Merge pull request #736 from openziti/account_endpoint_deployments

update zrok Docker instance to use the new 'create account' API endpoint
This commit is contained in:
Kenneth Bingham 2024-08-19 18:20:02 -04:00 committed by GitHub
commit 4cf9f37bf2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 9 additions and 7 deletions

View File

@ -11,7 +11,7 @@ This Docker Compose project creates a zrok instance and includes a ziti controll
#### Additional DNS Configuration for Caddy TLS
The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `caddy.compose.override.yml` as `compose.override.yml`.
The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `compose.caddy.yml` as `compose.override.yml`.
1. Ensure A Caddy DNS plugin is available for your DNS provider (see [github.com/caddy-dns](https://github.com/orgs/caddy-dns/repositories?type=all&q=sort%3Aname-asc)).
1. Designate A DNS zone for zrok, e.g. `example.com` or `share.example.com` and create the zone on your DNS provider's platform.
@ -64,7 +64,7 @@ ZROK_ADMIN_TOKEN=zroktoken
```
```bash title=".env options"
# Caddy TLS option: rename caddy.compose.override.yml to compose.override.yml and set these vars; allow 80,443 in firewall
# Caddy TLS option: rename compose.caddy.yml to compose.override.yml and set these vars; allow 80,443 in firewall
# plugin name for your DNS provider
CADDY_DNS_PLUGIN=cloudflare
# API token from your DNS provider
@ -110,11 +110,11 @@ ZITI_CLI_TAG=latest
This step creates a user account. You will log in to the zrok web console with the account password created in this step. The ZROK_USER_EMAIL and ZROK_USER_PWD variables are set in the `.env` file. You can create more user accounts the same way by substituting a different email and password.
```bash title="Create the first user account"
docker compose exec zrok-controller bash -xc 'zrok admin create account /etc/zrok-controller/config.yml ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}'
docker compose exec zrok-controller bash -xc 'zrok admin create account ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}'
```
```buttonless title="Example output"
+ zrok admin create account /etc/zrok-controller/config.yml me@example.com zrokuserpw
+ zrok admin create account me@example.com zrokuserpw
[ 0.000] INFO zrok/controller/store.Open: database connected
[ 0.002] INFO zrok/controller/store.(*Store).migrate: applied 0 migrations
heMqncCyxZcx
@ -123,7 +123,7 @@ heMqncCyxZcx
Create additional users by running the command again with a different email and password.
```bash title="Create another user"
docker compose exec zrok-controller zrok admin create account /etc/zrok-controller/config.yml <email> <password>
docker compose exec zrok-controller zrok admin create account <email> <password>
```
### Enable the User Environment

View File

@ -114,6 +114,8 @@ services:
environment:
ZROK_USER_PWD: ${ZROK_USER_PWD} # admin account password (initial user account)
ZROK_USER_EMAIL: ${ZROK_USER_EMAIL} # login email address (initial user account)
ZROK_ADMIN_TOKEN: ${ZROK_ADMIN_TOKEN} # zrok controller admin password
ZROK_API_ENDPOINT: http://zrok-controller:${ZROK_CTRL_PORT:-18080} # bridge address of the zrok controller
zrok-frontend:
depends_on:

View File

@ -231,7 +231,7 @@ address: 0.0.0.0:8080
This frontend config file has a `host_match` pattern that represents the DNS zone you're using with this instance of `zrok`. Incoming HTTP requests with a matching `Host` header will be handled by this frontend. You may also specify the interface address where the frontend will listen for public access requests.
The frontend does not provide server TLS, but you may front the server with a reverse proxy. It is essential the reverse proxy forwards the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
The frontend does not provide server TLS, but you may front the server with a reverse proxy. The reverse proxy must forward the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
You can also specify an `oauth` configuration in this file, full details of are found in [OAuth Public Frontend Configuration](/guides/self-hosting/oauth/configuring-oauth.md#configuring-your-public-frontend).
@ -254,7 +254,7 @@ The `zrok` frontend uses the `public` identity created during the bootstrap proc
With our `ZROK_ADMIN_TOKEN` and `ZROK_API_ENDPOINT` environment variables set, we can create our first user account.
```bash
zrok admin create account etc/ctrl.yml <email> <password>
zrok admin create account <email> <password>
```
The output is the account token you will use to enable each device's zrok environment.