I am working through how to design the integration for a web application that I have built in Oracle Apex.
I have now worked out how to setup a reverse proxy via a Go server using the following video… nice. This will allow the data to be sent over the OpenZiti fabric.
The next question is then how to connect this to a client web browser.
I have seen examples in the past where users access a website over an OpenZiti network fabric before… so I imagine that it requires a similar configuration.
My understanding is that it requires some type of client installed on a local computer that then connects with the browser… somehow… to render the page in a browser.
I am not sure if this makes any sense… but any comments on how to fill in the gaps would be greatly appreciated.
Hey Markamind, nice work! Yes, for client side the easiest way is to use the OpenZiti clients, e.g., Windows or Linux etc (Choosing a client | Ziti). Alternatively, if you have a app on the client side then that can be zitified directly. Finally, we have a final option in beta for clientless browser access (or BrowZer as we call it) using GitHub - openziti/ziti-sdk-js: A JavaScript-based SDK for delivering secure browser-based web applications over a Ziti Network
1 Like
I have attached a quick video on BrowZer with Oracle Apex - Oracle APEX App Under browZer - YouTube.
1 Like
Hi Markamind,
I’d like to add a little more detail to Phillip’s responses. Forgive me if this is basic and review for you
Here’s a diagram of what I think you’re looking to accomplish:
In this setup, this is roughly what happens:
- User opens
https://YourAwesomeSite.private
in their browser.
- The Ziti edge software intercepts the request based on the address and forward traffic over the Ziti network.
- The reverse proxy forwards the connection to the APEX server.
The user’s computer, reverse proxy and APEX servers are all dark - there are no listening ports on the internet.
The magic sauce to make this work is a ziti-tunneler-client.v1
configuration on your APEX service. The tunneler client configuration is used by Ziti Edge software to set up a DNS intercept, which allows the browser traffic to be automatically piped over the Ziti fabric.
Here’s an example using the Ziti CLI
ziti edge create config apex-service-config ziti-tunneler-client.v1 '{"hostname": "yourawesomesite.private","port": 443}'
Then assign the config when you create the service
ziti edge create service apex-service --configs apex-service-config
I see that you’re using a GO application as a reverse proxy, which is fine. Ziti provides a couple of options if you would prefer a pre-built solution: tunneler, edge router
If you use one of the Ziti solutions then you’ll also need to add a server config to your service to enable the component to connect to your Apex service to transfer data.
ziti edge create config apex-host-config ziti-tunneler-server.v1 '{"hostname":"apex-server-address","port":443}'
Hopefully this helps!
-Tod
1 Like
Awesome… this helps a lot.
"That’s one small step for man, one giant leap for mankind.” Neil Armstrong
1 Like