Making ZAC dark

TheLumberjack · July 18, 2023, 12:02pm

If you followed the quickstart, you might already have something listening on :8440. I actually just roughly outlined this process the other day over here ZAC On different host than the controller - #2 by TheLumberjack.

Looking at your config there seems to be two issues.

First, in “client-management” you still have “edge-management” in your “apis” section. You’d want to comment/remove that section. I’d also move “fabric” down to the ‘management’ section…

Here’s those changes (and I’ve also moved the port to 18441 vs 8440):

web:
  - name: client-management
    bindPoints:
      - interface: 0.0.0.0:8441
        address: zt.mydomain.com:8441
    identity:
      ca:          "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-intermediate.cert"
      key:         "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/keys/zt.mydomain.com-server.key"
      server_cert: "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-server.chain.pem"
      cert:        "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-client.cert"
    options:
      readTimeout: 5000ms
      writeTimeout: 100000ms
      minTLSVersion: TLS1.2
      maxTLSVersion: TLS1.3
    apis:
      - binding: edge-client
        options: { }
  - name: management
    bindPoints:
      - interface: 0.0.0.0:18441
        address: zt.mydomain.com:18441
    identity:
      ca:          "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-intermediate.cert"
      key:         "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/keys/zt.mydomain.com-server.key"
      server_cert: "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-server.chain.pem"
      cert:        "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-client.cert"
    options:
      readTimeout: 5000ms
      writeTimeout: 100000ms
      minTLSVersion: TLS1.3
      maxTLSVersion: TLS1.3
    apis:
      - binding: edge-management
        options: { }
      - binding: fabric
        options: { }

After you apply that config, if you run sudo ss -lntp | grep 8441 you should see two results.

Here’s a short (4 min) video showing me doing that process if it helps:

Topic		Replies	Views
How do I use ZAC with quickstart docker-compose? Ziti Administration Console	8	457	March 20, 2023
Quick Start Console Port Confusion Ziti Administration Console	2	33	September 2, 2024
Turning ZAC dark Ziti Administration Console	2	286	June 7, 2022
Controller client and management apis Building/Development	2	428	June 24, 2022
Dark ZAC with Management API on Localhost 18441 Ziti Administration Console	3	287	August 9, 2022

Making ZAC dark

Related topics