[Feature Request] Connect controller to its own network

[sinamics]

@sinamics Let me try again to explain what I mean. In the picture, this is just the implementation of the controller of the respected @dec0dOS, it can be seen that a regular client and the controller itself are connected to their own network. This allows you to limit access to the controller itself only from the ZeroTier network.

@sinamics We are looking forward to this feature, I will be grateful if you find time for this. 🙏🏻

Originally posted by @dsm150 in #50 (comment)

[sinamics]

I will look into this very soon

[sinamics]

@dsm150 Just to make sure we get this right.
I've connected the controller to its own network and also joined my computer to the same network. Initially, the frontend displayed the controller's connection status as "offline." This was due to the controller connection status not being implemented, even though the controller was actually online.

I've made improvements to the UI. Now it accurately reflects the controller's status:

I also updated the ZT_ALLOW_MANAGEMENT_FROM field to include the network's CIDR. For further testing, I installed SSH inside the zyclonite/zerotier container. I successfully accessed the controller via SSH from my I9 Desktop using the zt network.

[BrianVB]

@sinamics how exactly did you get the controller to join its own network? I have a server that is hosting a zerotier controller as well as several other services for a private organization. I'm trying replace my existing setup and use ztnet but cannot accomplish what I've been able to do without it.

The way I've done this in the past is to enter the docker container with zerotier (docker exec -it zerotier bash) and the follow the normal procedure to join a network (zerotier-cli join XXXXXXXXXXXX).

With the container that's being used in this package, I can't enter it that way since bash isn't in the PATH. But, I can by using docker exec -it zerotier sh. But then if I execute zerotier-cli info I get an error:

Error connecting to the ZeroTier service: 

Please check that the service is running and that TCP port 9993 can be contacted via 127.0.0.1.

I saw what you said here ( #50 (comment) ). So, I tried entering the ztnet container (docker exec -it ztnet bash) and then using CURL to access the zerotier API. But, this doesn't seem suitable either.

TOKEN=$(sudo cat /var/lib/zerotier-one/authtoken.secret)
curl "http://zerotier:9993/info" -H "X-ZT1-AUTH: ${TOKEN}"
{
	"controller": true,
	"apiVersion": 4,
	"clock": 1703035208100,
	"databaseReady": true
}

I can't figure out how to get the node id of zerotier that is running the controller. Nor can I figure out how to use the zerotier-cli in the container it is set up in. And I haven't found any instructions in the documentation either. The only mention of it is this issue but between it and what it's referencing it's not clear how to accomplish this.

[sinamics]

@BrianVB comment out this line in the docker-compose.yml
- ZT_ALLOW_MANAGEMENT_FROM=172.31.255.0/29

Restart
docker-compose up -d

Then these commands should work
docker exec zerotier zerotier-cli info

or

docker exec -it zerotier sh
zerotier-cli info

[BrianVB]

@sinamics thank you! That worked. I have a follow up question I will open a different issue for since it is only tangentially related to this one.