I just installed openziti following the openziti anywhere guide and after the zac installation i can only access by ip rather than dns. ms edge browser returns err_connection_timed_out
this are the steps a i did to configure the server before running the express install script
Create an ubuntu server vm with a definied hostname
It is probably a configuration issue. Please check the settings in /var/lib/private/ziti-controller/config.yml. The part should be in the web: section.
the content of the file, maybe it gives you a clue
* name: client-management
* interface: 0.0.0.0:8441
* address: openziti.**mydomain**:8441
ca: "/home/luciano/.ziti/quickstart/openziti/pki/openziti-edge-controller-root-ca/certs/openziti-edge-controller-root-ca.cert"
key: "/home/luciano/.ziti/quickstart/openziti/pki/openziti-edge-controller-intermediate/keys/openziti.**mydomain**-server.key"
server_cert: "/home/luciano/.ziti/quickstart/openziti/pki/openziti-edge-controller-intermediate/certs/openziti.**mydomain**-server.chain.pem"
cert: "/home/luciano/.ziti/quickstart/openziti/pki/openziti-edge-controller-intermediate/certs/openziti.**mydomain**-client.chain.pem"
#alt_server_certs:
#- server_cert: ""
# server_key: ""
options:
# idleTimeoutMs - optional, default 5000ms
# The maximum amount of idle time in milliseconds allowed for pipelined HTTP requests. Setting this too high
# can cause resources on the host to be consumed as clients remain connected and idle. Lowering this value
# will cause clients to reconnect on subsequent HTTPs requests.
idleTimeout: 5000ms #http timeouts, new
# readTimeoutMs - optional, default 5000ms
# The maximum amount of time in milliseconds http servers will wait to read the first incoming requests. A higher
# value risks consuming resources on the host with clients that are acting bad faith or suffering from high latency
# or packet loss. A lower value can risk losing connections to high latency/packet loss clients.
readTimeout: 5000ms
# writeTimeoutMs - optional, default 100000ms
# The total maximum time in milliseconds that the http server will wait for a single requests to be received and
# responded too. A higher value can allow long-running requests to consume resources on the host. A lower value
# can risk ending requests before the server has a chance to respond.
writeTimeout: 100000ms
# minTLSVersion - optional, default TLS1.2
# The minimum version of TSL to support
minTLSVersion: TLS1.2
# maxTLSVersion - optional, default TLS1.3
# The maximum version of TSL to support
maxTLSVersion: TLS1.3
# apis - required
# Allows one or more APIs to be bound to this webListener
apis:
# binding - required
# Specifies an API to bind to this webListener. Built-in APIs are
# - edge-management
# - edge-client
# - fabric-management
- binding: edge-management
# options - arg optional/required
# This section is used to define values that are specified by the API they are associated with.
# These settings are per API. The example below is for the 'edge-api' and contains both optional values and
# required values.
options: { }
- binding: edge-client
options: { }
- binding: fabric
options: { }
- binding: edge-oidc
options: { }
- binding: zac
options:
location: ./console
indexFile: index.html
Hi @luciano, welcome to the community and to OpenZiti!
If you are able to access the zac using an IP but not by DNS that indicates to me the DNS is not returning the proper IP address.
If it were me, I would use nslookup or dig to verify the IP that you actually get back and verify it.
I would also not use your hosts file, it's really easy to forget an entry in there and if you have an A record (or in your case CNAME pointing to an A record that has the proper IP) then it should definitely work.