extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-06-25 04:02:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

override caddy https port

Browse Source
This commit is contained in:
Kenneth Bingham 2025-03-18 21:55:02 -04:00
parent 4b3f7493d1
commit 0bb6f0e4d3
No known key found for this signature in database
GPG Key ID: 31709281860130B6
6 changed files with 14 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker/compose/zrok-instance/Caddyfile
View File

@ -8,7 +8,7 @@
# redir https://{host}{uri} permanent # redir https://{host}{uri} permanent
# } # }
*.{$ZROK_DNS_ZONE} { *.{$ZROK_DNS_ZONE}:{$CADDY_HTTPS_PORT} {
tls { tls {
dns {$CADDY_DNS_PLUGIN} {$CADDY_DNS_PLUGIN_TOKEN} dns {$CADDY_DNS_PLUGIN} {$CADDY_DNS_PLUGIN_TOKEN}
propagation_timeout 60m propagation_timeout 60m

8
docker/compose/zrok-instance/README.md
View File

@ -64,7 +64,7 @@ ZROK_ADMIN_TOKEN=zroktoken
``` ```
```bash title=".env options" ```bash title=".env options"
# Caddy TLS option: rename compose.caddy.yml to compose.override.yml and set these vars; allow 80,443 in firewall # Caddy TLS option: rename compose.caddy.yml to compose.override.yml; allow CADDY_HTTPS_PORT in firewall
# #
## set these in .env for providers other than Route53 ## set these in .env for providers other than Route53
@ -94,9 +94,10 @@ ZROK_CTRL_PORT=18080
ZROK_FRONTEND_PORT=8080 ZROK_FRONTEND_PORT=8080
ZROK_OAUTH_PORT=8081 ZROK_OAUTH_PORT=8081
# these secure ziti ports must be published to the internet # these secure ports must be published to the internet
ZITI_CTRL_ADVERTISED_PORT=80 ZITI_CTRL_ADVERTISED_PORT=80
ZITI_ROUTER_PORT=3022 ZITI_ROUTER_PORT=3022
CADDY_HTTPS_PORT=443
# optionally configure oauth for public shares # optionally configure oauth for public shares
#ZROK_OAUTH_HASH_KEY=oauthhashkeysecret #ZROK_OAUTH_HASH_KEY=oauthhashkeysecret
@ -264,9 +265,10 @@ See "My internet connection can only send traffic to common ports" below about c
1. My internet connection can only send traffic to common ports like 80, 443, and 3389. 1. My internet connection can only send traffic to common ports like 80, 443, and 3389.
You can change the required ports in the `.env` file. Caddy will still use port 443 for zrok shares and API if you renamed `compose.caddy.yml` as `compose.override.yml` to enable Caddy. You can change the required ports in the `.env` file before the first run of the Docker Compose project.
```bash title=".env" ```bash title=".env"
ZITI_CTRL_ADVERTISED_PORT=80 ZITI_CTRL_ADVERTISED_PORT=80
ZITI_ROUTER_PORT=3389 ZITI_ROUTER_PORT=3389
CADDY_HTTPS_PORT=443
``` ```

2
docker/compose/zrok-instance/bootstrap-frontend.bash
View File

@ -87,7 +87,7 @@ until [[ -n "${ZITI_PUBLIC_ID}" ]]; do
done done
echo "DEBUG: 'public' ZITI_PUBLIC_ID=$ZITI_PUBLIC_ID" echo "DEBUG: 'public' ZITI_PUBLIC_ID=$ZITI_PUBLIC_ID"
until curl -sSf "${ZROK_API_ENDPOINT}/api/v1/version"; do until curl -sSf "${ZROK_API_ENDPOINT}" &>/dev/null; do
echo "DEBUG: waiting for zrok controller API version endpoint to respond" echo "DEBUG: waiting for zrok controller API version endpoint to respond"
sleep 3 sleep 3
done done

11
docker/compose/zrok-instance/compose.caddy.yml
View File

@ -8,6 +8,7 @@ services:
CADDY_DNS_PLUGIN: ${CADDY_DNS_PLUGIN} # e.g., "digitalocean" (see github.com/caddy-dns) CADDY_DNS_PLUGIN: ${CADDY_DNS_PLUGIN} # e.g., "digitalocean" (see github.com/caddy-dns)
restart: unless-stopped restart: unless-stopped
environment: environment:
CADDY_HTTPS_PORT: ${CADDY_HTTPS_PORT:-443}
# #
## set these in .env for providers other than Route53 ## set these in .env for providers other than Route53
# #
@ -31,12 +32,12 @@ services:
ZROK_OAUTH_PORT: ${ZROK_OAUTH_PORT:-8081} ZROK_OAUTH_PORT: ${ZROK_OAUTH_PORT:-8081}
expose: expose:
# - 80/tcp # - 80/tcp
- 443/tcp - ${CADDY_HTTPS_PORT:-443}/tcp
- 443/udp # Caddy's HTTP/3 (QUIC) (not published) - ${CADDY_HTTPS_PORT:-443}/udp # Caddy's HTTP/3 (QUIC) (not published)
- 2019/tcp # Caddy's admin API (not published) - 2019/tcp # Caddy's admin API (not published)
ports: ports:
# - ${CADDY_INTERFACE:-0.0.0.0}:80:80 # - ${CADDY_INTERFACE:-0.0.0.0}:80:80 # port occupied by ziti
- ${CADDY_INTERFACE:-0.0.0.0}:443:443 - ${CADDY_INTERFACE:-0.0.0.0}:${CADDY_HTTPS_PORT:-443}:${CADDY_HTTPS_PORT:-443}
# - ${CADDY_INTERFACE:-0.0.0.0}:443:443/udp" # future: HTTP/3 (QUIC) # - ${CADDY_INTERFACE:-0.0.0.0}:443:443/udp" # future: HTTP/3 (QUIC)
volumes: volumes:
- caddy_data:/data - caddy_data:/data
@ -47,7 +48,7 @@ services:
zrok-frontend: zrok-frontend:
environment: environment:
ZROK_FRONTEND_SCHEME: https ZROK_FRONTEND_SCHEME: https
ZROK_FRONTEND_PORT: 443 ZROK_FRONTEND_PORT: ${CADDY_HTTPS_PORT:-443}
volumes: volumes:
caddy_data: caddy_data:

2
docker/compose/zrok-instance/route53.Caddyfile
View File

@ -8,7 +8,7 @@
# redir https://{host}{uri} permanent # redir https://{host}{uri} permanent
# } # }
*.{$ZROK_DNS_ZONE} { *.{$ZROK_DNS_ZONE}:{$CADDY_HTTPS_PORT} {
tls { tls {
dns route53 { dns route53 {
access_key_id {$AWS_ACCESS_KEY_ID} access_key_id {$AWS_ACCESS_KEY_ID}

18
docker/compose/zrok-public-reserved/compose.override.yml
View File

@ -1,18 +0,0 @@
services:
my-other-zrok-share:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
restart: unless-stopped
entrypoint: zrok-share.bash
depends_on:
zrok-enable:
condition: service_completed_successfully
volumes:
- zrok_env:/mnt
- ./Caddyfile:/Caddyfile
environment:
# most relevant options
ZROK_UNIQUE_NAME: "butter"
ZROK_BACKEND_MODE: caddy
ZROK_TARGET: /Caddyfile
# internal configuration
HOME: /mnt # zrok homedir in container