So I'm really trying to embrace OpenZiti

Hey,
I understand this may be more of a rant than a support request. For that I apologize. I've liked the promise of Openziti. It seems like one of the more mature open source ZTNA/overlay/VPN solutions. However it seems one of the less popular. As such the number of resources seems very limited.
I'm not a super expert in docker or even linux, although I've had success with a number of other projects.

I have attempted several times to spin up an environment to start testing openziti. I started with the hosting locally (docker) configuration. I got stuck as some instructions seemed outdated and there isn't even an official video for this method.

I spun up a fresh ubuntu server and ran through the "everything local no docker" I couldn't get it working.
So I deleted it and tried a second time. Last night I completed things and was able to login to the ZAC successfully. Then I went to bed.
I went to go back today and now the ZAC just throws an error err_connection_refused.

Ive restarted the controller without success.

Anyhow. again I know this is more of a rant, but I shouldn't need to be a super expert to get something working.

No worries on the rant. It's understandable to be frustrated when things don't go the way you expect. The goal is always to have a very approachable, easy to follow set of instructions to get setup, no doubt, but there are quite a few things to get sorted when setting up an overlay. It's a balance between doing too much and not enough for people.

So let's start with the overlay itself. It sounds like you have your own VPS somewhere. You used a quickstart get started. That should be fine. The deployments are trying to be more "long-term setup" type docs fwiw, but a quickstart should also treat you ok.

The ZAC throwing "err_connection_refused" makes me think the controller went down. That makes me think that maybe you ran something like "startController" to start the controller and didn't enable it via systemd so when you disconnected the terminal, the controller probably exited at that time. That is the sort of thing the quickstarts do for you if you follow that path of the doc, but it's definitely something the deployment package will do for you (so you don't have to even think about it).

If that's the case, maybe you want to try using the deployment packages? You might find that experience easier? Have a look at that doc Deploying on Linux | OpenZiti

If you get stuck, please ask. We'll make sure you're successful... cheers

Thanks. I will take a look.
Not really a VPS. I run Virtual machines locally.

Thanks for the quick reply

You will likely understand faster if you use netfoundry and hypher-V. Here's my sample video that I did months ago: https://youtu.be/8f9d-krkTTU?si=Hzxl5ulUCNKR0zw9 . Basically, you can have an app that secretly tunnel request to hidden service, behind netfoundry server. Your hidden service is immune from DOS attack, thus your app is more stable.

Interesting.

As a small IT/MSP shop I actually filled out the form at netfoundry. I'm not opposed to a more commercial offering for our use cases. I never got a follow up for a demo so I've tried forging ahead to test myself.

Got it, I understand. But I still recommend the netfoundry solution just get the free one. So you will understand the flow of data and how to configure the service. Once you got it working, you can try again the local setup via Hypher-V, ex. vm1 = for edge router, v2 = controller and v3 = service, all vms are connect to same network. I will likely revisit openziti again this year but with post quantum and realtime AI integration.

Hey Golden PSP, I will DM you on this. Normally our CRM routes all these requests and they get picked up (often by me). Maybe a mistake occurred in the workflow.