mirror of
https://github.com/openziti/zrok.git
synced 2025-01-03 12:39:07 +01:00
Merge pull request #736 from openziti/account_endpoint_deployments
update zrok Docker instance to use the new 'create account' API endpoint
This commit is contained in:
commit
4cf9f37bf2
@ -11,7 +11,7 @@ This Docker Compose project creates a zrok instance and includes a ziti controll
|
||||
|
||||
#### Additional DNS Configuration for Caddy TLS
|
||||
|
||||
The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `caddy.compose.override.yml` as `compose.override.yml`.
|
||||
The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `compose.caddy.yml` as `compose.override.yml`.
|
||||
|
||||
1. Ensure A Caddy DNS plugin is available for your DNS provider (see [github.com/caddy-dns](https://github.com/orgs/caddy-dns/repositories?type=all&q=sort%3Aname-asc)).
|
||||
1. Designate A DNS zone for zrok, e.g. `example.com` or `share.example.com` and create the zone on your DNS provider's platform.
|
||||
@ -64,7 +64,7 @@ ZROK_ADMIN_TOKEN=zroktoken
|
||||
```
|
||||
|
||||
```bash title=".env options"
|
||||
# Caddy TLS option: rename caddy.compose.override.yml to compose.override.yml and set these vars; allow 80,443 in firewall
|
||||
# Caddy TLS option: rename compose.caddy.yml to compose.override.yml and set these vars; allow 80,443 in firewall
|
||||
# plugin name for your DNS provider
|
||||
CADDY_DNS_PLUGIN=cloudflare
|
||||
# API token from your DNS provider
|
||||
@ -110,11 +110,11 @@ ZITI_CLI_TAG=latest
|
||||
This step creates a user account. You will log in to the zrok web console with the account password created in this step. The ZROK_USER_EMAIL and ZROK_USER_PWD variables are set in the `.env` file. You can create more user accounts the same way by substituting a different email and password.
|
||||
|
||||
```bash title="Create the first user account"
|
||||
docker compose exec zrok-controller bash -xc 'zrok admin create account /etc/zrok-controller/config.yml ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}'
|
||||
docker compose exec zrok-controller bash -xc 'zrok admin create account ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}'
|
||||
```
|
||||
|
||||
```buttonless title="Example output"
|
||||
+ zrok admin create account /etc/zrok-controller/config.yml me@example.com zrokuserpw
|
||||
+ zrok admin create account me@example.com zrokuserpw
|
||||
[ 0.000] INFO zrok/controller/store.Open: database connected
|
||||
[ 0.002] INFO zrok/controller/store.(*Store).migrate: applied 0 migrations
|
||||
heMqncCyxZcx
|
||||
@ -123,7 +123,7 @@ heMqncCyxZcx
|
||||
Create additional users by running the command again with a different email and password.
|
||||
|
||||
```bash title="Create another user"
|
||||
docker compose exec zrok-controller zrok admin create account /etc/zrok-controller/config.yml <email> <password>
|
||||
docker compose exec zrok-controller zrok admin create account <email> <password>
|
||||
```
|
||||
|
||||
### Enable the User Environment
|
||||
|
@ -114,6 +114,8 @@ services:
|
||||
environment:
|
||||
ZROK_USER_PWD: ${ZROK_USER_PWD} # admin account password (initial user account)
|
||||
ZROK_USER_EMAIL: ${ZROK_USER_EMAIL} # login email address (initial user account)
|
||||
ZROK_ADMIN_TOKEN: ${ZROK_ADMIN_TOKEN} # zrok controller admin password
|
||||
ZROK_API_ENDPOINT: http://zrok-controller:${ZROK_CTRL_PORT:-18080} # bridge address of the zrok controller
|
||||
|
||||
zrok-frontend:
|
||||
depends_on:
|
||||
|
@ -231,7 +231,7 @@ address: 0.0.0.0:8080
|
||||
|
||||
This frontend config file has a `host_match` pattern that represents the DNS zone you're using with this instance of `zrok`. Incoming HTTP requests with a matching `Host` header will be handled by this frontend. You may also specify the interface address where the frontend will listen for public access requests.
|
||||
|
||||
The frontend does not provide server TLS, but you may front the server with a reverse proxy. It is essential the reverse proxy forwards the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
|
||||
The frontend does not provide server TLS, but you may front the server with a reverse proxy. The reverse proxy must forward the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
|
||||
|
||||
You can also specify an `oauth` configuration in this file, full details of are found in [OAuth Public Frontend Configuration](/guides/self-hosting/oauth/configuring-oauth.md#configuring-your-public-frontend).
|
||||
|
||||
@ -254,7 +254,7 @@ The `zrok` frontend uses the `public` identity created during the bootstrap proc
|
||||
With our `ZROK_ADMIN_TOKEN` and `ZROK_API_ENDPOINT` environment variables set, we can create our first user account.
|
||||
|
||||
```bash
|
||||
zrok admin create account etc/ctrl.yml <email> <password>
|
||||
zrok admin create account <email> <password>
|
||||
```
|
||||
|
||||
The output is the account token you will use to enable each device's zrok environment.
|
||||
|
Loading…
Reference in New Issue
Block a user