mirror of
https://github.com/openziti/zrok.git
synced 2024-12-31 19:22:37 +01:00
fix and dry docker share
This commit is contained in:
parent
ce249862e8
commit
980a03c760
@ -7,28 +7,20 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- zrok_env:/mnt/.zrok
|
- zrok_env:/mnt/.zrok
|
||||||
|
|
||||||
|
# enable zrok environment
|
||||||
zrok-enable:
|
zrok-enable:
|
||||||
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
||||||
depends_on:
|
depends_on:
|
||||||
zrok-init:
|
zrok-init:
|
||||||
condition: service_completed_successfully
|
condition: service_completed_successfully
|
||||||
entrypoint:
|
entrypoint: zrok-enable.bash
|
||||||
- bash
|
|
||||||
- -euc
|
|
||||||
- |
|
|
||||||
if [[ -n "$(jq '.ziti_identity' ~/.zrok/environment.json 2>/dev/null)" ]]; then
|
|
||||||
echo "INFO: zrok environment is already enabled"
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
zrok config set apiEndpoint ${ZROK_API_ENDPOINT:-https://api.zrok.io}
|
|
||||||
echo "INFO: running: zrok $$(sed -E "s/${ZROK_ENABLE_TOKEN}/************/" <<< $${@})"
|
|
||||||
exec zrok "$${@}"
|
|
||||||
fi
|
|
||||||
command: -- enable --headless --description "${ZROK_ENVIRONMENT_NAME:-docker private access}" ${ZROK_ENABLE_TOKEN}
|
|
||||||
volumes:
|
volumes:
|
||||||
- zrok_env:/mnt/.zrok
|
- zrok_env:/mnt
|
||||||
environment:
|
environment:
|
||||||
HOME: /mnt
|
STATE_DIRECTORY: /mnt
|
||||||
|
ZROK_ENABLE_TOKEN:
|
||||||
|
ZROK_API_ENDPOINT:
|
||||||
|
ZROK_ENVIRONMENT_NAME: docker-private-access
|
||||||
|
|
||||||
zrok-access:
|
zrok-access:
|
||||||
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
||||||
@ -39,7 +31,7 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- 9191:9191 # expose the zrok private access proxy to the Docker host
|
- 9191:9191 # expose the zrok private access proxy to the Docker host
|
||||||
volumes:
|
volumes:
|
||||||
- zrok_env:/mnt/.zrok
|
- zrok_env:/mnt
|
||||||
environment:
|
environment:
|
||||||
HOME: /mnt
|
HOME: /mnt
|
||||||
PFXLOG_NO_JSON: "true"
|
PFXLOG_NO_JSON: "true"
|
||||||
|
@ -7,42 +7,41 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- zrok_env:/mnt/.zrok
|
- zrok_env:/mnt/.zrok
|
||||||
|
|
||||||
|
# enable zrok environment
|
||||||
zrok-enable:
|
zrok-enable:
|
||||||
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
||||||
depends_on:
|
depends_on:
|
||||||
zrok-init:
|
zrok-init:
|
||||||
condition: service_completed_successfully
|
condition: service_completed_successfully
|
||||||
entrypoint:
|
entrypoint: zrok-enable.bash
|
||||||
- bash
|
|
||||||
- -euc
|
|
||||||
- |
|
|
||||||
if [[ -n "$(jq '.ziti_identity' ~/.zrok/environment.json 2>/dev/null)" ]]; then
|
|
||||||
echo "INFO: zrok environment is already enabled"
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
zrok config set apiEndpoint ${ZROK_API_ENDPOINT:-https://api.zrok.io}
|
|
||||||
echo "INFO: running: zrok $$(sed -E "s/${ZROK_ENABLE_TOKEN}/************/" <<< $${@})"
|
|
||||||
exec zrok "$${@}"
|
|
||||||
fi
|
|
||||||
command: -- enable --headless --description "${ZROK_ENVIRONMENT_NAME:-docker private share}" ${ZROK_ENABLE_TOKEN}
|
|
||||||
volumes:
|
volumes:
|
||||||
- zrok_env:/mnt/.zrok
|
- zrok_env:/mnt
|
||||||
environment:
|
environment:
|
||||||
HOME: /mnt
|
STATE_DIRECTORY: /mnt
|
||||||
|
ZROK_ENABLE_TOKEN:
|
||||||
|
ZROK_API_ENDPOINT:
|
||||||
|
ZROK_ENVIRONMENT_NAME: docker-private-share
|
||||||
|
|
||||||
zrok-share:
|
zrok-share:
|
||||||
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
||||||
command: share private --headless --backend-mode proxy ${ZROK_TARGET:-http://zrok-test:9090/}
|
entrypoint:
|
||||||
|
- bash
|
||||||
|
- -euxc
|
||||||
|
- |
|
||||||
|
echo "DEBUG: HOME=$${HOME}"
|
||||||
|
ls -lA /mnt/.zrok/
|
||||||
|
exec zrok $${@}
|
||||||
|
command: -- share private --headless --backend-mode proxy ${ZROK_TARGET:-http://zrok-test:9090/}
|
||||||
depends_on:
|
depends_on:
|
||||||
zrok-enable:
|
zrok-enable:
|
||||||
condition: service_completed_successfully
|
condition: service_completed_successfully
|
||||||
volumes:
|
volumes:
|
||||||
- zrok_env:/mnt/.zrok
|
- zrok_env:/mnt
|
||||||
environment:
|
environment:
|
||||||
HOME: /mnt
|
HOME: /mnt
|
||||||
PFXLOG_NO_JSON: "true"
|
PFXLOG_NO_JSON: "true"
|
||||||
|
|
||||||
# demo servers you can share with zrok
|
# demo server you can share with zrok
|
||||||
zrok-test:
|
zrok-test:
|
||||||
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
||||||
command: test endpoint --address 0.0.0.0 # 9090
|
command: test endpoint --address 0.0.0.0 # 9090
|
||||||
|
@ -1,46 +1,7 @@
|
|||||||
services:
|
services:
|
||||||
# create Caddyfile
|
|
||||||
zrok-caddyfile:
|
|
||||||
image: busybox
|
|
||||||
# create Caddyfile
|
|
||||||
entrypoint:
|
|
||||||
- sh
|
|
||||||
- -euc
|
|
||||||
- |
|
|
||||||
ZROK_UPSTREAM_URL="${ZROK_TARGET:-http://zrok-test:9090}"
|
|
||||||
ZROK_UPSTREAM_HOST="$(echo $${ZROK_UPSTREAM_URL}|sed -E 's#^https?://([^/:]+).*#\1#')"
|
|
||||||
mkdir -p /mnt/.zrok
|
|
||||||
cat <<CADDYFILE >| /mnt/.zrok/Caddyfile
|
|
||||||
{
|
|
||||||
# GET /config/ and POST /load on this API to reload Caddy config
|
|
||||||
admin 0.0.0.0:2019
|
|
||||||
}
|
|
||||||
http:// {
|
|
||||||
bind {{ .ZrokBindAddress }}
|
|
||||||
handle_path /zrok-test/* {
|
|
||||||
reverse_proxy http://zrok-test:9090 {
|
|
||||||
header_up Host zrok-test
|
|
||||||
}
|
|
||||||
}
|
|
||||||
handle_path /zrok-static/* {
|
|
||||||
root * /mnt/.zrok/html
|
|
||||||
file_server browse
|
|
||||||
}
|
|
||||||
reverse_proxy /* $${ZROK_UPSTREAM_URL} {
|
|
||||||
header_up Host $${ZROK_UPSTREAM_HOST}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
CADDYFILE
|
|
||||||
user: root
|
|
||||||
volumes:
|
|
||||||
- zrok_env:/mnt
|
|
||||||
|
|
||||||
# set file ownership
|
# set file ownership
|
||||||
zrok-init:
|
zrok-init:
|
||||||
image: busybox
|
image: busybox
|
||||||
depends_on:
|
|
||||||
zrok-caddyfile:
|
|
||||||
condition: service_completed_successfully
|
|
||||||
# matches uid:gid of "nobody" in zrok container image
|
# matches uid:gid of "nobody" in zrok container image
|
||||||
command: chown -Rc 65534:65534 /mnt/
|
command: chown -Rc 65534:65534 /mnt/
|
||||||
user: root
|
user: root
|
||||||
@ -60,27 +21,34 @@ services:
|
|||||||
STATE_DIRECTORY: /mnt
|
STATE_DIRECTORY: /mnt
|
||||||
ZROK_ENABLE_TOKEN:
|
ZROK_ENABLE_TOKEN:
|
||||||
ZROK_API_ENDPOINT:
|
ZROK_API_ENDPOINT:
|
||||||
ZROK_ENVIRONMENT_NAME:
|
ZROK_ENVIRONMENT_NAME: docker-public-reserved
|
||||||
|
|
||||||
# reserve zrok frontend subdomain and start sharing the target
|
# reserve zrok frontend subdomain and start sharing the target
|
||||||
zrok-share:
|
zrok-share:
|
||||||
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
||||||
entrypoint: zrok-share.bash
|
entrypoint: bash -x zrok-share.bash
|
||||||
depends_on:
|
depends_on:
|
||||||
zrok-enable:
|
zrok-enable:
|
||||||
condition: service_completed_successfully
|
condition: service_completed_successfully
|
||||||
volumes:
|
volumes:
|
||||||
- zrok_env:/mnt
|
- zrok_env:/mnt
|
||||||
ports: []
|
|
||||||
# - 127.0.0.1:2019:2019 # Caddy admin API
|
|
||||||
environment:
|
environment:
|
||||||
STATE_DIRECTORY: /mnt
|
# internal configuration
|
||||||
PFXLOG_NO_JSON: "true"
|
STATE_DIRECTORY: /mnt # zrok homedir in container
|
||||||
ZROK_BACKEND_MODE:
|
|
||||||
ZROK_TARGET:
|
# most relevant options
|
||||||
ZROK_OAUTH_PROVIDER:
|
ZROK_BACKEND_MODE: proxy # web, caddy, drive, proxy
|
||||||
ZROK_OATH_EMAILS:
|
ZROK_TARGET: http://zrok-test:9090 # backend target, is a path in container filesystem unless proxy mode
|
||||||
ZROK_BASIC_AUTH:
|
ZROK_INSECURE: # "--insecure" if proxy target has unverifiable TLS server certificate
|
||||||
|
ZROK_OAUTH_PROVIDER: # google, github
|
||||||
|
ZROK_OATH_EMAILS: # allow space-separated list of OAuth email addresses or @domain.tld
|
||||||
|
ZROK_BASIC_AUTH: # username:password, mutually-exclusive with ZROK_OAUTH_PROVIDER
|
||||||
|
|
||||||
|
# least relevant options
|
||||||
|
ZROK_VERBOSE: # "--verbose"
|
||||||
|
ZROK_SHARE_OPTS: # additional arguments to "zrok reserve public" command
|
||||||
|
ZROK_FRONTENDS: # "public"
|
||||||
|
PFXLOG_NO_JSON: "true" # suppress JSON logging format
|
||||||
|
|
||||||
# demo server
|
# demo server
|
||||||
zrok-test:
|
zrok-test:
|
||||||
|
@ -15,52 +15,46 @@ services:
|
|||||||
depends_on:
|
depends_on:
|
||||||
zrok-init:
|
zrok-init:
|
||||||
condition: service_completed_successfully
|
condition: service_completed_successfully
|
||||||
entrypoint:
|
entrypoint: zrok-enable.bash
|
||||||
- bash
|
|
||||||
- -euc
|
|
||||||
- |
|
|
||||||
if [[ -n "$(jq '.ziti_identity' ~/.zrok/environment.json 2>/dev/null)" ]]; then
|
|
||||||
echo "INFO: zrok environment is already enabled"
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
zrok config set apiEndpoint ${ZROK_API_ENDPOINT:-https://api.zrok.io}
|
|
||||||
echo "INFO: running: zrok $$(sed -E "s/${ZROK_ENABLE_TOKEN}/************/" <<< $${@})"
|
|
||||||
exec zrok "$${@}"
|
|
||||||
fi
|
|
||||||
command: -- enable --headless --description "${ZROK_ENVIRONMENT_NAME:-docker temp public share}" ${ZROK_ENABLE_TOKEN}
|
|
||||||
volumes:
|
volumes:
|
||||||
- zrok_env:/mnt/.zrok
|
- zrok_env:/mnt
|
||||||
environment:
|
environment:
|
||||||
HOME: /mnt
|
STATE_DIRECTORY: /mnt
|
||||||
|
ZROK_ENABLE_TOKEN:
|
||||||
|
ZROK_API_ENDPOINT:
|
||||||
|
ZROK_ENVIRONMENT_NAME: docker-public-share
|
||||||
|
|
||||||
# start share on temporary public frontend url
|
# provision a temporary zrok frontend subdomain and start sharing the backend target
|
||||||
zrok-share:
|
zrok-share:
|
||||||
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
||||||
entrypoint:
|
entrypoint: zrok-share.bash
|
||||||
- bash
|
|
||||||
- -euc
|
|
||||||
- |
|
|
||||||
set -o pipefail
|
|
||||||
ZROK_CMD="share public --headless"
|
|
||||||
if [[ -n "${ZROK_SHARE_OPTS:-}" ]]; then
|
|
||||||
ZROK_CMD+=" ${ZROK_SHARE_OPTS}"
|
|
||||||
fi
|
|
||||||
if [[ -n "${ZROK_OAUTH_PROVIDER:-}" ]]; then
|
|
||||||
ZROK_CMD+=" --oauth-provider ${ZROK_OAUTH_PROVIDER}"
|
|
||||||
fi
|
|
||||||
ZROK_CMD+=" --backend-mode proxy ${ZROK_TARGET:-http://zrok-test:9090/}"
|
|
||||||
echo "INFO: running: zrok $${ZROK_CMD}"
|
|
||||||
exec zrok $${ZROK_CMD}
|
|
||||||
depends_on:
|
depends_on:
|
||||||
zrok-enable:
|
zrok-enable:
|
||||||
condition: service_completed_successfully
|
condition: service_completed_successfully
|
||||||
volumes:
|
volumes:
|
||||||
- zrok_env:/mnt/.zrok
|
- zrok_env:/mnt
|
||||||
|
ports: []
|
||||||
|
# - 127.0.0.1:2019:2019 # Caddy admin API
|
||||||
environment:
|
environment:
|
||||||
HOME: /mnt
|
# internal configuration
|
||||||
PFXLOG_NO_JSON: "true"
|
STATE_DIRECTORY: /mnt # zrok homedir in container
|
||||||
|
ZROK_FRONTEND_MODE: temp-public # tells zrok-share.bash to create a temporary subdomain and share until exit
|
||||||
|
|
||||||
# demo servers you can share with zrok
|
# most relevant options
|
||||||
|
ZROK_BACKEND_MODE: proxy # web, caddy, drive, proxy
|
||||||
|
ZROK_TARGET: http://zrok-test:9090 # backend target, is a path in container filesystem unless proxy mode
|
||||||
|
ZROK_INSECURE: # "--insecure" if proxy target has unverifiable TLS server certificate
|
||||||
|
ZROK_OAUTH_PROVIDER: # google, github
|
||||||
|
ZROK_OATH_EMAILS: # space-separated list of OAuth email addresses or @domain.tld to allow
|
||||||
|
ZROK_BASIC_AUTH: # username:password, mutually-exclusive with ZROK_OAUTH_PROVIDER
|
||||||
|
|
||||||
|
# least relevant options
|
||||||
|
ZROK_VERBOSE: # "--verbose"
|
||||||
|
ZROK_SHARE_OPTS: # additional arguments to "zrok share public" command
|
||||||
|
ZROK_FRONTENDS: # "public"
|
||||||
|
PFXLOG_NO_JSON: "true" # suppress JSON logging format
|
||||||
|
|
||||||
|
# demo server you can share with zrok
|
||||||
zrok-test:
|
zrok-test:
|
||||||
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
|
||||||
command: test endpoint --address 0.0.0.0 # 9090
|
command: test endpoint --address 0.0.0.0 # 9090
|
||||||
|
@ -38,13 +38,14 @@ fi
|
|||||||
|
|
||||||
if (( $# )); then
|
if (( $# )); then
|
||||||
if [[ -s "$1" ]]; then
|
if [[ -s "$1" ]]; then
|
||||||
|
echo "INFO: reading enable parameters from $1"
|
||||||
source "$1"
|
source "$1"
|
||||||
else
|
else
|
||||||
echo "ERROR: \$1="$1" is empty or not a readable file" >&2
|
echo "ERROR: \$1="$1" is empty or not a readable file" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "WARNING: no env filename argument, trying to read configuration from environment variables" >&2
|
echo "INFO: reading enable parameters from environment variables"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -z "${ZROK_ENABLE_TOKEN}" ]]; then
|
if [[ -z "${ZROK_ENABLE_TOKEN}" ]]; then
|
||||||
|
@ -7,17 +7,29 @@ set -o errexit
|
|||||||
set -o nounset
|
set -o nounset
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
|
share_reserved(){
|
||||||
|
local token="$1"
|
||||||
|
local target="$2"
|
||||||
|
shift 2
|
||||||
|
local opts="${*:-}"
|
||||||
|
local zrok_cmd="share reserved ${token} --headless ${opts} --override-endpoint ${target}"
|
||||||
|
echo "INFO: running: zrok ${zrok_cmd}"
|
||||||
|
exec zrok ${zrok_cmd}
|
||||||
|
}
|
||||||
|
|
||||||
if ! command -v jq &>/dev/null; then
|
if ! command -v jq &>/dev/null; then
|
||||||
echo "ERROR: jq is needed but not installed" >&2
|
echo "ERROR: jq is needed but not installed" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# set HOME to the first colon-sep dir in STATE_DIRECTORY inherited from systemd, e.g. /var/lib/zrok-share
|
# set HOME to the first colon-sep dir in STATE_DIRECTORY inherited from systemd (/var/lib/zrok-share) or docker (/mnt)
|
||||||
export HOME="${STATE_DIRECTORY%:*}"
|
export HOME="${STATE_DIRECTORY%:*}"
|
||||||
|
|
||||||
if (( $# )); then
|
if (( $# )); then
|
||||||
if [[ -s "$1" ]]; then
|
if [[ -s "$1" ]]; then
|
||||||
|
echo "INFO: reading share configuration from $1"
|
||||||
source "$1"
|
source "$1"
|
||||||
|
shift
|
||||||
else
|
else
|
||||||
echo "ERROR: '$1' is empty or not readable" >&2
|
echo "ERROR: '$1' is empty or not readable" >&2
|
||||||
exit 1
|
exit 1
|
||||||
@ -30,102 +42,118 @@ else
|
|||||||
# echo "ERROR: need /opt/openziti/etc/zrok.env or filename argument to read share configuration" >&2
|
# echo "ERROR: need /opt/openziti/etc/zrok.env or filename argument to read share configuration" >&2
|
||||||
# exit 1
|
# exit 1
|
||||||
# fi
|
# fi
|
||||||
echo "WARNING: no environment filename argument, trying to read share configuration from env vars" >&2
|
echo "INFO: reading share configuration from environment variables"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -s ~/.zrok/reserved.json ]]; then
|
[[ -n "${ZROK_TARGET:-}" ]] || {
|
||||||
ZROK_RESERVED_TOKEN="$(jq '.token' ~/.zrok/reserved.json 2>/dev/null)"
|
echo "ERROR: ZROK_TARGET is not defined." >&2
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# default mode is reserved (public), override mode is temp-public, i.e., "share public" without a reserved subdomain
|
||||||
|
if [[ "${ZROK_FRONTEND_MODE:-}" == temp-public ]]; then
|
||||||
|
ZROK_CMD="share public --headless ${ZROK_VERBOSE:-}"
|
||||||
|
elif [[ -s ~/.zrok/reserved.json ]]; then
|
||||||
|
ZROK_RESERVED_TOKEN="$(jq -r '.token' ~/.zrok/reserved.json 2>/dev/null)"
|
||||||
if [[ -z "${ZROK_RESERVED_TOKEN}" || "${ZROK_RESERVED_TOKEN}" == null ]]; then
|
if [[ -z "${ZROK_RESERVED_TOKEN}" || "${ZROK_RESERVED_TOKEN}" == null ]]; then
|
||||||
echo "ERROR: invalid reserved.json: '$(jq -c . ~/.zrok/reserved.json)'" >&2
|
echo "ERROR: invalid reserved.json: '$(jq -c . ~/.zrok/reserved.json)'" >&2
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
echo "INFO: zrok backend is already reserved: ${ZROK_RESERVED_TOKEN}"
|
echo "INFO: zrok backend is already reserved: ${ZROK_RESERVED_TOKEN}"
|
||||||
|
ZITI_CMD="${ZROK_RESERVED_TOKEN} ${ZROK_TARGET}"
|
||||||
|
ZITI_CMD+=" ${ZROK_VERBOSE:-} ${ZROK_INSECURE:-}"
|
||||||
|
share_reserved ${ZITI_CMD}
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
ZROK_CMD="reserve public --json-output ${ZROK_VERBOSE:-}"
|
ZROK_CMD="reserve public --json-output ${ZROK_VERBOSE:-}"
|
||||||
[[ -n "${ZROK_TARGET:-}" ]] || {
|
|
||||||
echo "ERROR: ZROK_TARGET was not defined in /opt/openziti/etc/zrok/zrok-share.env." >&2
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
[[ -n "${ZROK_BACKEND_MODE:-}" ]] || {
|
|
||||||
echo "WARNING: ZROK_BACKEND_MODE was not defined, assuming mode 'proxy'." >&2
|
|
||||||
ZROK_BACKEND_MODE="proxy"
|
|
||||||
}
|
|
||||||
case "${ZROK_BACKEND_MODE}" in
|
|
||||||
proxy)
|
|
||||||
if ! [[ "${ZROK_TARGET}" =~ ^https?:// ]]; then
|
|
||||||
echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not an HTTP URL" >&2
|
|
||||||
exit 1
|
|
||||||
else
|
|
||||||
echo "INFO: validated backend mode ${ZROK_BACKEND_MODE} and target ${ZROK_TARGET}"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
caddy)
|
|
||||||
if ! [[ "${ZROK_TARGET}" =~ ^/ ]]; then
|
|
||||||
echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not an absolute filesystem path." >&2
|
|
||||||
exit 1
|
|
||||||
elif ! [[ -f "${ZROK_TARGET}" && -r "${ZROK_TARGET}" ]]; then
|
|
||||||
echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not a readable regular file" >&2
|
|
||||||
exit 1
|
|
||||||
else
|
|
||||||
echo "INFO: validated backend mode ${ZROK_BACKEND_MODE} and target ${ZROK_TARGET}"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
web|drive)
|
|
||||||
if ! [[ "${ZROK_TARGET}" =~ ^/ ]]; then
|
|
||||||
echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not an absolute filesystem path." >&2
|
|
||||||
exit 1
|
|
||||||
elif ! [[ -d "${ZROK_TARGET}" && -r "${ZROK_TARGET}" ]]; then
|
|
||||||
echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not a readable directory" >&2
|
|
||||||
exit 1
|
|
||||||
else
|
|
||||||
echo "INFO: validated backend mode ${ZROK_BACKEND_MODE} and target ${ZROK_TARGET}"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "WARNING: ZROK_BACKEND_MODE='${ZROK_BACKEND_MODE}' is not a recognized mode for a zrok public share."\
|
|
||||||
" ZROK_TARGET value will not validated before running." >&2
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
ZROK_CMD+=" --backend-mode ${ZROK_BACKEND_MODE} ${ZROK_TARGET}"
|
|
||||||
if [[ -n "${ZROK_SHARE_OPTS:-}" ]]; then
|
|
||||||
ZROK_CMD+=" ${ZROK_SHARE_OPTS}"
|
|
||||||
fi
|
|
||||||
if [[ -n "${ZROK_OAUTH_PROVIDER:-}" ]]; then
|
|
||||||
ZROK_CMD+=" --oauth-provider ${ZROK_OAUTH_PROVIDER}"
|
|
||||||
if [[ -n "${ZROK_OAUTH_EMAILS:-}" ]]; then
|
|
||||||
for EMAIL in ${ZROK_OAUTH_EMAILS}; do
|
|
||||||
ZROK_CMD+=" --oauth-email-domains ${EMAIL}"
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
elif [[ -n "${ZROK_BASIC_AUTH:-}" ]]; then
|
|
||||||
ZROK_CMD+=" --basic-auth ${ZROK_BASIC_AUTH}"
|
|
||||||
fi
|
|
||||||
echo "INFO: running: zrok ${ZROK_CMD}"
|
|
||||||
zrok ${ZROK_CMD} | jq -rc | tee ~/.zrok/reserved.json
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! [[ -s ~/.zrok/reserved.json ]]; then
|
[[ -n "${ZROK_BACKEND_MODE:-}" ]] || {
|
||||||
echo "ERROR: empty or missing $(realpath ~/.zrok)/reserved.json" >&2
|
echo "WARNING: ZROK_BACKEND_MODE was not defined, assuming mode 'proxy'." >&2
|
||||||
exit 1
|
ZROK_BACKEND_MODE="proxy"
|
||||||
else
|
}
|
||||||
ZROK_PUBLIC_URLS=$(jq -cr '.frontend_endpoints' ~/.zrok/reserved.json 2>/dev/null)
|
|
||||||
if [[ -z "${ZROK_PUBLIC_URLS}" || "${ZROK_PUBLIC_URLS}" == null ]]; then
|
case "${ZROK_BACKEND_MODE}" in
|
||||||
echo "ERROR: frontend endpoints not defined in $(realpath ~/.zrok)/reserved.json" >&2
|
proxy)
|
||||||
exit 1
|
if ! [[ "${ZROK_TARGET}" =~ ^https?:// ]]; then
|
||||||
else
|
echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not an HTTP URL" >&2
|
||||||
echo "INFO: zrok public URLs: ${ZROK_PUBLIC_URLS}"
|
exit 1
|
||||||
fi
|
else
|
||||||
ZROK_RESERVED_TOKEN=$(jq -r '.token' ~/.zrok/reserved.json 2>/dev/null)
|
echo "INFO: validated backend mode ${ZROK_BACKEND_MODE} and target ${ZROK_TARGET}"
|
||||||
if [[ -z "${ZROK_RESERVED_TOKEN}" || "${ZROK_RESERVED_TOKEN}" == null ]]; then
|
fi
|
||||||
echo "ERROR: zrok reservation token not defined in $(realpath ~/.zrok)/reserved.json" >&2
|
;;
|
||||||
exit 1
|
caddy)
|
||||||
fi
|
if ! [[ "${ZROK_TARGET}" =~ ^/ ]]; then
|
||||||
ZROK_CMD="share reserved ${ZROK_RESERVED_TOKEN} --headless --override-endpoint ${ZROK_TARGET}"
|
echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not an absolute filesystem path." >&2
|
||||||
ZROK_CMD+=" ${ZROK_VERBOSE:-} ${ZROK_INSECURE:-}"
|
exit 1
|
||||||
if [[ -n "${ZROK_SHARE_OPTS:-}" ]]; then
|
elif ! [[ -f "${ZROK_TARGET}" && -r "${ZROK_TARGET}" ]]; then
|
||||||
ZROK_CMD+=" ${ZROK_SHARE_OPTS}"
|
echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not a readable regular file" >&2
|
||||||
fi
|
exit 1
|
||||||
echo "INFO: running: zrok ${ZROK_CMD}"
|
else
|
||||||
exec zrok ${ZROK_CMD}
|
echo "INFO: validated backend mode ${ZROK_BACKEND_MODE} and target ${ZROK_TARGET}"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
web|drive)
|
||||||
|
if ! [[ "${ZROK_TARGET}" =~ ^/ ]]; then
|
||||||
|
echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not an absolute filesystem path." >&2
|
||||||
|
exit 1
|
||||||
|
elif ! [[ -d "${ZROK_TARGET}" && -r "${ZROK_TARGET}" ]]; then
|
||||||
|
echo "ERROR: ZROK_TARGET='${ZROK_TARGET}' is not a readable directory" >&2
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "INFO: validated backend mode ${ZROK_BACKEND_MODE} and target ${ZROK_TARGET}"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "WARNING: ZROK_BACKEND_MODE='${ZROK_BACKEND_MODE}' is not a recognized mode for a zrok public share."\
|
||||||
|
" ZROK_TARGET value will not validated before running." >&2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
ZROK_CMD+=" --backend-mode ${ZROK_BACKEND_MODE} ${ZROK_TARGET}"
|
||||||
|
|
||||||
|
if [[ -n "${ZROK_SHARE_OPTS:-}" ]]; then
|
||||||
|
ZROK_CMD+=" ${ZROK_SHARE_OPTS}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -n "${ZROK_OAUTH_PROVIDER:-}" ]]; then
|
||||||
|
ZROK_CMD+=" --oauth-provider ${ZROK_OAUTH_PROVIDER}"
|
||||||
|
if [[ -n "${ZROK_OAUTH_EMAILS:-}" ]]; then
|
||||||
|
for EMAIL in ${ZROK_OAUTH_EMAILS}; do
|
||||||
|
ZROK_CMD+=" --oauth-email-domains ${EMAIL}"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
elif [[ -n "${ZROK_BASIC_AUTH:-}" ]]; then
|
||||||
|
ZROK_CMD+=" --basic-auth ${ZROK_BASIC_AUTH}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "INFO: running: zrok ${ZROK_CMD}"
|
||||||
|
|
||||||
|
if [[ "${ZROK_FRONTEND_MODE:-}" == temp-public ]]; then
|
||||||
|
# share until exit
|
||||||
|
exec zrok ${ZROK_CMD}
|
||||||
|
else
|
||||||
|
# reserve and continue
|
||||||
|
zrok ${ZROK_CMD} | jq -rc | tee ~/.zrok/reserved.json
|
||||||
|
# share the reserved backend target until exit
|
||||||
|
if ! [[ -s ~/.zrok/reserved.json ]]; then
|
||||||
|
echo "ERROR: empty or missing $(realpath ~/.zrok)/reserved.json" >&2
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
ZROK_PUBLIC_URLS=$(jq -cr '.frontend_endpoints' ~/.zrok/reserved.json 2>/dev/null)
|
||||||
|
if [[ -z "${ZROK_PUBLIC_URLS}" || "${ZROK_PUBLIC_URLS}" == null ]]; then
|
||||||
|
echo "ERROR: frontend endpoints not defined in $(realpath ~/.zrok)/reserved.json" >&2
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "INFO: zrok public URLs: ${ZROK_PUBLIC_URLS}"
|
||||||
|
fi
|
||||||
|
ZROK_RESERVED_TOKEN=$(jq -r '.token' ~/.zrok/reserved.json 2>/dev/null)
|
||||||
|
if [[ -z "${ZROK_RESERVED_TOKEN}" || "${ZROK_RESERVED_TOKEN}" == null ]]; then
|
||||||
|
echo "ERROR: zrok reservation token not defined in $(realpath ~/.zrok)/reserved.json" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
ZROK_CMD="${ZROK_RESERVED_TOKEN} ${ZROK_TARGET}"
|
||||||
|
ZROK_CMD+=" ${ZROK_VERBOSE:-} ${ZROK_INSECURE:-}"
|
||||||
|
share_reserved ${ZROK_CMD}
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user