2024-04-23 22:06:50 +02:00
|
|
|
# this compose file is designed to merge with the ziti all-in-one quickstart compose file by renaming
|
|
|
|
|
# https://get.openziti.io/dock/all-in-one/compose.yml to compose.override.yml
|
|
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
zrok-permissions:
|
|
|
|
|
image: busybox
|
|
|
|
|
command:
|
|
|
|
|
- /bin/sh
|
|
|
|
|
- -euxc
|
|
|
|
|
- |
|
|
|
|
|
chown -Rc ${ZIGGY_UID:-2171} /var/lib/zrok-*;
|
|
|
|
|
chmod -Rc ug=rwX,o-rwx /var/lib/zrok-*;
|
|
|
|
|
volumes:
|
|
|
|
|
- zrok_ctrl:/var/lib/zrok-controller
|
|
|
|
|
- zrok_frontend:/var/lib/zrok-frontend
|
|
|
|
|
|
|
|
|
|
zrok-controller:
|
|
|
|
|
profiles:
|
|
|
|
|
- zrok
|
|
|
|
|
depends_on:
|
|
|
|
|
zrok-permissions:
|
|
|
|
|
condition: service_completed_successfully
|
|
|
|
|
build:
|
|
|
|
|
context: .
|
|
|
|
|
dockerfile: ./zrok-controller.Dockerfile
|
|
|
|
|
args:
|
|
|
|
|
ZROK_CLI_IMAGE: ${ZROK_CLI_IMAGE:-openziti/zrok}
|
|
|
|
|
ZROK_CLI_TAG: ${ZROK_CLI_TAG:-latest}
|
|
|
|
|
ZROK_DNS_ZONE: ${ZROK_DNS_ZONE} # e.g., "example.com" or "127.0.0.1.sslip.io"
|
|
|
|
|
ZITI_CTRL_ADVERTISED_PORT: ${ZITI_CTRL_ADVERTISED_PORT:-1280}
|
|
|
|
|
ZROK_ADMIN_TOKEN: ${ZROK_ADMIN_TOKEN} # zrok controller admin password
|
|
|
|
|
ZROK_CTRL_PORT: ${ZROK_CTRL_PORT:-18080}
|
|
|
|
|
ZITI_PWD: ${ZITI_PWD} # ziti controller admin password
|
|
|
|
|
user: ${ZIGGY_UID:-2171}
|
|
|
|
|
command: zrok controller /etc/zrok-controller/config.yml --verbose
|
|
|
|
|
volumes:
|
|
|
|
|
- zrok_ctrl:/var/lib/zrok-controller
|
|
|
|
|
networks:
|
|
|
|
|
quickstart:
|
|
|
|
|
aliases:
|
|
|
|
|
- zrok.${ZROK_DNS_ZONE}
|
|
|
|
|
restart: unless-stopped
|
|
|
|
|
expose:
|
|
|
|
|
- ${ZROK_CTRL_PORT:-18080} # (not published)
|
|
|
|
|
# Caddy's published ports provide a TLS reverse proxy for the zrok controller
|
|
|
|
|
# ports:
|
|
|
|
|
# - 127.0.0.1:${ZROK_CTRL_PORT:-18080}:${ZROK_CTRL_PORT:-18080}
|
|
|
|
|
environment:
|
2024-04-26 17:58:14 +02:00
|
|
|
ZROK_USER_PWD: ${ZROK_USER_PWD} # admin account password (initial user account)
|
|
|
|
|
CADDY_ACME_EMAIL: ${CADDY_ACME_EMAIL} # login email address (initial user account)
|
2024-04-23 22:06:50 +02:00
|
|
|
|
|
|
|
|
zrok-frontend:
|
|
|
|
|
profiles:
|
|
|
|
|
- zrok
|
|
|
|
|
depends_on:
|
|
|
|
|
zrok-permissions:
|
|
|
|
|
condition: service_completed_successfully
|
|
|
|
|
build:
|
|
|
|
|
context: .
|
|
|
|
|
dockerfile: zrok-frontend.Dockerfile
|
|
|
|
|
args:
|
|
|
|
|
ZROK_CLI_IMAGE: ${ZROK_CLI_IMAGE:-openziti/zrok}
|
|
|
|
|
ZROK_CLI_TAG: ${ZROK_CLI_TAG:-latest}
|
|
|
|
|
ZROK_DNS_ZONE: ${ZROK_DNS_ZONE} # e.g., "example.com" or "127.0.0.1.sslip.io"
|
|
|
|
|
ZROK_FRONTEND_PORT: ${ZROK_FRONTEND_PORT:-8080}
|
|
|
|
|
ZROK_OAUTH_PORT: ${ZROK_OAUTH_PORT:-8081}
|
2024-04-26 17:58:14 +02:00
|
|
|
ZROK_OAUTH_HASH_KEY: ${ZROK_OAUTH_HASH_KEY-noop}
|
2024-04-23 22:06:50 +02:00
|
|
|
ZROK_OAUTH_GOOGLE_CLIENT_ID: ${ZROK_OAUTH_GOOGLE_CLIENT_ID:-noop}
|
|
|
|
|
ZROK_OAUTH_GOOGLE_CLIENT_SECRET: ${ZROK_OAUTH_GOOGLE_CLIENT_SECRET:-noop}
|
|
|
|
|
ZROK_OAUTH_GITHUB_CLIENT_ID: ${ZROK_OAUTH_GITHUB_CLIENT_ID:-noop}
|
|
|
|
|
ZROK_OAUTH_GITHUB_CLIENT_SECRET: ${ZROK_OAUTH_GITHUB_CLIENT_SECRET:-noop}
|
|
|
|
|
user: ${ZIGGY_UID:-2171}
|
|
|
|
|
command: zrok access public /etc/zrok-frontend/config.yml --verbose
|
|
|
|
|
volumes:
|
|
|
|
|
- zrok_frontend:/var/lib/zrok-frontend
|
|
|
|
|
networks:
|
|
|
|
|
quickstart:
|
|
|
|
|
restart: unless-stopped
|
|
|
|
|
expose:
|
|
|
|
|
- ${ZROK_FRONTEND_PORT:-8080} # (not published)
|
|
|
|
|
- ${ZROK_OAUTH_PORT:-8081} # (not published)
|
|
|
|
|
# ports:
|
|
|
|
|
# - 127.0.0.1:${ZROK_FRONTEND_PORT:-8080}:${ZROK_FRONTEND_PORT:-8080}
|
|
|
|
|
# - 127.0.0.1:${ZROK_OAUTH_PORT:-8081}:${ZROK_OAUTH_PORT:-8081}
|
|
|
|
|
environment:
|
|
|
|
|
HOME: /var/lib/zrok-frontend
|
|
|
|
|
ZROK_DNS_ZONE: ${ZROK_DNS_ZONE} # e.g., "example.com" or "127.0.0.1.sslip.io"
|
|
|
|
|
ZROK_ADMIN_TOKEN: ${ZROK_ADMIN_TOKEN} # zrok controller admin password
|
|
|
|
|
ZROK_API_ENDPOINT: http://zrok-controller:${ZROK_CTRL_PORT:-18080} # bridge address of the zrok controller
|
|
|
|
|
ZITI_CTRL_ADVERTISED_PORT: ${ZITI_CTRL_ADVERTISED_PORT:-1280}
|
|
|
|
|
ZITI_PWD: ${ZITI_PWD} # ziti controller admin password
|
|
|
|
|
|
|
|
|
|
caddy:
|
|
|
|
|
profiles:
|
|
|
|
|
- zrok
|
|
|
|
|
build:
|
|
|
|
|
context: .
|
|
|
|
|
dockerfile: ./caddy.Dockerfile
|
|
|
|
|
args:
|
|
|
|
|
CADDY_DNS_PLUGIN: ${CADDY_DNS_PLUGIN} # e.g., "digitalocean" (see github.com/caddy-dns)
|
|
|
|
|
restart: unless-stopped
|
|
|
|
|
environment:
|
|
|
|
|
CADDY_DNS_PLUGIN: ${CADDY_DNS_PLUGIN} # e.g., "digitalocean" (see github.com/caddy-dns)
|
|
|
|
|
CADDY_DNS_PLUGIN_TOKEN: ${CADDY_DNS_PLUGIN_TOKEN} # API token from DNS provider used by plugin to solve the ACME challenge
|
|
|
|
|
CADDY_ACME_EMAIL: ${CADDY_ACME_EMAIL} # email address sent to CA for ACME account and renewal notifications
|
|
|
|
|
CADDY_ACME_API: ${CADDY_ACME_API:-https://acme-v02.api.letsencrypt.org/directory} # ACME API endpoint
|
|
|
|
|
ZROK_DNS_ZONE: ${ZROK_DNS_ZONE} # e.g., "example.com" or "127.0.0.1.sslip.io"
|
|
|
|
|
ZROK_CTRL_PORT: ${ZROK_CTRL_PORT:-18080}
|
|
|
|
|
ZROK_FRONTEND_PORT: ${ZROK_FRONTEND_PORT:-8080}
|
|
|
|
|
ZROK_OAUTH_PORT: ${ZROK_OAUTH_PORT:-8081}
|
|
|
|
|
expose:
|
|
|
|
|
- 80/tcp
|
|
|
|
|
- 443/tcp
|
|
|
|
|
- 443/udp # Caddy's HTTP/3 (QUIC) (not published)
|
|
|
|
|
- 2019/tcp # Caddy's admin API (not published)
|
|
|
|
|
ports:
|
2024-04-26 17:58:14 +02:00
|
|
|
- ${CADDY_INTERFACE:-0.0.0.0}:80:80
|
|
|
|
|
- ${CADDY_INTERFACE:-0.0.0.0}:443:443
|
|
|
|
|
# - ${CADDY_INTERFACE:-0.0.0.0}:443:443/udp" # future: HTTP/3 (QUIC)
|
2024-04-23 22:06:50 +02:00
|
|
|
volumes:
|
|
|
|
|
- caddy_data:/data
|
|
|
|
|
- caddy_config:/config
|
|
|
|
|
networks:
|
|
|
|
|
quickstart:
|
|
|
|
|
|
|
|
|
|
quickstart:
|
|
|
|
|
profiles:
|
|
|
|
|
- ziti
|
|
|
|
|
quickstart-check:
|
|
|
|
|
profiles:
|
|
|
|
|
- ziti
|
|
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
|
caddy_data:
|
|
|
|
|
caddy_config:
|
|
|
|
|
zrok_ctrl:
|
|
|
|
|
zrok_frontend:
|
