Zrok: access to multiple private shares at once

zrok
1

Hello,

My use-case:

I would need to share the server in my local network on which the application runs.
The application consists of a frontend and a backend /API/ .

For example:/ access to the server in my private network
fe: https://192.168.1.239:4200
be: https://192.168.1.239:9002

Frontend is an angular application that calls api on the backend

First, I tried to use the reserved public share, but I had a problem with it, where SSL is used. I could not share https.

So I tried to use private tcp server sharing:
zrok reserve private --backend-mode tcpTunnel 192.168.1.239:4200
zrok access private

and backend:
zrok reserve private --backend-mode tcpTunnel 192.168.1.239:9002
zrok access private

on the client side:
zrok access private

my question:
Can I access both shares at the same time on the client side?

after creating the access, I could use the url: https://127.0.0.1:9191 on the client
to access e.g. frontend (it will be the same for the backend /port 9191 )
I need to access frontend and backend at the same time so that the application is functional from the outside

Thank you,

Best Regards
Patrik

2

Did you try the --insecure flag? I've recently discovered it myself and it seems to work for me, but TLS can definitely be tricky so your CORS headers might need to be updated for the zrok.io domain?

Can I access both shares at the same time on the client side?

Sure, at this time you'll have to just run zrok share private twice, once for each port. (A backlog item exists to make it easier to share more than one thing easily)

I'm thinking there might be something else subtly wrong though? what you describe, to me, seems like it'd work just fine. I'll go play around for a bit and see if I can get something equivalent working...

3

Ok, I went out and deployed a ziti admin console with self-signed TLS enabled and reserved a share using:

zrok reserve public https://localhost:3333

Then I shared that reserved share:

zrok share reserved --insecure ${token}

From the local machine, you can see if I connect to localhost:3333, it's serving up a certificate that's not the same:

openssl s_client -connect localhost:3333 2>&1 < /dev/null | openssl x509 -text | grep ec2
        Subject: C = US, L = Charlotte, O = NetFoundry, OU = ADV-DEV, CN = ec2-3-134-108-218.us-east-2.compute.amazonaws.com server certificate
                DNS:ec2-3-134-108-218.us-east-2.compute.amazonaws.com, DNS:ip-172-31-47-200, DNS:localhost, IP Address:127.0.0.1, IP Address:3.134.108.218

So, it should work, I'd think. There's probably something else going on in the app?

Hope that helps...I'll try to leave that share up if you are interested in seeing it.

4

Hello,
Super
I tried to use --insecure, and it already works.

I currently have a problem with loading my web app (shared publicly through zrok with --insecure):
It takes a very long time to load. Sometimes it doesn't work even after a long time

For example: vendor.js (13MB) and main.js(4MB) it takes a long time to load and then it crashes. When I refresh several times, it sometimes catches up. It is behaving strangely.
Couldn't there be a problem with the openziti, zrok configuration?

Thank you,
Best Regards
Patrik

5

Hi Patrik, Let's troubleshoot downloading large files through your zrok share. I assume you only see the long delay and crash when accessing the web app through zrok.

There's no file size limitation in zrok. Some zrok instances enforce usage limits, but that's different.

What's the normal download time for a 13MiB file on the same internet connection?

What does a crash look like on your end? I assume you're saying the web app crashes, not zrok crashes.

You can analyze your web app's loading times with the developer tools built into your web browser. Check out the "Network" tab. It will show you the duration and result of every HTTP request.

If your web app can listen without HTTPS, does the same problem recur when accessing the plain HTTP server with Zrok?