Hi Markamind,
I’d like to add a little more detail to Phillip’s responses. Forgive me if this is basic and review for you 
Here’s a diagram of what I think you’re looking to accomplish:
In this setup, this is roughly what happens:
- User opens
https://YourAwesomeSite.privatein their browser. - The Ziti edge software intercepts the request based on the address and forward traffic over the Ziti network.
- The reverse proxy forwards the connection to the APEX server.
The user’s computer, reverse proxy and APEX servers are all dark - there are no listening ports on the internet.
The magic sauce to make this work is a ziti-tunneler-client.v1 configuration on your APEX service. The tunneler client configuration is used by Ziti Edge software to set up a DNS intercept, which allows the browser traffic to be automatically piped over the Ziti fabric.
Here’s an example using the Ziti CLI
ziti edge create config apex-service-config ziti-tunneler-client.v1 '{"hostname": "yourawesomesite.private","port": 443}'
Then assign the config when you create the service
ziti edge create service apex-service --configs apex-service-config
I see that you’re using a GO application as a reverse proxy, which is fine. Ziti provides a couple of options if you would prefer a pre-built solution: tunneler, edge router
If you use one of the Ziti solutions then you’ll also need to add a server config to your service to enable the component to connect to your Apex service to transfer data.
ziti edge create config apex-host-config ziti-tunneler-server.v1 '{"hostname":"apex-server-address","port":443}'
Hopefully this helps!
-Tod