Hi all. Apologies if this question has been answered somewhere else in the forum.
I have just started diving in to OpenZiti and am struggling with knowing what I am doing with this service creation and the docs don't seem to cover this. So far, the controller (with console) is deployed and two edge routers are deployed as well and are all working.
To figure out the services, I have a VM that's hosting an app with a web interface and a desktop that I'm treating like a client device. Both have the Ziti Edge client installed. (The VM is rocky linux and the ziti-edge-tunnel is installed correctly according to the Ziti docs. And, the desktop is Windows and installed successfuly.) Both are registered in the Ziti Admin Console and have reported back in with their client and OS info. So, as a baseline, everything seems pretty normal and correct so far.
To create the service, I used the simple service creation wizard in the Ziti admin console. I selected the identity for desktop for what device that can access the service and provided an address (portal.domain.com for example) and port 443. Then, for the hosting configuration, I selected the identity of the VM that hosts the web app I wanted to access, left the protocol on TCP, entered 127.0.0.1 for the address, and used 443 for the port. Saving the service worked and all the necessary configs and policies were created successfully.
Now, I'll admit that I don't fully grasp the hosting configuration. I understand the accessing configuration: what devices are going to be trying to reach Thing A at what address and over what protocol. But the hosting configuration leaves me with more questions and I'm relying on some online guides from OpenZiti to try getting it running. I understand that the identity selected is what device will be hosting the application we're trying to get to (as far as OpenZiti cares: what's at the other end of the tunnel) but I don't quite understand what I've read about the address to be entered here. I initially tried using the actual DNS name of the VM (name.domain.com for example) but, when that didn't work, I edited the service to use the loopback address instead (127.0.0.1). The port was left at 443 because that's where this particular application's web portal is presenting on the hosting VM. I would assume that this port would change to reflect the specific port used by an application's web portal if it were different (1280 for example if I wanted to try putting the Ziti Admin console at the service end of a tunnel).
With this configuration, I would assume that I should be able to go into a web browser and navigate to https://portal.domain.com (as used in the example in the config above) and reach that web portal so long as I am accessing that from the desktop that has the Ziti edge client installed.
Thus far, please feel free to correct me if this is failing because my understanding of either these configs or that expectation of how the connection should work is faulty and the root of this issue.
For further context, both of these devices are on the same network. And, I was already able to access https://portal.domain.com normally in my browser. But, so far, in the Ziti Admin Console, I cannot tell whether this service has been used to know whether this configuration is correct. I expected that the intercept config applied on the desktop would capture that traffic and send it over the tunnel Ziti established with that service. Basically, that Ziti would take precedence as the 'primary' access method. And my hope there was that I would be able to configure services first, confirm access through the service, then block the traffic on the underlay network to get to real ZTNA.
So, this is the 3rd area where I may also be confused or may have not found the correct information in the docs.
Any help would be greatly appreciated. The app seems amazing and I'd love to really get a grasp of it. And it feels like I'm nearly at a solid initial footing.
[Unrelated, a GUI for the Linux edge client (tunneler) like there is for Windows would be amazing for desktop Linux installs with a desktop environment since Microsoft has murdered Windows and Linux on the desktop has stepped into the gap.]