Catch-all HTTPS service

Pehesi97 · June 27, 2025, 4:18pm

Hello there,

I'm trying to create a catch-all HTTPS service in my OpenZiti network. The idea would be for it to be similar to the "Exit node" Tailscale's feature. Basically, one identity that had access to this service would have all of their outbound HTTPS traffic proxied through the router that had a terminator for that service. I tried to create the service like this:

But it didn't really work, even though a terminator was created for that service.

Am I missing something?

Thank you

zhilyaev · June 27, 2025, 4:45pm

Hi, I have faced the same use case. I use k8s. And I just created ziti-service for the ingress controller. And other Ziti services bind to that ingress.

Pehesi97 · June 30, 2025, 3:47pm

I've found the issue. Even though ZAC says "enter values separated with a comma", I've entered the allowed address "0.0.0.0/0" and typed space. That resulted in the route being recognized as "0.0.0.0/0 " with a trailing space.

TheLumberjack · July 1, 2025, 11:43am

Thanks @Pehesi97 - filed space ends up in intercept config · Issue #695 · openziti/ziti-console · GitHub to track that

Topic		Replies	Views
Accessing HTTP via domain name Ziti Overlay	5	84	May 21, 2024
Creating & Removing Terminator Loop	10	191	November 21, 2023
Forward all Destination Ports over Public-Router Support	7	114	May 15, 2024
Misc notes after a few days of working with ziti General Questions	3	382	October 24, 2022
Connection Refused on All Services via Ziti Intercept (Windows Identities, DNS Resolved)	10	109	April 19, 2025

Catch-all HTTPS service

Related topics