I was thinking the same.... as I started to work through how to setup an edge router on a remote server.
What I understand is that you need to modify the controller yaml file.. so that the auth can only be done on the controller.. you do this my modifying the listener.
@TheLumberjack has provided some great insights in the following page.. that I am still working through
My understanding is that once you do this.. you will only be able to log into the controller from the controller as local host.
creating a ziti host to manage the auth controller api
is this possible.. I don't really know.. but I would definitely like to know
The reason is.. when you want to create a new public edge router.... its best to log into the controller to make the yaml file.. create the edge router identity.. and enroll the identity on the remote server.
however.. all of this requires that the controller can be remotely accessed.
So.. if you make the login on the controller.. only accessible to the local host of the controller.. this would no longer be possible
Hence.. I am trying to work out a way to manage this in a production instance.. so that you can implement a new edge router.. without having to shut down / turn on the controller to open up access and then remove it again.. after the edge router has been deployed.
Keen to discuss and learn more about this for sure.