Proxy / Tunnelers API

lemoony · August 25, 2023, 12:11pm

Hi there,

I've got another question regarding tunnelers. For that, I quickly have to explain our setup:

We do have multiple processes(=services) communicating with each other via TCP - even on the same host. We're willing to rely on host access as a trust model, so unencrypted traffic on localhost is no issue. However, there are also other processes/services on different hosts that local services need to talk to.

Naturally, I thought we had two options:

Either integrate the SDK right into the processes
Install a tunneler on each host

However, both options have some drawbacks for us:

SDK - Network Resilience: Once the connection to the controller is lost due to some network outages, even processes on the same host won't be able to communicate with each other. In that case, we would have to spin up another local controller for the time being.
Tunnelers - No API: The tunnelers have to be installed separately (we plan to support Windows & macOS as well). Furthermore, they have to be configured by the user manually since they don't provide any API

Ideally, there would be some forward- and reverse proxy with an API for communication with services on other hosts. As far as I can see, we would have to write such a proxy on our own, right? There is something like that for Kubernetes / Linux as far as I can see, however, not for Windows/macOS.

Thanks!

TheLumberjack · August 25, 2023, 12:25pm

This issue is very close to being resolved with the HA efforts coming to completion, but I understand that's "future" and not "now" (but it's soon). With HA, I'd expect this to be the best path forward and the best long-term path too. Going application embedded has a lot to offer and it might be worth it (I think it's worth it).

Is something like GitHub - openziti-test-kitchen/ziti-caddy: Zitified Caddy server what you're looking for? Quite honestly, it'll have the same sort of issue as the SDK has when the control plane goes down, you'll not be able to establish new connections (existing connections are not affected by the controller going up/down).

We've talked about extending the overlay idea "point-to-point" (sdk to sdk, client to client etc) but at this time that's a fair bit of work and isn't even started...

Hope that helps. I might have missed some other big idea so if anyone else in the communtiy has thoughts, I like learning (or often remembering) things.

Topic		Replies	Views
TCP-Proxying services into Openziti without DNS Intercept? Ziti Overlay	14	695	February 3, 2023
Tunneler vs. Router+Tunneler as Reverse Proxy	4	72	February 29, 2024
More OpenZiti Questions General Questions	4	232	February 27, 2023
Getting started using tunnellers with the Go SKD Tunneler Apps	3	178	May 11, 2022
OpenZiti Controller on Hetzner Cloud General Questions	4	269	September 16, 2023

Proxy / Tunnelers API

Related Topics