ziti-doc VS ziti-sdk-c

OpenZiti vs BoringProxy has some similarities for sure. The simplest OpenZiti deployment is similar to a boring proxy deployment. The main differences will be that the listening ports "on the network" are going to be from the OpenZiti edge-router which will authenticate before allowing any connection using a strong x509 identity (not a token) and then after that the same identity can be authorized to access one or more services. That's one killer difference to me. There are lots of other things OpenZiti is doing that boringproxy isn't trying to as well. I filed an issue to do a comparison to that some day https://github.com/openziti/ziti-doc/issues/176 thanks for the idea! :)

Use our open source solution, OpenZiti, and host/manage it all yourself - https://openziti.github.io/

You can definitely read more about what OpenZiti is over on the docs page if you're looking for more info about the project https://openziti.github.io/

If you're interested in it, you can find it over at github - https://openziti.github.io. It's one more thing to setup and maintain so maybe that's a dealbreaker but since this is selfhosted - maybe not ;)

If you want to go fully open source and self-hosted, use an OpenZiti quickstart - https://openziti.github.io/ - while ignoring steps 1, 2, 3, and 5 ... i.e., step 4 is where you deploy an OpenZiti tunneler on an OpenWRT box.

I not long ago discovered OpenZiti, and to be honest I fell in love with it. I also have a dinamic IP, and I have even some other cases wheren from my place some IoT devices need to find my laptop wherever I may go (I travel a lot).

https://openziti.github.io/ - gives a good intro

More details: What I'm trying to do is setup a Zero Trust Host Access on my Kubernetes cluster using OpenZiti. Ziti has 4 binaries (controller, router, tunneler and admin console), configuring all these to work together is kinda complex, that's why I thought about making custom modules.

Probably overkill for your need, but you can give access to your VM without requiring a bastion or VPN, only outbound ports on a NAT gateway using opensource OpenZiti - https://openziti.github.io/. The user would load a client on their device and get access only the the specific resources you define (IP, DNS, port etc). This also means you don't need to assign the IP of the users home (added benefit they can access when not at home).

Create the identity for the Hosting workstation. You can assign as many attributes as you want. Openziti works with an "attribute-enabled role-based access control (ARBAC) model. So, if you have used hashtags, you’re probably familiarized with it.

set(NGINX_CONFIGURE_ARGS "--with-threads" "--with-compat") if (DEBUG) set(NGINX_CONFIGURE_ARGS "--with-threads" "--with-compat" "--with-debug") endif() message("args ${NGINX_CONFIGURE_ARGS}") # build against nginx at the version specified by GIT_TAG. nginx uses custom auto configuration scripts that # creates header files that are specific to the current host and output to /objs/*.h. ExternalProject_Add( nginx PREFIX ${CMAKE_BINARY_DIR}/_deps/nginx GIT_REPOSITORY https://github.com/nginx/nginx.git GIT_TAG release-1.23.2 TIMEOUT 10 CONFIGURE_COMMAND ./auto/configure ${NGINX_CONFIGURE_ARGS} INSTALL_COMMAND "" #empty install command to disable install UPDATE_COMMAND "" #empty update command to disable update LOG_DOWNLOAD ON BUILD_IN_SOURCE 1 #build inside of the downloaded repo's source directory as expected by auto/configure ) if(NOT DEFINED $ENV{ZITI_SDK_C_BRANCH}) SET(ZITI_SDK_C_BRANCH "main") endif() FetchContent_Declare(ziti-sdk-c GIT_REPOSITORY https://github.com/openziti/ziti-sdk-c.git GIT_TAG ${ZITI_SDK_C_BRANCH} ) set(ZITI_BUILD_TESTS off) set(ZITI_BUILD_PROGRAMS off)a FetchContent_MakeAvailable(ziti-sdk-c) add_dependencies(${PROJECT_NAME} nginx) ExternalProject_Get_property(nginx SOURCE_DIR) message("project name ${PROJECT_NAME}") target_include_directories(${PROJECT_NAME} PUBLIC "${SOURCE_DIR}/objs" PUBLIC "${SOURCE_DIR}/src/core" PUBLIC "${SOURCE_DIR}/src/event" PUBLIC "${SOURCE_DIR}/src/event/modules" PUBLIC "${SOURCE_DIR}/src/http" PUBLIC "${SOURCE_DIR}/src/http/modules" PUBLIC "${SOURCE_DIR}/src/mail" PUBLIC "${SOURCE_DIR}/src/stream" PUBLIC "${SOURCE_DIR}/src/os/unix" ) target_link_libraries(${PROJECT_NAME} ziti)

Embed private connectivity into your C or C# or .NET application - https://github.com/openziti/ziti-sdk-c or https://github.com/openziti/ziti-sdk-csharp