Hi everyone,
I am trying to set up a local OpenZiti stack using Docker Compose on a VM. My goal is to use it within my local home network. I am facing persistent connection issues where the Windows Client enrolls successfully but fails to connect to the Edge Router. I am using the simplified docker compose from quickstart guide that deploys a Controller, one edge router and admin console. The stack is deployed on a Ubuntu VM. Right now I am trying to get it running in the same subnet VLAN but so far I have no luck.
The Issue: After a fresh docker compose down -v and up -d, I can create an identity and enroll it on the Windows PC. However:
- The Identity never shows "Connected" to the Edge Router in the ZAC Visualizer and is offilne.
- I cannot access the hosted service.
- Browser Check: I can reach
https://ziti.vorcakhome.casa:1280via Chrome on the Client PC (I get the JSON response after accepting the untrusted self-signed certificate warning). - Ziti Desktop Logs: Show repeated
invalid_grantandUNAUTHORIZEDerrors.
What I have tried so far:
- Full reset of the stack (
down -v). - Verified Timezone sync (Host, Containers, Client are all matching).
- Manually installed the Controller's Root CA into the Windows Trusted Root Store.
- Verified Policies: Created an Edge Router Policy allowing
#allendpoints to#allrouters. - Verified Router configuration: Advertised address is set to the FQDN (
tls:ziti.vorcakhome.casa:3022), not localhost.
I am including logs from ziti desktop edge where i started it for 10 seconds (so the file is not too big). I am also including the docker compose I am using and .env file. Sadly i don't have complete access to my server right now but i will try all the things on the weekend when i get home. I could theoretically get logs from docker which were generated when i was trying to get it running. Thank you for help in advance
openziti_troubleshooting.zip (17.6 KB)