I'm trying to test out zrok to see if it will do what I need.
For testing purposes I have a zrok ephemeral public share running on my server that routes the proxy backend to my local reverse proxy. I'm using one of my custom domain names with a CNAME record to point to the ephemeral share domain, and I'm routing port 8920 for the test. When I try to open it in a browser, it brings up a blank page that spins forever, zrok reports traffic, and my reverse proxy never gets any connection.
My Setup
I have a working reverse proxy that does TLS termination of a few different publicly valid domains running on my local server. I have rules to allow port 8920 as an alternative to port 443 for these domains. I've setup split DNS on my home network so I'm able to confirm that I can navigate to these domains on either port 443 or 8920 while within my network using the real domain name, and I can reach the service.
For outside my local network, my current solution is a cloud hosted VPS running wireguard that my local system connects to. The VPS has firewall rules to masquerade-route incoming traffic on port 443 or 8920 to the same port at the other end of the wireguard tunnel. I create public DNS A records for my custom domains that point to the VPS public IP address, so resolution of my domain names routes to the VPS and then to the server on my local network. This is tested and confirmed working.
The pathway looks like this:
client browser--> DNS lookup --> VPS --wireguard--> local server --> reverse proxy (TLS termination) --> my web app
What I'm testing
What I'm trying to do now is setup zrok on my local server with a proxy backend and a public share. Eventually I'd reserve a name in zrok and then setup a CNAME record for my custom domain name to point to the zrok public share URL, but for now I just used an ephemeral public share.
This would attempt to make the pathway:
client browser --> DNS lookup --> zrok public share endpoint --zrok--> zrok on local server --> local reverse proxy --> my web app
So I run:
zrok share public --backend-mode proxy --insecure https://localhost:8920
Alternatively, I run:
zrok share public --backend-mode proxy https://mydomain.com:8920
(zrok is within my local network, so a DNS lookup for mydomain.com will give the local LAN IP address).
Both seem to run ok according to the zrok TUI, and I see traffic in the zrok metrics when I navigate to my custom domain on port 8920 from outside my local network, but my reverse proxy logs don't indicate that any of the zrok traffic reached it. Just to verify it, doing curl https://mydomain.com:8920
from within my local network does register in the reverse proxy logs, as does https://localhost:8920
(the latter with an error in the logs because no proxied domain was specified in the original client request).