Quickstart(ish): Can see service but can't access it

Got it, I have that in a “restart everything” script now, but I’m sure I may have forgotten that at some point.

To the point about the IP — does the IP have to always remain the same? Since I eventually want to test using it from outside the home network, on the rare occasions if my external IP changes, what will need to be changed? I don’t think I spotted any external IP references in the configs.

I did see an explicit 127.0.0.1 in ran.yaml:

edge:
  csr:
    country: US
    province: NC
    locality: Charlotte
    organization: NetFoundry
    organizationalUnit: Ziti
    sans:
      dns:
        - ziti.broken-mirror.net
        - localhost
      ip:
        - "127.0.0.1"

But that looks like it relates to the openssl cert that was looked at earlier, so I’m not sure whether that matters.

Again, thank you very much for all the advice! It’s pretty exciting to see things working.

If you’re using a DNS approach, the IP can change and that’s the reason we always favor using a DNS entry over a straight IP address. The quickstart always appends “localhost” and “127.0.0.1” since those are sometimes useful. You can also add other entries to the DNS or IP block but you only get one chance to enroll. Once you enroll, that cert is kinda set in stone… That said, you can ALSO use “alternate server certs” like I do with my public controller/edge router that uses certificates from lets encrypt. You can read about those on the docs site if interested.

Got it. Will definitely take a look.

Thank you!