Is there a streamlined configuration guide?

Controller Deployment | OpenZiti gives me a bash script for configuration. I want to learn how to do it myself.

Configuration Quickstart :: strongSwan Documentation seems streamlined enough. That's why I seriously considered ipsec vpn with strongswan despite ipsec vpn's limitations. I prefer something that I can actually understand how to set up.

For my network's size, even something like yggdrasil with some port forwarding can work.... Actually, yggdrasil with port forwarding for machines that can't run a full operating system is simplest at my current scale.

I believe openziti is manageable with a streamlined configuration guide, but the documentation currently doesn't make it easy to understand how to set it up from scratch manually.

The idea of a bash script is that it's easier to understand and follow than say - go code.

We don't have a doc page yet that explains each part step by step. I like the idea though and filed an issue explain configuring a simple overlay · Issue #991 · openziti/ziti-doc · GitHub We have this, but it's not quite detailed enough Quickstart Walkthrough | OpenZiti

I've gone through it numerous times here on the forums and numerous times on YouTube. Here's one that I did last year for a discourse user (referenced on this post):

It comes with a very short set of commands I added to a gist that is a very minimal setup: openziti-compose/from-scratch.sh at main · dovholuknf/openziti-compose · GitHub

You can also get down and dirty with openssl and create your PKI manually if you wish. A forum member contributed a github repo a few months back: GitHub - nenkoru/openziti_manual_pki: Bootstrap PKI for OpenZiti manually

And I went through that whole thing on Ziti TV too here:

Hope those help.

2 Likes

Does ziti have commands for bootstrapping its own PKI? Or?

strongswan has its own commands for bootstrapping its own PKI.

Yes, certainly. That's THE first step in the quickstart and on that gist. The first 100 lines of that gist are dedicated to setting up the PKI... It's 2/3 of the whole script :slight_smile:

ziti pki create ca \
  --pki-root="${ZITI_PKI}" \
  --ca-name "${ZITI_ROOT_CA_NAME}" \
  --ca-file "${ZITI_ROOT_CA_NAME}"
  
ziti pki create intermediate \
  --pki-root="${ZITI_PKI}" \
  --ca-name "${ZITI_ROOT_CA_NAME}" \
  --intermediate-name "${ZITI_EXTERNAL_CA_INTERMEDIATE_NAME}" \
  --intermediate-file "${ZITI_EXTERNAL_CA_INTERMEDIATE_NAME}" \
  --max-path-len "2"

...
...
...
1 Like