Hi All,
I was wondering if we can still protect the admin website as now it hangs behind the 8441 port. Previously we used the 8433 port and whitelisted it.
Thanks!
Tom
I assume you mean the 'ziti admin console' (ZAC). Sure, you can. There are numerous posts on the forum and videos that cover "splitting the api". You want to split your api onto two ports (and possibly two ips, but that's up to you). Leave the "client-api" and "oidc" on the public port and move the fabric, edge and zac to the private port. Example thread/post: Unable to configure Controller with split API - #5 by control_joe
Hi,
Thanks for the reference, I saw this post but did not understand the purpose of it.
I managed to got it seperated by splitting up and copying the settings and changing the port for the managment side
- name: client-management
apis:
- binding: edge-client
options: { }
- binding: edge-oidc
options: { }
- binding: edge-management
options: { }
- binding: fabric
options: { }
- binding: zac
options:
location: ./console
indexFile: index.html
into 2 difrent groups
(public port)
- name: client
bindPoints:
- interface: 0.0.0.0:PUBLIC PORT
address: DNS_TO_ZITI:PUBLIC PORT
apis:
- binding: edge-client
options: { }
- binding: edge-oidc
options: { }
(private port)
- name: management
bindPoints:
- interface: 0.0.0.0:PRIVATE PORT
address: DNS_TO_ZITI:PRIVATE PORT
apis:
- binding: edge-management
options: { }
- binding: fabric
options: { }
- binding: zac
options:
location: ./console
indexFile: index.html
2 Likes