Connecting with UA Discovery
Ignition's OPC UA server is initially, and intentionally, difficult to discover on new installations. To aid with discovery attempts, a separate unsecured endpoint is available, allowing UA clients a means of finding the server. When attempting to discover the server, the endpoint URL should include "/discovery" at the end:
opc.tcp://192.168.2.134:62541/discovery
Is there any way to set this to bind to localhost instead or additionally?
Change the bind address to "localhost" on the OPC UA Server Settings page. Any change here requires a gateway restart.
"localhost" is the default, so if it's not already configured for localhost then somebody has changed it.
It is set to localhost on their page –
is ```Ignition's OPC UA server is initially, and intentionally, difficult to discover on new installations. To aid with discovery attempts, a separate unsecured endpoint is available, allowing UA clients a means of finding the server. When attempting to discover the server, the endpoint URL should include "/discovery" at the end:
opc.tcp://192.168.2.134:62541/discovery```
not accurate?
That's example text. Everybody's gateway says the same thing. Or user manual, or wherever that is quoted from. I don't even know.
That’s a quote from the docs –
I’m asking because external browsing of the discovery endpoint on localhost from a node opc client was failing with
Error: End point must exist opc.tcp://localhost:62541/discovery securityMode = None securityPolicy = http://opcfoundation.org/UA/SecurityPolicy#None
even after the server was set to anonymous access allowed.
Not sure exactly what that error message implies, but it doesn't sounds like you're getting far enough for authentication to matter. If you can get a Wireshark capture and maybe some logs from Ignition that will help clear things up.
I don’t think it’s an authentication issue, i think it’s that external services can’t browse discovery on localhost, they need to use that weird IP from the docs?
No, man... ignore that. If you haven't changed any of the default config, the discovery endpoint URL is opc.tcp://localhost:62541/discovery.
If the client is not running on the same server as the gateway you first need to reconfigure the bind address to 0.0.0.0, restart, and then the endpoint URL you configure for that client will be opc.tcp://<whateveripaddress>:62541/discovery where it's whatever IP address you can reach the server at.
Ok, thanks – so the docs are inaccurate there, then. Just wanted to confirm that.
(Note, i’m quoting Ignition's OPC UA Server | Ignition User Manual )
Well, they're accurate, but maybe instead of using an example IP they need to put a placeholder in the documentation, or just call out that the example is using that IP as the example and that you need to use your own IP address in place of it.
I see, so by “Ignition's OPC UA server is initially, and intentionally, difficult to discover on new installations. To aid with discovery attempts, a separate unsecured endpoint is available,”
the docs literally just mean ‘adding /discovery to the end of the preexisting endpoints’?
Essentially, yes, that's all they're doing, but the wording could definitely be improved.
Feel free to reach out to them at docs@inductiveautomation.com and give them suggestions/improvements on this and anything else that's confusing as it will help others who also encounter the same problems interpreting the documentation.