Making ZAC dark

If you followed the quickstart, you might already have something listening on :8440. I actually just roughly outlined this process the other day over here ZAC On different host than the controller - #2 by TheLumberjack.

Looking at your config there seems to be two issues.

First, in “client-management” you still have “edge-management” in your “apis” section. You’d want to comment/remove that section. I’d also move “fabric” down to the ‘management’ section…

Here’s those changes (and I’ve also moved the port to 18441 vs 8440):

web:
  - name: client-management
    bindPoints:
      - interface: 0.0.0.0:8441
        address: zt.mydomain.com:8441
    identity:
      ca:          "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-intermediate.cert"
      key:         "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/keys/zt.mydomain.com-server.key"
      server_cert: "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-server.chain.pem"
      cert:        "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-client.cert"
    options:
      readTimeout: 5000ms
      writeTimeout: 100000ms
      minTLSVersion: TLS1.2
      maxTLSVersion: TLS1.3
    apis:
      - binding: edge-client
        options: { }
  - name: management
    bindPoints:
      - interface: 0.0.0.0:18441
        address: zt.mydomain.com:18441
    identity:
      ca:          "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-intermediate.cert"
      key:         "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/keys/zt.mydomain.com-server.key"
      server_cert: "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-server.chain.pem"
      cert:        "/home/ziti/.ziti/quickstart/zt/pki/zt.mydomain.com-intermediate/certs/zt.mydomain.com-client.cert"
    options:
      readTimeout: 5000ms
      writeTimeout: 100000ms
      minTLSVersion: TLS1.3
      maxTLSVersion: TLS1.3
    apis:
      - binding: edge-management
        options: { }
      - binding: fabric
        options: { }

After you apply that config, if you run sudo ss -lntp | grep 8441 you should see two results.

Here’s a short (4 min) video showing me doing that process if it helps: