Hi OpenZiti community,
I’m self-hosting zrok inside a Docker container on an AWS EC2 instance, where my service is also running. My goal is to expose this service using zrok and automate the process of generating forwarding URLs for clients. Specifically, I have the following questions:
- Database Access:
Does zrok store forwarding URLs in its SQLite database (zrok.db)? If so, can clients directly query this database to retrieve their forwarding URLs? What’s the recommended way to expose this data securely, especially in an AWS EC2 environment? - API for URL Generation:
Does zrok provide a REST API for programmatically creating shares and retrieving forwarding URLs? If yes, could you share an example of how to authenticate and use this API? I’d like to allow clients to generate forwarding URLs on their own without manual intervention. - Fallback Solution:
If the above options aren’t feasible, I’m considering a shell script that runszrok share publicand a Spring Boot API to execute this script. The idea is to allow clients to hit the API, pass the port number of the service they want to expose, and get the forwarding URL in response. Would this approach work, and are there any pitfalls I should be aware of?
Additionally, since this is on AWS EC2, are there any specific configurations or security considerations I should keep in mind while exposing my service using zrok?
Any guidance, examples, or best practices would be greatly appreciated!
Thanks in advance!