2023-10-20 19:46:36 +02:00
|
|
|
services:
|
|
|
|
|
|
|
|
# set file ownership
|
|
|
|
zrok-init:
|
|
|
|
image: busybox
|
|
|
|
# matches uid:gid of "nobody" in zrok container image
|
|
|
|
command: chown -Rc 65534:65534 /mnt/.zrok
|
|
|
|
user: root
|
|
|
|
volumes:
|
|
|
|
- zrok_env:/mnt/.zrok
|
|
|
|
|
|
|
|
# enable zrok environment
|
|
|
|
zrok-enable:
|
|
|
|
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
|
|
|
depends_on:
|
|
|
|
zrok-init:
|
|
|
|
condition: service_completed_successfully
|
2023-11-28 03:12:38 +01:00
|
|
|
entrypoint: zrok-enable.bash
|
2023-10-20 19:46:36 +02:00
|
|
|
volumes:
|
2023-11-28 03:12:38 +01:00
|
|
|
- zrok_env:/mnt
|
2023-10-20 19:46:36 +02:00
|
|
|
environment:
|
2023-11-28 03:12:38 +01:00
|
|
|
STATE_DIRECTORY: /mnt
|
|
|
|
ZROK_ENABLE_TOKEN:
|
|
|
|
ZROK_API_ENDPOINT:
|
|
|
|
ZROK_ENVIRONMENT_NAME: docker-public-share
|
2023-10-20 19:46:36 +02:00
|
|
|
|
2023-11-28 03:12:38 +01:00
|
|
|
# provision a temporary zrok frontend subdomain and start sharing the backend target
|
2023-10-20 19:46:36 +02:00
|
|
|
zrok-share:
|
|
|
|
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
2023-11-28 03:12:38 +01:00
|
|
|
entrypoint: zrok-share.bash
|
2023-10-20 19:46:36 +02:00
|
|
|
depends_on:
|
|
|
|
zrok-enable:
|
|
|
|
condition: service_completed_successfully
|
|
|
|
volumes:
|
2023-11-28 03:12:38 +01:00
|
|
|
- zrok_env:/mnt
|
|
|
|
ports: []
|
|
|
|
# - 127.0.0.1:2019:2019 # Caddy admin API
|
2023-10-20 19:46:36 +02:00
|
|
|
environment:
|
2023-11-28 03:12:38 +01:00
|
|
|
# internal configuration
|
|
|
|
STATE_DIRECTORY: /mnt # zrok homedir in container
|
|
|
|
ZROK_FRONTEND_MODE: temp-public # tells zrok-share.bash to create a temporary subdomain and share until exit
|
|
|
|
|
|
|
|
# most relevant options
|
|
|
|
ZROK_BACKEND_MODE: proxy # web, caddy, drive, proxy
|
|
|
|
ZROK_TARGET: http://zrok-test:9090 # backend target, is a path in container filesystem unless proxy mode
|
|
|
|
ZROK_INSECURE: # "--insecure" if proxy target has unverifiable TLS server certificate
|
|
|
|
ZROK_OAUTH_PROVIDER: # google, github
|
|
|
|
ZROK_OATH_EMAILS: # space-separated list of OAuth email addresses or @domain.tld to allow
|
|
|
|
ZROK_BASIC_AUTH: # username:password, mutually-exclusive with ZROK_OAUTH_PROVIDER
|
|
|
|
|
|
|
|
# least relevant options
|
|
|
|
ZROK_VERBOSE: # "--verbose"
|
|
|
|
ZROK_SHARE_OPTS: # additional arguments to "zrok share public" command
|
|
|
|
ZROK_FRONTENDS: # "public"
|
|
|
|
PFXLOG_NO_JSON: "true" # suppress JSON logging format
|
2023-10-20 19:46:36 +02:00
|
|
|
|
2023-11-28 03:12:38 +01:00
|
|
|
# demo server you can share with zrok
|
2023-10-20 19:46:36 +02:00
|
|
|
zrok-test:
|
|
|
|
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
|
|
|
command: test endpoint --address 0.0.0.0 # 9090
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
zrok_env:
|