Thanks!
In my current testing setup, open Ziti aside, I am running open-webui and the ollama server on the same machine. The open-webui is running in a docker container and the ollama server is not, but they are able to talk to each other. For now, you can ignore the ollama server part, although at some point, what you are suggesting would be cool to get working too, in case I want to run the ollama server somewhere other than where I host open-webui or encrypt traffic between the two.
What I am trying to do is hide the open-webui page within a Ziti network so that you need an Ziti tunnel in order to access the ui. I think this falls under the use case of using Ziti as an alternative to a VPN where you can log into a VPN and there's an ip address on the network serving the UI.
Since I first posted, I have been trying more things out and I discovered that I cannot even register an identity with my macOS tunneler to my controller, so I think my controller configuration might be off? I followed the host anywhere docs to set up the controller on AWS, so not sure what is wrong. I copy/pasted the config stuff right out of the docs.
I have the ZAC working, which is what I have been using to generate the jwt's. My mac Ziti Desktop Edge client just says CONTROLLER_UNAVAILABLE whenever I try to enroll.