How do I get the json file in ntity_file /path/to/ziti/identity1.json;?

How do I get the json file in ntity_file /path/to/ziti/identity1.json;? Is it obtained via ziti-edge-tunnel enroll --jwt http.client.jwt --identity http.client.json? But it is via source /dev/stdin <<< “$(wget -qO- https://get.openziti.io/ziti-cli-functions.sh)”; expressInstall
The openziti service installed with this command does not contain an app.

Hi @roycyz, welcome to the community and to OpenZiti (and zrok/BrowZer)!

The referenced identity file is obtained by creating an identity in the OpenZiti controller and enrolling it. have a look at the doc for more info if you need it Ziti Identities | OpenZiti. Tunneling to NGINX Upstreams | OpenZiti also links to a subsection of this doc.

The qiuckstarts (expressInstall) will deploy a controller and a router for you to use. They are necessary in order to create an identity and for it to be useful.

Hopefully that's enough information to get you going.

Thank you for your reply, here is another question I would like to ask, what is the reason for the error reported here,

the configuration file is as follows
load_module modules/ngx_http_ziti_module.so;
worker_processes 1;

events {
worker_connections 1024;
}

thread_pool ziti threads=32 max_queue=65536;

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;

server {
    listen       80;
    server_name  localhost;


    location / {
            proxy_pass http://192.168.11.183;
            ziti_pass     'xxxxxx';
            ziti_identity  /opt/nginx/ziti/zb.json;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

}

In my experience, when you see our logs state something like

request failed: -103(software caused connection abort)

This is generally an active failure, meaning a request was attempted, but it was forcefully rejected. In my experience, a very common cause for this is the identity is simply invalid. For example, the identty json file is not correct for whatever reason.

A simpler way to debug this and let me/us help you would be to use the ziti-edge-tunnel with that identity and see if it will connect. This will rule any nginx stuff from the equation. It will be as simple as installing/downloading ziti-edge-tunnel and running:

ziti-edge-tunnel run -i /opt/nginx/ziti/zb.json

Can you try that? Let's just make sure that identity can connect and if not, make a new identity, and test with ziti-edge-tunnel to ensure it's valid before adding it to nginx. If it works, well then we know we'll need to focus on the nginx part.