If you're not sure what zrok is, see our blog post introducing zrok.

Now that v0.3 has been released the zrok team is spending time collecting feedback and building our roadmap for what's coming next in v0.4.

As always, our project board on Github is always up to date with the latest low-level roadmap details. Don't forget to see the tabs at the top of the board for specific views filtering on each major release.

Here's a high-level preview of some of the things that we're working on for zrok v0.4.

This one's for the shell ninjas. The ziti CLI comes with auto-complete! You can use completions in any shell supported by Cobra. This post will distill the Cobra instructions with correct examples for ziti in BASH and ZSH.

I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow.

For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of end users and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower end users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent.

This new project is called... zrok.

All developers have at some point used cloud-provided compute hosts. It's very easy, it's very convenient, and it's relatively cheap. One problem that you frequently run into is how to use these hosts in local development.

At work, we use cloud-provided hosts extensively and I often need the hosts to connect back to my local environment to read data. One such example is when we use the Salt stack to manage software on the hosts.

I authored my first NGINX module to offload OpenZiti connections into a legacy application deployment. That work can be seen in Github in the OpenZiti ngx_ziti_module and an article explaining its operation can be found here: NGINX& ZeroTrust API Security

Intro

Monitoring is very important in today's technology world. It allows system administrators to

• detect early signs of failures and security breaches, and address them before they cause outages

• improve resource utilization

• reduce time spent on active monitoring and instead be alert-driven

The Plex Media Server is awesome because it makes it easy to access all your music, photos or videos, and stream to any device. The server is free to download, self-hosting is easy, and many people run it in their homes. Doing so enables you to own and control your content without the need to upload to a cloud (or pay for it).

Once the Plex media server is running in the home, many people then want to take the next step and share their content with remote friends and family or enable access to their content while they are away from home on a vacation or business trip.

In this article, I discuss that while self-hosting your Plex media server is easy, the traditional techniques for providing remote access to it arenot. The good news is that there is a modern approach to securely sharing web apps that is worth your attention.

With the first version of ngx_ziti_module, it is possible to take an NGINX-exposed Web API and make it completely dark. This means no open ports in NGINX, and it brings the Zero Trust capabilities of OpenZiti to any NGINX deployment. Yes, replace open ports with open source! OpenZiti works in existing applications or new ones.

Introduction​

eBPF enables you to safely run sandboxed programs for functions like security and networking in the OS kernel, without changing kernel source code or loading kernel modules. eBPF-TC specifically has robust packet mangling capability, and enables ingress and egress operations, with high performance.

Welcome back to the next article concerning BrowZer, a new group of open-source components from the OpenZiti project that enables automatic embedding of zero trust networking into web applications. The reason BrowZer exists, and the problem it aims to solve is preventing your internet-facing web applications from being attacked by malicious threat actors.