I ask you for help after more than 5 days of trying to install openziti well. I tried to solve some problems but I could not solve others. The router appears in an unhealthy state and the control cannot receive any requests. Note that if I have prepared the port well, I will attach the configuration file through which I installed the router and the control. I hope that through your experience you will help me solve the problem.
compose-controller.yml.txt (2.6 KB)
compose-router.yml.txt (1.8 KB)
docker logs ubuntu-ziti-controller-1 --tail 50.txt (15.1 KB)
docker logs ubuntu-ziti-router-1 --tail 50.txt (7.8 KB)
router1.jwt.txt (995 Bytes)
Hi @ahmed35799, welcome to the community and to OpenZiti!
First, omg I'm sorry you've been struggling for 5 days. Sometimes it's easier for us to provide help if we take a step backward and ask: what is your end goal? Are you trying to get this working for home use? For learning? Are you trying to deploy it on the open internet?
Looking at the compose files, I can see you're using the deployment docker stuff. I can see the error you're seeing in the router logs but it's not quite enough to understand what happened and why.
Can you provide a reproducible set of steps that got you into this state? Have you tried to "down -v" the router and just recreate it?
Thank you very much for your communication and I would like to express my appreciation to this community and wish you all the best. As for my case, I am trying to spread Openziti in a local environment and the goals of that are to learn more and benefit from the Zero Trust environment to protect Internet of Things devices.
Ok. For a first time deployment, here's what i would do.
- figure out the IP address you want to use for your controller: 192.168.1.102
- figure out the IP address you want to use for the router: 192.168.1.104
From the controller deployement doc page, I would run these commands in any directory of your choosing. I used: $HOME/openziti/controller. Notice that these deployments make use of a "special" DNS entry thats basically resolves the entry to the IP that's embedded within the DNS entry. Hopefully, that makes sense.
CONTROLLER_IP=192.168.1.102
ROUTER_IP=192.168.1.104
mkdir -p $HOME/openziti/controller
wget https://get.openziti.io/dist/docker-images/ziti-controller/compose.yml
ZITI_PWD="mypass" \
ZITI_CTRL_ADVERTISED_ADDRESS=ctrl.${CONTROLLER_IP}.sslip.io \
docker compose --project-name ziti up
Once your controller is online, now you need to bring a router online. Do the same sort of steps. Notice here though, you must create the router in the ziti controller first, thus the 'login' step. I also show deleting it in case you want to just re-run these steps... These steps are found on the router deployment doc page. I had to adapt them and add --tunneler-enabled. Also, because these are two separate compose files, I also had to adapt the command to set a --project-name so that docker knows they are supposed to be part of the same overall project to reuse the network:
CONTROLLER_IP=192.168.1.102
ROUTER_IP=192.168.1.104
ziti edge login ctrl.${CONTROLLER_IP}.sslip.io:1280 -u admin -p mypass -y
ziti edge delete edge-router "router1"
ziti edge create edge-router "router1" --tunneler-enabled --jwt-output-file=./router1.jwt
wget https://get.openziti.io/dist/docker-images/ziti-router/compose.yml
ZITI_ENROLL_TOKEN="$(<./router1.jwt)" \
ZITI_CTRL_ADVERTISED_ADDRESS=ctrl.${CONTROLLER_IP}.sslip.io \
ZITI_CTRL_ADVERTISED_PORT=1280 \
ZITI_ROUTER_ADVERTISED_ADDRESS=router1.${ROUTER_IP}.sslip.io \
ZITI_ROUTER_PORT=3022 \
docker compose --project-name ziti up
After those two commands are run you'll have a functional OpenZiti overlay that works externally for the two IP's specified.
Can you run those blocks and see how far you get?
Mr. TheLumberjack I assure you that I cannot thank you enough for this valuable information. I would also like to clarify that my IP address is not an external one. I am just trying to connect the router and controller to my local network so that I can access the devices later. If this method is wrong, let me know so that I can avoid it, as I am finding it difficult to implement your instructions with the steps that I have taken. I ask you to clarify the correct way to deploy Openziti on Ubuntu server using Docker Compeso so that I can later access the home devices and apply the policy to them. I appreciate your efforts and thank you for this wonderful project.
Hi @ahmed35799, yes I could tell by your configs. The 192.168.x.x address space is reserved, so I knew it wasn't a public address.
There is no "correct" way really. Everyone is different. In my opinion, the best way to set yourself up for long-term success is to obtain a DNS zone that you control and use DNS instead of an IP address. If you control the zone, you can do things like make a DNS entry of "controller.my.cool.domain" and set that to "192.168.1.102" and an entry of "router.my.cool.domain" to "192.168.1.104".
Then, when you move the deployment anywhere else, all you'd need to do is update DNS and migrate your network and it'll work from wherever you move it to.
1 Like
[quote="TheLumberjack, post:6, topic:4019"]
controller.my.cool.domain
[/quote] Thank you for your interest. This is indeed a professional opinion and I would be very grateful if you could explain to me the correct way through which I can create DNS records to use in configuring Openziti. 
That's out of scope here. Look for "how to seup a dns name" and stuff like that. 
good luck. have fun!