TheLumberjack:
This is where things get more complex, really quickly... Recently, (a few months ish ago) @qrkourier made an excellent discovery with respect to docker. He discovered that one can basically assign a docker container as the "network" for another docker container. When you do this, it effectively melds the two containers into one bigger container. If you're familiar with kubernetes even a little, this is very similar to the "pod" idea where basically two or more containers can all be aggregated together.
This was really exciting to me, because in general when you're using docker, we had no great way to accomplish this sort of design. If you use ziti-edge-tunnel and want to have it intercept packets it works by making a TUN device but that needs to happen on the actual OS itself. That means everything on the machine will have access to that TUN and that's not what we wanted...
Instead, ziti-router has a mode called tproxy that allows one to shuttle bytes to a process without the need for a TUN which means now we can use ziti-router within docker for strategic intercept-type modes but we could also use something like ziti-edge-tunnel in host mode (where it only offloads data) to offload data specifically for one (or more containers)...
Could you give an example of a docker compose yaml file demonstrating this? I have a controller deployed in AWS and I want to set up a docker compose on my local machine with one container providing the network tunnel to another container running the open-webui for ollama. Following the docker tunneler docs, I can't get the ziti-host container to work at all.