ZAC install problem

Nick · July 17, 2023, 11:27pm

Hi y’all:

While I use express installation and following the instruction from
Ziti Admin Console | OpenZiti , the installation stopped and the port 8443 cannot be created, it just like the installation stuck there forever.

Is there any idea ?

ubuntu@ip-172-31-29-51:~/.ziti/quickstart/ip-172-31-29-51/ziti-console$ node "${ZITI_HOME}/ziti-console/server.js"
Initializing TLS
TLS initialized on port: 8443
Ziti Server running on port 1408
Loading Settings File From: /home/ubuntu/.ziti/quickstart/ip-172-31-29-51/ziti-console/../ziti/settings.json
{
  edgeControllers: [],
  editable: true,
  update: false,
  location: '../ziti',
  port: 1408,
  portTLS: 8443,
  logo: '',
  primary: '',
  secondary: '',
  allowPersonal: true,
  rejectUnauthorized: false,
  mail: { host: '', port: 25, secure: false, auth: { user: '', pass: '' } },
  from: '',
  to: ''
}
Ziti Admin Console is now listening on port 1408

ziti-console systemd file written to: /home/ubuntu/.ziti/quickstart/ip-172-31-29-51/ziti-console.service
Created symlink /etc/systemd/system/multi-user.target.wants/ziti-console.service → /etc/systemd/system/ziti-console.service.
ubuntu@ip-172-31-29-51:~/.ziti/quickstart/ip-172-31-29-51/ziti-console$ node "${ZITI_HOME}/ziti-console/server.js"
Initializing TLS
TLS initialized on port: 8443
Ziti Server running on port 1408
Loading Settings File From: /home/ubuntu/.ziti/quickstart/ip-172-31-29-51/ziti-console/../ziti/settings.json
{
  edgeControllers: [],
  editable: true,
  update: false,
  location: '../ziti',
  port: 1408,
  portTLS: 8443,
  logo: '',
  primary: '',
  secondary: '',
  allowPersonal: true,
  rejectUnauthorized: false,
  mail: { host: '', port: 25, secure: false, auth: { user: '', pass: '' } },
  from: '',
  to: ''
}
Port 1408 In Use, Attempting new port 1409
Ziti Admin Console is now listening on port 1409
^C
Initializing: command not found
TLS: command not found
Ziti: command not found
ubuntu@ip-172-31-29-51:~/.ziti/quickstart/ip-172-31-29-51/ziti-console$ sudo systemctl status ziti-console --lines=0 --no-pager
● ziti-console.service - Ziti-Console
     Loaded: loaded (/etc/systemd/system/ziti-console.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-07-17 23:36:15 UTC; 35s ago
   Main PID: 1465 (node)
      Tasks: 11 (limit: 4676)
     Memory: 28.0M
        CPU: 665ms
     CGroup: /system.slice/ziti-console.service
             └─1465 /usr/bin/node /home/ubuntu/.ziti/quickstart/ip-172-31-29-51/ziti-console/server.js
ubuntu@ip-172-31-29-51:~/.ziti/quickstart/ip-172-31-29-51/ziti-console$ sudo ss -lntp | grep node
LISTEN 0      511                *:1408             *:*    users:(("node",pid=1465,fd=19))          
ubuntu@ip-172-31-29-51:~/.ziti/quickstart/ip-172-31-29-51/ziti-console$

Nick · July 18, 2023, 12:45am

Is there anyone did the installation following the Host OpenZiti Anywhere | OpenZiti and Ziti Admin Console | OpenZiti ?
If you host the controller on cloud (AWS), can you open it through https://${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}:8443 ?

JamminSoleng · July 18, 2023, 2:03am

Hi Nick, I have deployed the quickstart and ZAC on AWS.

Last time I did it, I used the DNS name.

I first issued this command:

export EXTERNAL_DNS=$(dig +short -x $(curl -s icanhazip.com) | sed "s/.$//")

Then follow the rest of the quickstart guide.

Was there any error message during the quickstart installation?

the log file should be under /home/ubuntu/.ziti/quickstart/ip-172-31-29-51/

TheLumberjack · July 18, 2023, 2:06am

I just went through the quickstart with a fresh install. I think there’s a bug with the latest quickstart as the ZAC came up on port 1408 only and not port 8443. I think I know what the problem is. I’ll see if I can get you an updated instruction set making the symlink (which is what triggers ZAC to serve TLS). I’ll follow up in a bit

TheLumberjack · July 18, 2023, 2:17am

Yeah, we missed updating the doc for ZAC. If you followed the quickstart and couldn’t connect to :8443 then these steps should ‘fix’ your install.

Remove the broken symlinks

rm "${ZITI_HOME}/ziti-console/server.chain.pem"
rm "${ZITI_HOME}/ziti-console/server.key"

Re-link the server cert/key in ZAC

ln -s "${ZITI_PKI}/${ZITI_CTRL_EDGE_NAME}-intermediate/certs/${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}-server.chain.pem" "${ZITI_HOME}/ziti-console/server.chain.pem"
ln -s "${ZITI_PKI}/${ZITI_CTRL_EDGE_NAME}-intermediate/keys/${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}-server.key" "${ZITI_HOME}/ziti-console/server.key"

Restart the ZAC service

sudo systemctl restart ziti-console

At that point, you should be able to access ZAC using the PKI that was just provisioned at https://${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}:8443

I’ll get a PR up to fix our doc, thanks for pointing this out!

Nick · July 18, 2023, 7:16pm

Hi:

Thank you for your solution, however, there are still some problem on my side:

Following your new approach, I cannot access the address in the browser. From my commands, is there anything wrong ?

ubuntu@ip-172-31-30-239:~$ npm -v
9.8.0
ubuntu@ip-172-31-30-239:~$ node -v
v18.16.1
ubuntu@ip-172-31-30-239:~$ export EXTERNAL_DNS="ec2-3-143-141-152.us-east-2.compute.amazonaws.com"
ubuntu@ip-172-31-30-239:~$ export EXTERNAL_IP="$(curl -s eth0.me)"       
export ZITI_EDGE_CONTROLLER_IP_OVERRIDE="${EXTERNAL_IP}"
export ZITI_ROUTER_IP_OVERRIDE="${EXTERNAL_IP}"
export ZITI_CTRL_EDGE_ADVERTISED_ADDRESS="${EXTERNAL_DNS}"
export ZITI_ROUTER_ADVERTISED_ADDRESS="${EXTERNAL_DNS}"
export ZITI_CTRL_ADVERTISED_PORT=8440
export ZITI_CTRL_EDGE_ADVERTISED_PORT=8441
export ZITI_ROUTER_PORT=8442
ubuntu@ip-172-31-30-239:~$ source /dev/stdin <<< "$(wget -qO- https://get.openziti.io/quick/ziti-cli-functions.sh)"; expressInstall
-------------------------------------------------------------
                          _   _     _
                    ____ (_) | |_  (_)
                   |_  / | | | __| | |
                    / /  | | | |_  | |
                   /___| |_|  \__| |_|

-------------------------------------------------------------

This script will make it trivial to set up a very simple environment locally which will allow you to start
learning ziti. This environment is suitable for development work only and is not a decent representation of
a fully redundant production-caliber network.

Please note that, by default, this script will write files to your home directory into a directory named .ziti.
The currently configured location for these files will be: 


  \----------------------------------\ 
   \                                  \        __ 
    \         Welcome To:              \       | \ 
     >        Ziti Express 2.0          >------|  \       ______ 
    /                                  /       --- \_____/**|_|_\____  | 
   /                                  /          \_______ --------- __>-} 
  /----------------------------------/              /  \_____|_____/   | 
                                                    *         | 
                                                             {O} 

Let's get started creating your local development network!

******** Setting Up Your OpenZiti Environment ********
Populating environment variables
Do you want to keep the generated admin password '*****'? (Y/n) n
Type the preferred admin password and press <enter> *****
ZITI_CTRL_EDGE_ADVERTISED_PORT overridden: 8441
ZITI_CTRL_EDGE_ADVERTISED_ADDRESS overridden: ec2-3-143-141-152.us-east-2.compute.amazonaws.com
ZITI_CTRL_ADVERTISED_PORT overridden: 8440
ZITI_ROUTER_PORT overridden: 8442
ZITI_HOME overridden: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239
Your OpenZiti environment has been set up successfully.

A file with all pertinent environment values was created here: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ip-172-31-30-239.env

********      Getting OpenZiti Binaries       ********
Getting OpenZiti binaries

No existing binary found, creating the ZITI_BIN_DIR directory (/home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ziti-bin/ziti-v0.29.0)
Downloading https://github.com/openziti/ziti/releases/download/v0.29.0/ziti-linux-amd64-0.29.0.tar.gz to /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ziti-bin/ziti-v0.29.0/ziti-linux-amd64-0.29.0.tar.gz
OpenZiti binaries v0.29.0 successfully extracted to /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ziti-bin/ziti-v0.29.0

******** Ensure the Necessary Ports Are Open  ********
Checking Controller's port (8440) Open
Checking Edge Router's port (8442) Open
Checking Edge Controller's port (8441) Open
Checking Router Listener Bind Port's port (10080) Open
Expected ports are all available

******** Generating Public Key Infrastructure ********
Generating PKI
Creating CA: ip-172-31-30-239-root-ca
Success
 
Creating CA: ip-172-31-30-239-edge-controller-root-ca
Success
 
Creating CA: ip-172-31-30-239-signing-root-ca
Success
 
Creating intermediate: ip-172-31-30-239-root-ca ip-172-31-30-239-intermediate 1
Using CA name:  ip-172-31-30-239-root-ca
Success
 
Creating intermediate: ip-172-31-30-239-edge-controller-root-ca ip-172-31-30-239-edge-controller-intermediate 1
Using CA name:  ip-172-31-30-239-edge-controller-root-ca
Success
 
Creating intermediate: ip-172-31-30-239-signing-root-ca ip-172-31-30-239-signing-intermediate_spurious_intermediate 2
Using CA name:  ip-172-31-30-239-signing-root-ca
Success
 
Creating intermediate: ip-172-31-30-239-signing-intermediate_spurious_intermediate ip-172-31-30-239-signing-intermediate 1
Using CA name:  ip-172-31-30-239-signing-intermediate_spurious_intermediate
Success
 
 
Creating server cert from ca: ip-172-31-30-239-intermediate for ip-172-31-30-239,localhost / 127.0.0.1
Using CA name:  ip-172-31-30-239-intermediate
Success
Creating client cert from ca: ip-172-31-30-239-intermediate for ip-172-31-30-239,localhost
Using CA name:  ip-172-31-30-239-intermediate
Success
 
Creating server cert from ca: ip-172-31-30-239-edge-controller-intermediate for ec2-3-143-141-152.us-east-2.compute.amazonaws.com,ip-172-31-30-239,localhost / 127.0.0.1
Using CA name:  ip-172-31-30-239-edge-controller-intermediate
Success
Creating client cert from ca: ip-172-31-30-239-edge-controller-intermediate for ec2-3-143-141-152.us-east-2.compute.amazonaws.com,ip-172-31-30-239,localhost
Using CA name:  ip-172-31-30-239-edge-controller-intermediate
Success
 
PKI generated successfully

********         Setting Up Controller        ********
wrote CA file to: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/pki/cas.pem
Controller configuration file written to: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ip-172-31-30-239.yaml
ZITI_HOME overridden: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239
ip-172-31-30-239 initialized. See /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ip-172-31-30-239-init.log for details
[1] 25835
ziti controller started as process id: 25835. log located at: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ip-172-31-30-239.log
waiting for the controller to come online to allow the edge router to enroll
waiting for https://ec2-3-143-141-152.us-east-2.compute.amazonaws.com:8441

******** Setting Up Edge Router ********
Untrusted certificate authority retrieved from server
Verified that server supplied certificates are trusted by server
Server supplied 5 certificates
Server certificate chain written to /home/ubuntu/.config/ziti/certs/ec2-3-143-141-152.us-east-2.compute.amazonaws.com
Token: 645ca1ae-6a9b-498e-9cd3-740c65db7e21
Saving identity 'default' to /home/ubuntu/.config/ziti/ziti-cli.json

----------  Creating an edge router policy allowing all identities to connect to routers with a #public attribute
----------  Creating a service edge router policy allowing all services to use #public edge routers

USING ZITI_ROUTER_NAME: ip-172-31-30-239-edge-router
Token: 2eca8811-10e7-4c29-b881-0eb823ba90be
Saving identity 'default' to /home/ubuntu/.config/ziti/ziti-cli.json
Found 0 edge-routers with id or name matching ip-172-31-30-239-edge-router
New edge router ip-172-31-30-239-edge-router created with id: JKIlnDhJLp
Enrollment expires at 2023-07-18T22:03:36.519Z
public router configuration file written to: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ip-172-31-30-239-edge-router.yaml
Enrollment successful

Controller stopped.
Edge Router enrolled.

Congratulations. Express setup complete!
Your ZITI_HOME is located here: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239
Your admin password is: *****

Start your Ziti Controller by running the function: startController
Start your Ziti Edge Router by running : startRouter

ubuntu@ip-172-31-30-239:~$ createControllerSystemdFile
createRouterSystemdFile "${ZITI_ROUTER_NAME}"
[1]+  Done                    "${ZITI_BIN_DIR-}/ziti" controller run "${ZITI_HOME}/${ZITI_CTRL_NAME}.yaml" &> "${log_file}" 2>&1
Controller systemd file written to: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ip-172-31-30-239.service
Router systemd file written to: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ip-172-31-30-239-edge-router.service
ubuntu@ip-172-31-30-239:~$ stopRouter 
stopController
No process found.
No process found.
ubuntu@ip-172-31-30-239:~$ sudo cp "${ZITI_HOME}/${ZITI_CTRL_NAME}.service" /etc/systemd/system/ziti-controller.service
sudo cp "${ZITI_HOME}/${ZITI_ROUTER_NAME}.service" /etc/systemd/system/ziti-router.service
sudo systemctl daemon-reload
sudo systemctl enable --now ziti-controller
sudo systemctl enable --now ziti-router
Created symlink /etc/systemd/system/multi-user.target.wants/ziti-controller.service → /etc/systemd/system/ziti-controller.service.
Created symlink /etc/systemd/system/multi-user.target.wants/ziti-router.service → /etc/systemd/system/ziti-router.service.
ubuntu@ip-172-31-30-239:~$ sudo systemctl -q status ziti-controller --lines=0 --no-pager
sudo systemctl -q status ziti-router --lines=0 --no-pager
● ziti-controller.service - Ziti-Controller
     Loaded: loaded (/etc/systemd/system/ziti-controller.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-07-18 19:04:32 UTC; 11s ago
   Main PID: 25994 (ziti)
      Tasks: 8 (limit: 4686)
     Memory: 52.7M
        CPU: 949ms
     CGroup: /system.slice/ziti-controller.service
             └─25994 /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ziti-bin/ziti-v0.29.0/ziti controller run /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ip-172-31-30-239.yaml
● ziti-router.service - Ziti-Router for ip-172-31-30-239-edge-router
     Loaded: loaded (/etc/systemd/system/ziti-router.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-07-18 19:04:32 UTC; 11s ago
   Main PID: 26031 (ziti)
      Tasks: 7 (limit: 4686)
     Memory: 334.7M
        CPU: 1.154s
     CGroup: /system.slice/ziti-router.service
             └─26031 /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ziti-bin/ziti-v0.29.0/ziti router run /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ip-172-31-30-239-edge-router.ya…
ubuntu@ip-172-31-30-239:~$ git clone https://github.com/openziti/ziti-console.git "${ZITI_HOME}/ziti-console"
Cloning into '/home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ziti-console'...
remote: Enumerating objects: 2336, done.
remote: Counting objects: 100% (743/743), done.
remote: Compressing objects: 100% (349/349), done.
remote: Total 2336 (delta 489), reused 587 (delta 347), pack-reused 1593
Receiving objects: 100% (2336/2336), 14.11 MiB | 29.07 MiB/s, done.
Resolving deltas: 100% (1563/1563), done.
ubuntu@ip-172-31-30-239:~$ cd "${ZITI_HOME}/ziti-console"
npm install
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142

added 205 packages, and audited 435 packages in 10s

23 packages are looking for funding
  run `npm fund` for details

5 vulnerabilities (4 moderate, 1 high)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ ln -s "${ZITI_PKI}/${ZITI_CTRL_EDGE_NAME}-intermediate/certs/${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}-server.chain.pem" "${ZITI_HOME}/ziti-console/server.chain.pem"
ln -s "${ZITI_PKI}/${ZITI_CTRL_EDGE_NAME}-intermediate/keys/${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}-server.key" "${ZITI_HOME}/ziti-console/server.key"
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ rm "${ZITI_HOME}/ziti-console/server.chain.pem"
rm "${ZITI_HOME}/ziti-console/server.key"
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ ln -s "${ZITI_PKI}/${ZITI_CTRL_EDGE_NAME}-intermediate/certs/${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}-server.chain.pem" "${ZITI_HOME}/ziti-console/server.chain.pem"
ln -s "${ZITI_PKI}/${ZITI_CTRL_EDGE_NAME}-intermediate/keys/${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}-server.key" "${ZITI_HOME}/ziti-console/server.key"
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ sudo systemctl restart ziti-console
Failed to restart ziti-console.service: Unit ziti-console.service not found.
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ source /dev/stdin <<< "$(wget -qO- https://get.openziti.io/quick/ziti-cli-functions.sh)"
createZacSystemdFile
sudo cp "${ZITI_HOME}/ziti-console.service" /etc/systemd/system
sudo systemctl daemon-reload
sudo systemctl enable --now ziti-console
ziti-console systemd file written to: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ziti-console.service
Created symlink /etc/systemd/system/multi-user.target.wants/ziti-console.service → /etc/systemd/system/ziti-console.service.
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ node "${ZITI_HOME}/ziti-console/server.js"
Initializing TLS
TLS initialized on port: 8443
Ziti Server running on port 1408
Loading Settings File From: /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ziti-console/../ziti/settings.json
{
  edgeControllers: [],
  editable: true,
  update: false,
  location: '../ziti',
  port: 1408,
  portTLS: 8443,
  logo: '',
  primary: '',
  secondary: '',
  allowPersonal: true,
  rejectUnauthorized: false,
  mail: { host: '', port: 25, secure: false, auth: { user: '', pass: '' } },
  from: '',
  to: ''
}
TLS initialized on port: 8443
Port 1408 In Use, Attempting new port 1409
node:events:491
      throw er; // Unhandled 'error' event
      ^

Error: listen EADDRINUSE: address already in use :::8443
    at Server.setupListenHandle [as _listen2] (node:net:1740:16)
    at listenInCluster (node:net:1788:12)
    at Server.listen (node:net:1876:7)
    at file:///home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ziti-console/server.js:1957:36
Emitted 'error' event on Server instance at:
    at emitErrorNT (node:net:1767:8)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
  code: 'EADDRINUSE',
  errno: -98,
  syscall: 'listen',
  address: '::',
  port: 8443
}

Node.js v18.16.1
Initializing: command not found
TLS: command not found
Ziti: command not found
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ sudo systemctl status ziti-console --lines=0 --no-pager
● ziti-console.service - Ziti-Console
     Loaded: loaded (/etc/systemd/system/ziti-console.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-07-18 19:06:37 UTC; 30s ago
   Main PID: 26182 (node)
      Tasks: 11 (limit: 4686)
     Memory: 28.9M
        CPU: 672ms
     CGroup: /system.slice/ziti-console.service
             └─26182 /usr/bin/node /home/ubuntu/.ziti/quickstart/ip-172-31-30-239/ziti-console/server.js
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ sudo ss -lntp | grep node
LISTEN 0      511                *:1408             *:*    users:(("node",pid=26182,fd=19))           
LISTEN 0      511                *:8443             *:*    users:(("node",pid=26182,fd=20))           
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ rm "${ZITI_HOME}/ziti-console/server.chain.pem"
rm "${ZITI_HOME}/ziti-console/server.key"
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ ln -s "${ZITI_PKI}/${ZITI_CTRL_EDGE_NAME}-intermediate/certs/${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}-server.chain.pem" "${ZITI_HOME}/ziti-console/server.chain.pem"
ln -s "${ZITI_PKI}/${ZITI_CTRL_EDGE_NAME}-intermediate/keys/${ZITI_CTRL_EDGE_ADVERTISED_ADDRESS}-server.key" "${ZITI_HOME}/ziti-console/server.key"
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ sudo systemctl restart ziti-console
ubuntu@ip-172-31-30-239:~/.ziti/quickstart/ip-172-31-30-239/ziti-console$ sudo ss -lntp | grep node
LISTEN 0      511                *:1408             *:*    users:(("node",pid=26262,fd=19))           
LISTEN 0      511                *:8443             *:*    users:(("node",pid=26262,fd=20))

TheLumberjack · July 18, 2023, 7:20pm

Really. Odd. I can see in your ss that it’s listening on :8443

LISTEN 0      511                *:8443             *:*    users:(("node",pid=26262,fd=20))

Could it be that the webacl doesn’t have 8443 open? I cannot connect to ec2-3-143-141-152.us-east-2.compute.amazonaws.com:8441/ at all. Nor can I connect to 8443 either. Test with:

openssl s_client -connect ec2-3-143-141-152.us-east-2.compute.amazonaws.com:8441

and

openssl s_client -connect ec2-3-143-141-152.us-east-2.compute.amazonaws.com:8443

I suspect you forgot to open the firewall in AWS

Nick · July 18, 2023, 7:30pm

I was silly

I forgot set the firewall. Now, it is working.

TheLumberjack · July 18, 2023, 7:31pm

Excellent. That’s great to hear!

TheLumberjack · July 20, 2023, 12:03pm

FYI - the documentation error is resolved in Ziti Admin Console | OpenZiti

The “ZAC install” should be correct for the latest. Thanks again for reporting the miss.

Topic		Replies	Views
Ziti Admin Console - Access Ziti Administration Console	3	426	April 18, 2023
Quick Start Console Port Confusion Ziti Administration Console	2	33	September 2, 2024
ZITI login problems Ziti Administration Console	1	129	November 23, 2023
After updating ZAC, service policy modified Ziti Overlay	5	162	June 20, 2023
ZAC visualisation issue Ziti Administration Console	7	229	August 17, 2023

ZAC install problem

Remove the broken symlinks

Re-link the server cert/key in ZAC

Restart the ZAC service

Related topics