diff --git a/docker/compose/zrok-instance/Caddyfile b/docker/compose/zrok-instance/Caddyfile
index 425b831c..f91a559c 100644
--- a/docker/compose/zrok-instance/Caddyfile
+++ b/docker/compose/zrok-instance/Caddyfile
@@ -11,12 +11,21 @@ http:// {
 *.{$ZROK_DNS_ZONE} {
 	tls {
 		dns {$CADDY_DNS_PLUGIN} {$CADDY_DNS_PLUGIN_TOKEN}
+		propagation_timeout 60m
 	}
 
 	log {
 		output stdout
 		format console
-		level DEBUG
+		level INFO
+	}
+
+	# ziti administration console uses :443 for the benefit of a web UI cert and accesses the ziti edge-management API
+	@ziti host ziti.{$ZROK_DNS_ZONE}
+	reverse_proxy @ziti ziti-quickstart:{$ZITI_CTRL_ADVERTISED_PORT:1280} {
+		transport http {
+			tls_insecure_skip_verify
+		}
 	}
 
 	@oauth host oauth.{$ZROK_DNS_ZONE}
diff --git a/docker/compose/zrok-instance/fetch.bash b/docker/compose/zrok-instance/fetch.bash
index c0b76317..762f081e 100755
--- a/docker/compose/zrok-instance/fetch.bash
+++ b/docker/compose/zrok-instance/fetch.bash
@@ -5,6 +5,17 @@ set -o nounset
 set -o pipefail
 # set -o xtrace
 
+_usage(){
+    if (( $# )); then
+        echo -e "\nERROR: unexpected arg '$1'" >&2
+    fi
+    echo -e "\n Usage:\n"\
+            "   fetch.bash\n"\
+            "\n Options:\n"\
+            "   --quiet\t\tsuppress INFO messages\n"\
+            "   --verbose\t\tshow DEBUG messages\n"
+}
+
 requireBashVersion() {
     if (( "${BASH_VERSION%%.*}" < 4 )); then
         echo "This script requires Bash major version 4 or greater."
@@ -13,6 +24,51 @@ requireBashVersion() {
     fi
 }
 
+logger() {
+    local caller="${FUNCNAME[1]}"
+
+    if (( $# < 1 )); then
+        echo "ERROR: $caller() takes 1 or more args" >&2
+        return 1
+    fi
+
+    local message="$*"
+
+    if [[ "$message" =~ ^r\'(.+)\'$ ]]; then
+        raw_message="${BASH_REMATCH[1]}"
+        message="$raw_message"
+    fi
+
+    caller_level="${caller##log}"
+    if (( DEBUG )); then
+        line="${caller_level^^} ${FUNCNAME[2]}:${BASH_LINENO[1]}: $message"
+    else
+        line="${caller_level^^} $message"
+    fi
+
+    if [[ -n "${raw_message-}" ]]; then
+        echo -E "$line"
+    else
+        echo -e "$line"
+    fi
+}
+
+logInfo() {
+    logger "$*"
+}
+
+logWarn() {
+    logger "$*" >&2
+}
+
+logError() {
+    logger "$*" >&2
+}
+
+logDebug() {
+    logger "$*" >&3
+}
+
 fetchFile() {
 
     local url="${1}"
@@ -68,6 +124,25 @@ setWorkingDir() {
 }
 
 main() {
+    : "${DEBUG:=0}"
+    while (( $# )); do
+        case "$1" in
+            -q|--quiet)     exec > /dev/null
+                            shift
+            ;;
+            -v|--verbose)
+                            DEBUG=1
+                            exec 3>&1
+                            shift
+            ;;
+            -h|*help)       _usage
+                            exit 0
+            ;;
+            *)              _usage "$1"
+                            exit
+            ;;
+        esac
+    done
     requireBashVersion
     declare -a BINS=(unzip find)
     for BIN in "${BINS[@]}"; do