Config Examples
Commented out options with # tag are generated by the template but not used for the described deployment. The router ip address is used in the private router option, wheres the DNS name is used in the public router. This is only to illustrate how either type can be used as an option for any deployment type.
- Private Router w/ Edge
- Private Router w/ Edge & Tunneler
- Public Router w/ Edge
This is a network side dialing only router with edge. It does not listen for connections from other routers. Set environmental variables to match this type of deployment, and run the command shown.
ZITI_CTRL_ADVERTISED_ADDRESS=controller01.zitinetwork.example.org
ZITI_CTRL_PORT=80
ZITI_ROUTER_ADVERTISED_HOST="192.168.10.11"
ZITI_EDGE_ROUTER_IP_OVERRIDE="192.168.10.11"
ZITI_EDGE_ROUTER_PORT=443
ROUTER_NAME=$ZITI_ROUTER_ADVERTISED_HOST
ZITI_ROUTER_IDENTITY_CERT="~/.ziti/config/certs/${ROUTER_NAME}.cert"
ZITI_ROUTER_IDENTITY_SERVER_CERT="~/.ziti/config/certs/${ROUTER_NAME}.server.chain.cert"
ZITI_ROUTER_IDENTITY_KEY="~/.ziti/config/certs/${ROUTER_NAME}.key"
ZITI_ROUTER_IDENTITY_CA="~/.ziti/config/certs/${ROUTER_NAME}.cas"
./ziti create config router edge --routerName  $ROUTER_NAME \
                                --output $ROUTER_NAME.yaml \
                                --tunnelerMode none \
                                --private
Generated Configuration
v: 3
identity:
    cert:                 "~/.ziti/config/certs/192.168.10.11.cert"
    server_cert:          "~/.ziti/config/certs/192.168.10.11.server.chain.cert"
    key:                  "~/.ziti/config/certs/192.168.10.11.key"
    ca:                   "~/.ziti/config/certs/192.168.10.11.cas"
ctrl:
    endpoint:             tls:controller01.zitinetwork.example.org:80
link:
    dialers:
        - binding: transport
#  listeners:
#    - binding:          transport
#      bind:             tls:0.0.0.0:10080
#      advertise:        tls:192.168.10.11:10080
#      options:
#        outQueueSize:   4
listeners:
# bindings of edge and tunnel requires an "edge" section below
  - binding: edge
    address: tls:0.0.0.0:443
    options:
        advertise: 192.168.10.11:443
        connectTimeoutMs: 1000
        getSessionTimeout: 60
#  - binding: tunnel
#    options:
#      mode: host #tproxy|host
edge:
    csr:
        country: US
        province: NC
        locality: Charlotte
        organization: NetFoundry
        organizationalUnit: Ziti
        sans:
            dns:
                - Windows-Workstation
                - localhost
            ip:
                - "127.0.0.1"
                - "192.168.10.11"
#transport:
#  ws:
#    writeTimeout: 10
#    readTimeout: 5
#    idleTimeout: 5
#    pongTimeout: 60
#    pingInterval: 54
#    handshakeTimeout: 10
#    readBufferSize: 4096
#    writeBufferSize: 4096
#    enableCompression: true
#    server_cert: ~/.ziti/config/certs/192.168.10.11.server.chain.cert
#    key: ~/.ziti/config/certs/192.168.10.11.key
forwarder:
    latencyProbeInterval: 10
    xgressDialQueueLength: 1000
    xgressDialWorkerCount: 128
    linkDialQueueLength: 1000
    linkDialWorkerCount: 32
This is a network side dialing only router with edge and tunneler( i.e. gateway mode). It does not listen for connections from other routers. Set environmental variables to match this type of deployment, and run the command shown.
ZITI_CTRL_ADVERTISED_ADDRESS=controller01.zitinetwork.example.org
ZITI_CTRL_PORT=80
ZITI_ROUTER_ADVERTISED_HOST="192.168.10.11"
ZITI_EDGE_ROUTER_IP_OVERRIDE="192.168.10.11"
ZITI_EDGE_ROUTER_PORT=443
ROUTER_NAME=$ZITI_ROUTER_ADVERTISED_HOST
ZITI_ROUTER_IDENTITY_CERT="~/.ziti/config/certs/${ROUTER_NAME}.cert"
ZITI_ROUTER_IDENTITY_SERVER_CERT="~/.ziti/config/certs/${ROUTER_NAME}.server.chain.cert"
ZITI_ROUTER_IDENTITY_KEY="~/.ziti/config/certs/${ROUTER_NAME}.key"
ZITI_ROUTER_IDENTITY_CA="~/.ziti/config/certs/${ROUTER_NAME}.cas"
./ziti create config router edge --routerName  $ROUTER_NAME \
                                --output $ROUTER_NAME.yaml \
                                --tunnelerMode tproxy \
                                --lanInterface eth0 \
                                --private
Generated Configuration
v: 3
identity:
    cert:                 "~/.ziti/config/certs/192.168.10.11.cert"
    server_cert:          "~/.ziti/config/certs/192.168.10.11.server.chain.cert"
    key:                  "~/.ziti/config/certs/192.168.10.11.key"
    ca:                   "~/.ziti/config/certs/192.168.10.11.cas"
ctrl:
    endpoint:             tls:controller01.zitinetwork.example.org:80
link:
    dialers:
        - binding: transport
#  listeners:
#    - binding:          transport
#      bind:             tls:0.0.0.0:10080
#      advertise:        tls:192.168.10.11:10080
#      options:
#        outQueueSize:   4
listeners:
# bindings of edge and tunnel requires an "edge" section below
  - binding: edge
    address: tls:0.0.0.0:443
    options:
        advertise: 192.168.10.11:443
        connectTimeoutMs: 1000
        getSessionTimeout: 60
  - binding: tunnel
    options:
        mode: tproxy #tproxy|host
        resolver: udp://192.168.10.11:53
        lanIf: eth0
edge:
    csr:
        country: US
        province: NC
        locality: Charlotte
        organization: NetFoundry
        organizationalUnit: Ziti
        sans:
            dns:
                - Windows-Workstation
                - localhost
            ip:
                - "127.0.0.1"
                - "192.168.10.11"
#transport:
#  ws:
#    writeTimeout: 10
#    readTimeout: 5
#    idleTimeout: 5
#    pongTimeout: 60
#    pingInterval: 54
#    handshakeTimeout: 10
#    readBufferSize: 4096
#    writeBufferSize: 4096
#    enableCompression: true
#    server_cert: ~/.ziti/config/certs/192.168.10.11.server.chain.cert
#    key: ~/.ziti/config/certs/192.168.10.11.key
forwarder:
    latencyProbeInterval: 10
    xgressDialQueueLength: 1000
    xgressDialWorkerCount: 128
    linkDialQueueLength: 1000
    linkDialWorkerCount: 32
This is a network side dialing and listening router with edge. It listens for connections from other routers. The host firewall needs to be opened to allow connections through. In this example code, the listen ports are 80 and 443. Set environmental variables to match this type of deployment, and run the command shown.
ZITI_CTRL_ADVERTISED_ADDRESS=controller01.zitinetwork.example.org
ZITI_CTRL_PORT=80
ZITI_EDGE_ROUTER_RAWNAME=router01.zitinetwork.example.org
ZITI_EDGE_ROUTER_PORT=443
ROUTER_NAME=$ZITI_EDGE_ROUTER_RAWNAME
ZITI_ROUTER_IDENTITY_CERT="~/.ziti/config/certs/${ROUTER_NAME}.cert"
ZITI_ROUTER_IDENTITY_SERVER_CERT="~/.ziti/config/certs/${ROUTER_NAME}.server.chain.cert"
ZITI_ROUTER_IDENTITY_KEY="~/.ziti/config/certs/${ROUTER_NAME}.key"
ZITI_ROUTER_IDENTITY_CA="~/.ziti/config/certs/${ROUTER_NAME}.cas"
./ziti create config router edge --routerName  $ROUTER_NAME \
                                --output $ROUTER_NAME.yaml \
                                --tunnelerMode none
Generated Configuration
v: 3
identity:
    cert:                 "~/.ziti/config/certs/router01.zitinetwork.example.org.cert"
    server_cert:          "~/.ziti/config/certs/router01.zitinetwork.example.org.server.chain.cert"
    key:                  "~/.ziti/config/certs/router01.zitinetwork.example.org.key"
    ca:                   "~/.ziti/config/certs/router01.zitinetwork.example.org.cas"
ctrl:
    endpoint:             tls:controller01.zitinetwork.example.org:80
link:
    dialers:
        - binding: transport
    listeners:
        - binding:          transport
        bind:             tls:0.0.0.0:10080
        advertise:        tls:router01.zitinetwork.example.org:10080
        options:
            outQueueSize:   4
listeners:
# bindings of edge and tunnel requires an "edge" section below
  - binding: edge
    address: tls:0.0.0.0:443
    options:
        advertise: router01.zitinetwork.example.org:443
        connectTimeoutMs: 1000
        getSessionTimeout: 60
#  - binding: tunnel
#    options:
#      mode: host #tproxy|host
edge:
    csr:
        country: US
        province: NC
        locality: Charlotte
        organization: NetFoundry
        organizationalUnit: Ziti
        sans:
            dns:
                - router01.zitinetwork.example.org
                - localhost
            ip:
                - "127.0.0.1"
#transport:
#  ws:
#    writeTimeout: 10
#    readTimeout: 5
#    idleTimeout: 5
#    pongTimeout: 60
#    pingInterval: 54
#    handshakeTimeout: 10
#    readBufferSize: 4096
#    writeBufferSize: 4096
#    enableCompression: true
#    server_cert: ~/.ziti/config/certs/router01.zitinetwork.example.org.server.chain.cert
#    key: ~/.ziti/config/certs/router01.zitinetwork.example.org.key
forwarder:
    latencyProbeInterval: 10
    xgressDialQueueLength: 1000
    xgressDialWorkerCount: 128
    linkDialQueueLength: 1000
    linkDialWorkerCount: 32