Skip to main content
Star us on GitHub Star

Config Examples

Notes

Commented out options with # tag are generated by the template but not used for the described deployment. The router ip address is used in the private router option, wheres the DNS name is used in the public router. This is only to illustrate how either type can be used as an option for any deployment type.

This is a network side dialing only router with edge. It does not listen for connections from other routers. Set environmental variables to match this type of deployment, and run the command shown.

ZITI_CTRL_EDGE_ADVERTISED_ADDRESS=controller01.zitinetwork.example.org
ZITI_CTRL_LISTENER_PORT=80
ZITI_ROUTER_ADVERTISED_HOST="192.168.10.11"
ZITI_EDGE_ROUTER_IP_OVERRIDE="192.168.10.11"
ZITI_EDGE_ROUTER_PORT=443
ROUTER_NAME=$ZITI_ROUTER_ADVERTISED_HOST
ZITI_ROUTER_IDENTITY_CERT="~/.ziti/config/certs/${ROUTER_NAME}.cert"
ZITI_ROUTER_IDENTITY_SERVER_CERT="~/.ziti/config/certs/${ROUTER_NAME}.server.chain.cert"
ZITI_ROUTER_IDENTITY_KEY="~/.ziti/config/certs/${ROUTER_NAME}.key"
ZITI_ROUTER_IDENTITY_CA="~/.ziti/config/certs/${ROUTER_NAME}.cas"

./ziti create config router edge --routerName $ROUTER_NAME \
--output $ROUTER_NAME.yaml \
--tunnelerMode none \
--private

Generated Configuration

v: 3

identity:
cert: "~/.ziti/config/certs/192.168.10.11.cert"
server_cert: "~/.ziti/config/certs/192.168.10.11.server.chain.cert"
key: "~/.ziti/config/certs/192.168.10.11.key"
ca: "~/.ziti/config/certs/192.168.10.11.cas"

ctrl:
endpoint: tls:controller01.zitinetwork.example.org:80

link:
dialers:
- binding: transport
# listeners:
# - binding: transport
# bind: tls:0.0.0.0:10080
# advertise: tls:192.168.10.11:10080
# options:
# outQueueSize: 4

listeners:
# bindings of edge and tunnel requires an "edge" section below
- binding: edge
address: tls:0.0.0.0:443
options:
advertise: 192.168.10.11:443
connectTimeoutMs: 1000
getSessionTimeout: 60
# - binding: tunnel
# options:
# mode: host #tproxy|host



edge:
csr:
country: US
province: NC
locality: Charlotte
organization: NetFoundry
organizationalUnit: Ziti
sans:
dns:
- Windows-Workstation
- localhost
ip:
- "127.0.0.1"
- "192.168.10.11"

#transport:
# ws:
# writeTimeout: 10
# readTimeout: 5
# idleTimeout: 5
# pongTimeout: 60
# pingInterval: 54
# handshakeTimeout: 10
# readBufferSize: 4096
# writeBufferSize: 4096
# enableCompression: true
# server_cert: ~/.ziti/config/certs/192.168.10.11.server.chain.cert
# key: ~/.ziti/config/certs/192.168.10.11.key

forwarder:
latencyProbeInterval: 10
xgressDialQueueLength: 1000
xgressDialWorkerCount: 128
linkDialQueueLength: 1000
linkDialWorkerCount: 32