Hi,
I want to use Zrok to expose internal service tot he internet, either trough Frontdoor or Public Shares, but I want to make sure it is my own certificate is used all the way from my server to the client connecting.
Many services like Tailscale Funnel and CloudFlare Tunnel requires me to terminate the TLS connection from my server to their network and then they will service their certificate to the client, but I hope Zrok could be a solutions here?
Hi @Ithvr, welcome to the community and to zrok! (and OpenZiti)
At this time, the public global reverse proxy provided by NetFoundry, zrok.io, when using public shares, will terminate TLS just like Tunnel/Funnel. It's the nature of this particular beast. Because NetFoundry is providing the public access point and the WAF around the HTTP-based services, NetFoundry needs to provide the TLS cert (as does CloudFlare/Tailscale). So for public shares, I don't know that you'll find something that will work the way you want.
Where zrok is different is with private shares. zrok private shares would absolutely allow you to provide your own certificate but this is not a publicly available endpoint, it's via zrok private access. If you had your own VPS, you could run zrok access (the opposite of zrok share private) on that VPS and accomplish what you want, but it'll require you to have a public VPS, which might be a non-starter but maybe private shares would work for you?