install.
The controller advertises it's address to routers and to edge clients and the routers do the same. Each of your configs is likely using the hostname, not the externally visible DNS. You likely want to make sure these are set:
export ZITI_CTRL_EDGE_ADVERTISED_ADDRESS="${EXTERNAL_DNS:-${EXTERNAL_IP}}"
export ZITI_ROUTER_ADVERTISED_ADDRESS="${EXTERNAL_DNS:-${EXTERNAL_IP}}"
Hi @TheLumberjack thanks for your response.
When you say what mechanism am I using, this is a self-hosted without docker and the controller and router are started via 2 services.
I can make the export changes, what would I need to do after that, what is involved in "redo the network install"?
I presume that I would need to remove the one additional edge router I had installed and then make sure that the external DNS is resolved internally to the local IP.
Thanks
It depends. I expect the PKI that was generated by the quickstart expressInstall process will contain only IP address and hostname (not external FQDNS). If that's the case, imo, you should remove everything and redo it. This page shows you the process. It's just rm'ing the files that were produced during expressInstall and unsetting env vars to make sure they don't cause problems the next time you run it..
If you have an external DNS available, it's always best to use that and ensure it's used in your overlay. Yes, you could make a surgical change to the PKI but to be blunt, if the network is still young the work to replace the PKI correctly is a lot more than just resetting/rerunning the expressInstall imo. If it were me, that's what I'd do. Yes, sadly, I'd recommend you reinstall the additional edge router too.
The key fields to look at are in the controller:
- edge -> api -> address
- web -> name: client-management -> bindPoints -> address
And routers at:
- ctrl -> endpoint
- link -> listeners -> advertise
- listeners -> address
Those fields should be accessable to anything participating in the overlay. Often that means "internet available" but it's not strictly required to be internet availalble... (I think usually that's what people would want though, particularly when starting out)
Thanks @TheLumberjack That is now all working and the client app on my phone can reach the controller and enroll.
1 Like