Quickstart in AWS


I am trying to run the Ziti Quickstart on a server in AWS. It works great, other than one minor issue. When I create a new identity, the URL in the JWT token defaults to the private IP of the EC2 instance, instead of the public URL used to access the server. Hence, remote clients cannot reach it to register. I tried to hack and edit the URL in the JWT token and resign it using the signing cert and key, but the enrollment fails, and the controller logs show “TLS handshake error from 172…:24631: EOF”. Is there a way to easily get around this? Maybe rerun the quickstart and tell it to set the controller hostname differently?

Appreciate any help.

@cwalkernf Were you following the Host Ziti Anywhere instructions?

Hello @gberl002,

Thanks for getting back to me. Yes, I followed the instructions. Everything is working fine. I can create objects locally from the CLI, and can access the ZAC on the public URL. Just can’t register a remote client because the JWT has the internal IP.

Okay, I just tried replicating the issue myself but was unsuccessful. You wouldn’t happen to have the quickstart install output still available, would you?

@cwalkernf Actually, can you run this command and paste the output?

grep "ZITI_CONTROLLER\|ADVERTISED" $HOME/.ziti/quickstart/$(hostname)/$(hostname).env

Hi @gberl002,

That led me down the right path. I decided just to reinstall using the below:

→ CONTROLLER_HOSTNAME=“server.public.hostname”
→ sed -i -e “s/$(hostname)/${CONTROLLER_HOSTNAME}/”" /home/ubuntu/ziti-cli-functions.sh
→ export /home/ubuntu/ziti-cli-functions.sh
→ expressInstall

Now the jwt tokens have the public address:


Thank you for the help!