From a113a3d4aa1fb6ad095608203dc504c0b04d921f Mon Sep 17 00:00:00 2001 From: michaelquigley Date: Mon, 30 Jan 2023 20:12:52 +0000 Subject: [PATCH] deploy: c18ff8424cf490bf72d7950ef40598faca4ae0a4 --- 404.html | 4 ++-- assets/js/{05a04aa0.14e60244.js => 05a04aa0.1067f8a2.js} | 2 +- assets/js/{3953c40d.4a8fa8a7.js => 3953c40d.f9f388b4.js} | 2 +- assets/js/8d0344ba.19c037c2.js | 1 + assets/js/8d0344ba.ee833643.js | 1 - assets/js/{b2f554cd.cfc94408.js => b2f554cd.26969ac1.js} | 2 +- ...{runtime~main.4957642e.js => runtime~main.17220c5f.js} | 2 +- blog/archive/index.html | 4 ++-- blog/atom.xml | 4 ++-- blog/index.html | 6 +++--- blog/introducing_zrok/index.html | 8 ++++---- blog/rss.xml | 4 ++-- docs/category/guides/index.html | 4 ++-- docs/downloads/index.html | 4 ++-- docs/getting-started/index.html | 6 +++--- docs/guides/v0.3_nginx_tls_guide/index.html | 4 ++-- docs/guides/v0.3_self_hosting_guide/index.html | 4 ++-- index.html | 4 ++-- 18 files changed, 33 insertions(+), 33 deletions(-) rename assets/js/{05a04aa0.14e60244.js => 05a04aa0.1067f8a2.js} (99%) rename assets/js/{3953c40d.4a8fa8a7.js => 3953c40d.f9f388b4.js} (99%) create mode 100644 assets/js/8d0344ba.19c037c2.js delete mode 100644 assets/js/8d0344ba.ee833643.js rename assets/js/{b2f554cd.cfc94408.js => b2f554cd.26969ac1.js} (99%) rename assets/js/{runtime~main.4957642e.js => runtime~main.17220c5f.js} (82%) diff --git a/404.html b/404.html index 39051e4f..1147fa92 100644 --- a/404.html +++ b/404.html @@ -5,13 +5,13 @@ Page Not Found | Zrok - +
Skip to main content

Page Not Found

We could not find what you were looking for.

Please contact the owner of the site that linked you to the original URL and let them know their link is broken.

- + \ No newline at end of file diff --git a/assets/js/05a04aa0.14e60244.js b/assets/js/05a04aa0.1067f8a2.js similarity index 99% rename from assets/js/05a04aa0.14e60244.js rename to assets/js/05a04aa0.1067f8a2.js index 5e4ebd8f..2ffbbff8 100644 --- a/assets/js/05a04aa0.14e60244.js +++ b/assets/js/05a04aa0.1067f8a2.js @@ -1 +1 @@ -"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[543],{3905:(e,t,o)=>{o.d(t,{Zo:()=>d,kt:()=>k});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function i(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function a(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var l=n.createContext({}),p=function(e){var t=n.useContext(l),o=t;return e&&(o="function"==typeof e?e(t):a(a({},t),e)),o},d=function(e){var t=p(e.components);return n.createElement(l.Provider,{value:t},e.children)},u="mdxType",c={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},h=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,d=s(e,["components","mdxType","originalType","parentName"]),u=p(o),h=r,k=u["".concat(l,".").concat(h)]||u[h]||c[h]||i;return o?n.createElement(k,a(a({ref:t},d),{},{components:o})):n.createElement(k,a({ref:t},d))}));function k(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=o.length,a=new Array(i);a[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s[u]="string"==typeof e?e:r,a[1]=s;for(var p=2;p{o.r(t),o.d(t,{assets:()=>l,contentTitle:()=>a,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var n=o(7462),r=(o(7294),o(3905));const i={},a="Introducing zrok",s={permalink:"/blog/introducing_zrok",source:"@site/blog/introducing_zrok.md",title:"Introducing zrok",description:"I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the \"edge\" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.",date:"2023-01-30T20:07:48.000Z",formattedDate:"January 30, 2023",tags:[],readingTime:4.595,hasTruncateMarker:!1,authors:[],frontMatter:{}},l={authorsImageUrls:[]},p=[{value:"Private Sharing",id:"private-sharing",level:2},{value:"Files; Repositories; Video... Decentralized",id:"files-repositories-video-decentralized",level:2},{value:"Production zrok",id:"production-zrok",level:2},{value:"Open-Source; Self-Host",id:"open-source-self-host",level:2},{value:"A Start",id:"a-start",level:2}],d={toc:p};function u(e){let{components:t,...o}=e;return(0,r.kt)("wrapper",(0,n.Z)({},d,o,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("p",null,"I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/ziti"},"OpenZiti")," project back in 2017. Most of my work on OpenZiti centered on the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/fabric"},"fabric"),', data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It\'s been quite exciting to watch OpenZiti blossom and grow over the years. '),(0,r.kt)("p",null,"For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent."),(0,r.kt)("p",null,"This new project is called... ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," focuses on streamlining sharing for both developers and end users alike. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti."),(0,r.kt)("p",null,"Here are some of the things that make ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," different..."),(0,r.kt)("h2",{id:"private-sharing"},"Private Sharing"),(0,r.kt)("p",null,'Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you\'ve got a public URL that you can share to allow access to your endpoint.'),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," expands on this model by supporting something that we're calling \"private sharing\". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," users through the zero-trust overlay network."),(0,r.kt)("p",null,"In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect."),(0,r.kt)("p",null,"And if you want public sharing, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," has that also. Our private sharing modes are an additional capability that ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," adds to the recipe. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),' supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.'),(0,r.kt)("h2",{id:"files-repositories-video-decentralized"},"Files; Repositories; Video... Decentralized"),(0,r.kt)("p",null,"Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a ",(0,r.kt)("em",{parentName:"p"},"frictionless")," way."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet."),(0,r.kt)("p",null,"Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms."),(0,r.kt)("p",null,"We're still just getting started on building out these aspects of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," already provides built-in single-command file sharing. You can ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok/blob/main/docs/v0.3_getting_started/getting_started.md"},"get started")," using these powerful tools today!"),(0,r.kt)("h2",{id:"production-zrok"},"Production zrok"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://netfoundry.io"},"NetFoundry")," is offering ",(0,r.kt)("a",{parentName:"p",href:"https://zrok.io"},"zrok.io"),", a managed ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance you can use to try out ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit ",(0,r.kt)("a",{parentName:"p",href:"https://zrok.io"},"zrok.io")," for details about requesting an invite."),(0,r.kt)("p",null,"Once ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok.io")," are out of beta, we'll be opening this service up to the public."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok.io")," runs on top of the open-source version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". We're building on top of the same open-source codebase that's ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"available")," today."),(0,r.kt)("h2",{id:"open-source-self-host"},"Open-Source; Self-Host"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is committed to being open-source. You've got everything you need to host your own ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md"},"guide")," to getting this running in minutes, including the OpenZiti portions."),(0,r.kt)("p",null,"You can ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"access")," the open-source version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," today."),(0,r.kt)("h2",{id:"a-start"},"A Start"),(0,r.kt)("p",null,"I'm really excited about sharing ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," with you. As of this writing, we're at ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.3.0"),", and there is still a ton of work to do to get ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," to where I know it can go. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti"},"OpenZiti GitHub"),")."),(0,r.kt)("p",null,"Starting with ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.4"),", I'm planning on producing a set of regularly-released \"development notebooks\", documenting the development process and giving you a look at the work we're doing with ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," on top of OpenZiti; these will be a great introduction to building a ",(0,r.kt)("em",{parentName:"p"},"Ziti Native Application")," from the ground up. These videos will also be a comprehensive look at how ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," works."),(0,r.kt)("p",null,"We'd love your participation in the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," project! You can find us on GitHub at ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"https://github.com/openziti/zrok"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[543],{3905:(e,t,o)=>{o.d(t,{Zo:()=>d,kt:()=>k});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function i(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function a(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var l=n.createContext({}),p=function(e){var t=n.useContext(l),o=t;return e&&(o="function"==typeof e?e(t):a(a({},t),e)),o},d=function(e){var t=p(e.components);return n.createElement(l.Provider,{value:t},e.children)},u="mdxType",c={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},h=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,d=s(e,["components","mdxType","originalType","parentName"]),u=p(o),h=r,k=u["".concat(l,".").concat(h)]||u[h]||c[h]||i;return o?n.createElement(k,a(a({ref:t},d),{},{components:o})):n.createElement(k,a({ref:t},d))}));function k(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=o.length,a=new Array(i);a[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s[u]="string"==typeof e?e:r,a[1]=s;for(var p=2;p{o.r(t),o.d(t,{assets:()=>l,contentTitle:()=>a,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var n=o(7462),r=(o(7294),o(3905));const i={},a="Introducing zrok",s={permalink:"/blog/introducing_zrok",source:"@site/blog/introducing_zrok.md",title:"Introducing zrok",description:"I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the \"edge\" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.",date:"2023-01-30T20:11:30.000Z",formattedDate:"January 30, 2023",tags:[],readingTime:4.595,hasTruncateMarker:!1,authors:[],frontMatter:{}},l={authorsImageUrls:[]},p=[{value:"Private Sharing",id:"private-sharing",level:2},{value:"Files; Repositories; Video... Decentralized",id:"files-repositories-video-decentralized",level:2},{value:"Production zrok",id:"production-zrok",level:2},{value:"Open-Source; Self-Host",id:"open-source-self-host",level:2},{value:"A Start",id:"a-start",level:2}],d={toc:p};function u(e){let{components:t,...o}=e;return(0,r.kt)("wrapper",(0,n.Z)({},d,o,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("p",null,"I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/ziti"},"OpenZiti")," project back in 2017. Most of my work on OpenZiti centered on the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/fabric"},"fabric"),', data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It\'s been quite exciting to watch OpenZiti blossom and grow over the years. '),(0,r.kt)("p",null,"For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent."),(0,r.kt)("p",null,"This new project is called... ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," focuses on streamlining sharing for both developers and end users alike. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti."),(0,r.kt)("p",null,"Here are some of the things that make ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," different..."),(0,r.kt)("h2",{id:"private-sharing"},"Private Sharing"),(0,r.kt)("p",null,'Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you\'ve got a public URL that you can share to allow access to your endpoint.'),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," expands on this model by supporting something that we're calling \"private sharing\". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," users through the zero-trust overlay network."),(0,r.kt)("p",null,"In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect."),(0,r.kt)("p",null,"And if you want public sharing, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," has that also. Our private sharing modes are an additional capability that ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," adds to the recipe. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),' supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.'),(0,r.kt)("h2",{id:"files-repositories-video-decentralized"},"Files; Repositories; Video... Decentralized"),(0,r.kt)("p",null,"Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a ",(0,r.kt)("em",{parentName:"p"},"frictionless")," way."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet."),(0,r.kt)("p",null,"Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms."),(0,r.kt)("p",null,"We're still just getting started on building out these aspects of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," already provides built-in single-command file sharing. You can ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok/blob/main/docs/v0.3_getting_started/getting_started.md"},"get started")," using these powerful tools today!"),(0,r.kt)("h2",{id:"production-zrok"},"Production zrok"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://netfoundry.io"},"NetFoundry")," is offering ",(0,r.kt)("a",{parentName:"p",href:"https://zrok.io"},"zrok.io"),", a managed ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance you can use to try out ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit ",(0,r.kt)("a",{parentName:"p",href:"https://zrok.io"},"zrok.io")," for details about requesting an invite."),(0,r.kt)("p",null,"Once ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok.io")," are out of beta, we'll be opening this service up to the public."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok.io")," runs on top of the open-source version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". We're building on top of the same open-source codebase that's ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"available")," today."),(0,r.kt)("h2",{id:"open-source-self-host"},"Open-Source; Self-Host"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is committed to being open-source. You've got everything you need to host your own ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md"},"guide")," to getting this running in minutes, including the OpenZiti portions."),(0,r.kt)("p",null,"You can ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"access")," the open-source version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," today."),(0,r.kt)("h2",{id:"a-start"},"A Start"),(0,r.kt)("p",null,"I'm really excited about sharing ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," with you. As of this writing, we're at ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.3.0"),", and there is still a ton of work to do to get ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," to where I know it can go. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti"},"OpenZiti GitHub"),")."),(0,r.kt)("p",null,"Starting with ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.4"),", I'm planning on producing a set of regularly-released \"development notebooks\", documenting the development process and giving you a look at the work we're doing with ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," on top of OpenZiti; these will be a great introduction to building a ",(0,r.kt)("em",{parentName:"p"},"Ziti Native Application")," from the ground up. These videos will also be a comprehensive look at how ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," works."),(0,r.kt)("p",null,"We'd love your participation in the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," project! You can find us on GitHub at ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"https://github.com/openziti/zrok"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/3953c40d.4a8fa8a7.js b/assets/js/3953c40d.f9f388b4.js similarity index 99% rename from assets/js/3953c40d.4a8fa8a7.js rename to assets/js/3953c40d.f9f388b4.js index bec5b38b..8d973019 100644 --- a/assets/js/3953c40d.4a8fa8a7.js +++ b/assets/js/3953c40d.f9f388b4.js @@ -1 +1 @@ -"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[474],{3905:(e,t,o)=>{o.d(t,{Zo:()=>d,kt:()=>k});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function i(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function a(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var l=n.createContext({}),p=function(e){var t=n.useContext(l),o=t;return e&&(o="function"==typeof e?e(t):a(a({},t),e)),o},d=function(e){var t=p(e.components);return n.createElement(l.Provider,{value:t},e.children)},u="mdxType",c={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},h=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,d=s(e,["components","mdxType","originalType","parentName"]),u=p(o),h=r,k=u["".concat(l,".").concat(h)]||u[h]||c[h]||i;return o?n.createElement(k,a(a({ref:t},d),{},{components:o})):n.createElement(k,a({ref:t},d))}));function k(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=o.length,a=new Array(i);a[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s[u]="string"==typeof e?e:r,a[1]=s;for(var p=2;p{o.r(t),o.d(t,{assets:()=>l,contentTitle:()=>a,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var n=o(7462),r=(o(7294),o(3905));const i={},a="Introducing zrok",s={permalink:"/blog/introducing_zrok",source:"@site/blog/introducing_zrok.md",title:"Introducing zrok",description:"I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the \"edge\" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.",date:"2023-01-30T20:07:48.000Z",formattedDate:"January 30, 2023",tags:[],readingTime:4.595,hasTruncateMarker:!1,authors:[],frontMatter:{}},l={authorsImageUrls:[]},p=[{value:"Private Sharing",id:"private-sharing",level:2},{value:"Files; Repositories; Video... Decentralized",id:"files-repositories-video-decentralized",level:2},{value:"Production zrok",id:"production-zrok",level:2},{value:"Open-Source; Self-Host",id:"open-source-self-host",level:2},{value:"A Start",id:"a-start",level:2}],d={toc:p};function u(e){let{components:t,...o}=e;return(0,r.kt)("wrapper",(0,n.Z)({},d,o,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("p",null,"I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/ziti"},"OpenZiti")," project back in 2017. Most of my work on OpenZiti centered on the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/fabric"},"fabric"),', data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It\'s been quite exciting to watch OpenZiti blossom and grow over the years. '),(0,r.kt)("p",null,"For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent."),(0,r.kt)("p",null,"This new project is called... ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," focuses on streamlining sharing for both developers and end users alike. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti."),(0,r.kt)("p",null,"Here are some of the things that make ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," different..."),(0,r.kt)("h2",{id:"private-sharing"},"Private Sharing"),(0,r.kt)("p",null,'Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you\'ve got a public URL that you can share to allow access to your endpoint.'),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," expands on this model by supporting something that we're calling \"private sharing\". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," users through the zero-trust overlay network."),(0,r.kt)("p",null,"In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect."),(0,r.kt)("p",null,"And if you want public sharing, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," has that also. Our private sharing modes are an additional capability that ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," adds to the recipe. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),' supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.'),(0,r.kt)("h2",{id:"files-repositories-video-decentralized"},"Files; Repositories; Video... Decentralized"),(0,r.kt)("p",null,"Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a ",(0,r.kt)("em",{parentName:"p"},"frictionless")," way."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet."),(0,r.kt)("p",null,"Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms."),(0,r.kt)("p",null,"We're still just getting started on building out these aspects of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," already provides built-in single-command file sharing. You can ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok/blob/main/docs/v0.3_getting_started/getting_started.md"},"get started")," using these powerful tools today!"),(0,r.kt)("h2",{id:"production-zrok"},"Production zrok"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://netfoundry.io"},"NetFoundry")," is offering ",(0,r.kt)("a",{parentName:"p",href:"https://zrok.io"},"zrok.io"),", a managed ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance you can use to try out ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit ",(0,r.kt)("a",{parentName:"p",href:"https://zrok.io"},"zrok.io")," for details about requesting an invite."),(0,r.kt)("p",null,"Once ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok.io")," are out of beta, we'll be opening this service up to the public."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok.io")," runs on top of the open-source version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". We're building on top of the same open-source codebase that's ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"available")," today."),(0,r.kt)("h2",{id:"open-source-self-host"},"Open-Source; Self-Host"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is committed to being open-source. You've got everything you need to host your own ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md"},"guide")," to getting this running in minutes, including the OpenZiti portions."),(0,r.kt)("p",null,"You can ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"access")," the open-source version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," today."),(0,r.kt)("h2",{id:"a-start"},"A Start"),(0,r.kt)("p",null,"I'm really excited about sharing ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," with you. As of this writing, we're at ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.3.0"),", and there is still a ton of work to do to get ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," to where I know it can go. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti"},"OpenZiti GitHub"),")."),(0,r.kt)("p",null,"Starting with ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.4"),", I'm planning on producing a set of regularly-released \"development notebooks\", documenting the development process and giving you a look at the work we're doing with ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," on top of OpenZiti; these will be a great introduction to building a ",(0,r.kt)("em",{parentName:"p"},"Ziti Native Application")," from the ground up. These videos will also be a comprehensive look at how ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," works."),(0,r.kt)("p",null,"We'd love your participation in the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," project! You can find us on GitHub at ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"https://github.com/openziti/zrok"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[474],{3905:(e,t,o)=>{o.d(t,{Zo:()=>d,kt:()=>k});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function i(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function a(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var l=n.createContext({}),p=function(e){var t=n.useContext(l),o=t;return e&&(o="function"==typeof e?e(t):a(a({},t),e)),o},d=function(e){var t=p(e.components);return n.createElement(l.Provider,{value:t},e.children)},u="mdxType",c={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},h=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,d=s(e,["components","mdxType","originalType","parentName"]),u=p(o),h=r,k=u["".concat(l,".").concat(h)]||u[h]||c[h]||i;return o?n.createElement(k,a(a({ref:t},d),{},{components:o})):n.createElement(k,a({ref:t},d))}));function k(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=o.length,a=new Array(i);a[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s[u]="string"==typeof e?e:r,a[1]=s;for(var p=2;p{o.r(t),o.d(t,{assets:()=>l,contentTitle:()=>a,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var n=o(7462),r=(o(7294),o(3905));const i={},a="Introducing zrok",s={permalink:"/blog/introducing_zrok",source:"@site/blog/introducing_zrok.md",title:"Introducing zrok",description:"I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the \"edge\" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.",date:"2023-01-30T20:11:30.000Z",formattedDate:"January 30, 2023",tags:[],readingTime:4.595,hasTruncateMarker:!1,authors:[],frontMatter:{}},l={authorsImageUrls:[]},p=[{value:"Private Sharing",id:"private-sharing",level:2},{value:"Files; Repositories; Video... Decentralized",id:"files-repositories-video-decentralized",level:2},{value:"Production zrok",id:"production-zrok",level:2},{value:"Open-Source; Self-Host",id:"open-source-self-host",level:2},{value:"A Start",id:"a-start",level:2}],d={toc:p};function u(e){let{components:t,...o}=e;return(0,r.kt)("wrapper",(0,n.Z)({},d,o,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("p",null,"I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/ziti"},"OpenZiti")," project back in 2017. Most of my work on OpenZiti centered on the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/fabric"},"fabric"),', data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It\'s been quite exciting to watch OpenZiti blossom and grow over the years. '),(0,r.kt)("p",null,"For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent."),(0,r.kt)("p",null,"This new project is called... ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," focuses on streamlining sharing for both developers and end users alike. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti."),(0,r.kt)("p",null,"Here are some of the things that make ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," different..."),(0,r.kt)("h2",{id:"private-sharing"},"Private Sharing"),(0,r.kt)("p",null,'Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you\'ve got a public URL that you can share to allow access to your endpoint.'),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," expands on this model by supporting something that we're calling \"private sharing\". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," users through the zero-trust overlay network."),(0,r.kt)("p",null,"In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect."),(0,r.kt)("p",null,"And if you want public sharing, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," has that also. Our private sharing modes are an additional capability that ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," adds to the recipe. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),' supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.'),(0,r.kt)("h2",{id:"files-repositories-video-decentralized"},"Files; Repositories; Video... Decentralized"),(0,r.kt)("p",null,"Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a ",(0,r.kt)("em",{parentName:"p"},"frictionless")," way."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet."),(0,r.kt)("p",null,"Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms."),(0,r.kt)("p",null,"We're still just getting started on building out these aspects of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," already provides built-in single-command file sharing. You can ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok/blob/main/docs/v0.3_getting_started/getting_started.md"},"get started")," using these powerful tools today!"),(0,r.kt)("h2",{id:"production-zrok"},"Production zrok"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://netfoundry.io"},"NetFoundry")," is offering ",(0,r.kt)("a",{parentName:"p",href:"https://zrok.io"},"zrok.io"),", a managed ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance you can use to try out ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit ",(0,r.kt)("a",{parentName:"p",href:"https://zrok.io"},"zrok.io")," for details about requesting an invite."),(0,r.kt)("p",null,"Once ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok.io")," are out of beta, we'll be opening this service up to the public."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok.io")," runs on top of the open-source version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". We're building on top of the same open-source codebase that's ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"available")," today."),(0,r.kt)("h2",{id:"open-source-self-host"},"Open-Source; Self-Host"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is committed to being open-source. You've got everything you need to host your own ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md"},"guide")," to getting this running in minutes, including the OpenZiti portions."),(0,r.kt)("p",null,"You can ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"access")," the open-source version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," today."),(0,r.kt)("h2",{id:"a-start"},"A Start"),(0,r.kt)("p",null,"I'm really excited about sharing ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," with you. As of this writing, we're at ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.3.0"),", and there is still a ton of work to do to get ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," to where I know it can go. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti"},"OpenZiti GitHub"),")."),(0,r.kt)("p",null,"Starting with ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.4"),", I'm planning on producing a set of regularly-released \"development notebooks\", documenting the development process and giving you a look at the work we're doing with ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),". I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," on top of OpenZiti; these will be a great introduction to building a ",(0,r.kt)("em",{parentName:"p"},"Ziti Native Application")," from the ground up. These videos will also be a comprehensive look at how ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," works."),(0,r.kt)("p",null,"We'd love your participation in the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," project! You can find us on GitHub at ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok"},"https://github.com/openziti/zrok"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/8d0344ba.19c037c2.js b/assets/js/8d0344ba.19c037c2.js new file mode 100644 index 00000000..19b1e6b9 --- /dev/null +++ b/assets/js/8d0344ba.19c037c2.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[218],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>h});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},d=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},m="mdxType",c={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},k=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),m=p(n),k=r,h=m["".concat(s,".").concat(k)]||m[k]||c[k]||o;return n?a.createElement(h,i(i({ref:t},d),{},{components:n})):a.createElement(h,i({ref:t},d))}));function h(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=k;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[m]="string"==typeof e?e:r,i[1]=l;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>m,frontMatter:()=>o,metadata:()=>l,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const o={sidebar_position:0},i="Getting Started with zrok",l={unversionedId:"getting-started",id:"getting-started",title:"Getting Started with zrok",description:"zrok is a next-generation sharing platform built on top of OpenZiti, a programmable zero trust network overlay. zrok is an OpenZiti Native Application.",source:"@site/../docs/getting-started.md",sourceDirName:".",slug:"/getting-started",permalink:"/docs/getting-started",draft:!1,editUrl:"https://github.com/openziti/zrok/tree/main/../docs/getting-started.md",tags:[],version:"current",sidebarPosition:0,frontMatter:{sidebar_position:0},sidebar:"tutorialSidebar",next:{title:"Guides",permalink:"/docs/category/guides"}},s={},p=[{value:"Downloading zrok",id:"downloading-zrok",level:2},{value:"Extract zrok Distribution",id:"extract-zrok-distribution",level:3},{value:"Configure Your zrok Service Instance",id:"configure-your-zrok-service-instance",level:2},{value:"Generating an Invitation",id:"generating-an-invitation",level:2},{value:"Enabling Your zrok Environment",id:"enabling-your-zrok-environment",level:2},{value:"Sharing",id:"sharing",level:2},{value:"Ephemeral by Default",id:"ephemeral-by-default",level:3},{value:"Public Shares and Frontends",id:"public-shares-and-frontends",level:3},{value:"Private Shares",id:"private-shares",level:3},{value:"Proxy Backend Mode",id:"proxy-backend-mode",level:3},{value:"Web Backend Mode",id:"web-backend-mode",level:3},{value:"Reserved Shares",id:"reserved-shares",level:3},{value:"Concepts Review",id:"concepts-review",level:2},{value:"Service Instance and Account",id:"service-instance-and-account",level:3},{value:"Environment",id:"environment",level:3},{value:"Shares",id:"shares",level:3},{value:"Reserved Shares",id:"reserved-shares-1",level:3},{value:"Self-Hosting a Service Instance",id:"self-hosting-a-service-instance",level:2}],d={toc:p};function m(e){let{components:t,...o}=e;return(0,r.kt)("wrapper",(0,a.Z)({},d,o,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"getting-started-with-zrok"},"Getting Started with zrok"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is a next-generation sharing platform built on top of ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/ziti/stargazers"},"OpenZiti"),", a programmable zero trust network overlay. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is an ",(0,r.kt)("em",{parentName:"p"},"OpenZiti Native Application"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," facilitates sharing resources publicly and privately with an audience of your choosing."),(0,r.kt)("p",null,"As of version ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.3.0"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," provides users the ability to publicly proxy local HTTP endpoints (similar to other offerings in this space). Additionally, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," provides the ability to:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("em",{parentName:"li"},"privately")," share resources with other ",(0,r.kt)("inlineCode",{parentName:"li"},"zrok")," users; in ",(0,r.kt)("em",{parentName:"li"},"private")," usage scenarios, your private resources are not exposed to any public endpoints, and all communication is securely and privately transported between ",(0,r.kt)("inlineCode",{parentName:"li"},"zrok")," clients"),(0,r.kt)("li",{parentName:"ul"},"use ",(0,r.kt)("inlineCode",{parentName:"li"},"web")," sharing; easily share files with others using a single ",(0,r.kt)("inlineCode",{parentName:"li"},"zrok")," command")),(0,r.kt)("p",null,"Let's take a look at how to get started with ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),"."),(0,r.kt)("h2",{id:"downloading-zrok"},"Downloading zrok"),(0,r.kt)("p",null,"Releases are also available from the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," project repository on GitHub at ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok/releases/latest"},"https://github.com/openziti/zrok/releases/latest")),(0,r.kt)("h3",{id:"extract-zrok-distribution"},"Extract zrok Distribution"),(0,r.kt)("p",null,"Move the downloaded ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," distribution into a directory on your system. In my case, I've placed it in my home directory:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ ls -lF zrok*\n-rwxr-xr-x 1 michael michael 12724747 Jan 17 12:57 zrok_0.3.0-rc1_linux_amd64.tar.gz*\n")),(0,r.kt)("p",null,"Create a directory where the extracted distribution will sit:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ mkdir zrok\n$ cd zrok/\n")),(0,r.kt)("p",null,"Extract the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," distribution:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ tar zxvf ../zrok_0.3.0-rc1_linux_amd64.tar.gz\nCHANGELOG.md\nREADME.md\nzrok\n")),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},"NOTE: On Windows platforms the distribution is shipped as a ",(0,r.kt)("inlineCode",{parentName:"p"},"zip")," archive. Windows Explorer includes support for extracting ",(0,r.kt)("inlineCode",{parentName:"p"},"zip")," archives natively.")),(0,r.kt)("p",null,"Add ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," to your shell's environment."),(0,r.kt)("p",null,"For Linux or macos:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ export PATH=`pwd`:$PATH\n")),(0,r.kt)("p",null,"For Windows (using Command Prompt):"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"> set PATH=%CD%;%PATH%\n")),(0,r.kt)("p",null,"For Windows (using PowerShell):"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},'$env:path += ";"+$pwd.Path\n')),(0,r.kt)("p",null,"With the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," executable in your path, you can then execute the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," command from your shell:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok version\n _ \n _____ __ ___ | | __\n|_ / '__/ _ \\| |/ /\n / /| | | (_) | < \n/___|_| \\___/|_|\\_\\\n\nv0.3.0-rc1 [0d43b55]\n")),(0,r.kt)("h2",{id:"configure-your-zrok-service-instance"},"Configure Your zrok Service Instance"),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},'Most users can safely skip this section and proceed to "Generating an Invitation" below.'),(0,r.kt)("p",{parentName:"admonition"},"This section is relevant if you want to use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," CLI with an alternate service instance (in the case of self-hosting, etc.).")),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is both an installable utility that you interact with from your local computer, and also a ",(0,r.kt)("em",{parentName:"p"},"service")," that exists on the network. NetFoundry operates the public ",(0,r.kt)("em",{parentName:"p"},"service instance")," that is available at ",(0,r.kt)("inlineCode",{parentName:"p"},"api.zrok.io"),", but because ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is open source and self-hostable, you're free to create your own ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance."),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," executable defaults to using the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance at ",(0,r.kt)("inlineCode",{parentName:"p"},"api.zrok.io"),". Should you need to change the endpoint to use a different service instance, you can do that with the following command:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok config set apiEndpoint https://zrok.mydomain.com\n[WARNING]: unable to open zrokdir metadata; ignoring\n\nzrok configuration updated\n")),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"The ",(0,r.kt)("inlineCode",{parentName:"p"},"WARNING")," about ",(0,r.kt)("inlineCode",{parentName:"p"},"zrokdir metadata")," is ignorable. Running the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok config set")," command writes a small piece of metadata into a ",(0,r.kt)("inlineCode",{parentName:"p"},".zrok")," folder inside your home directory. This allows ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," to identify the version of its settings, providing a mechanism to upgrade your installation as new versions are released. This ",(0,r.kt)("inlineCode",{parentName:"p"},"WARNING")," is letting you know that your current environment has not be initialized by ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),".")),(0,r.kt)("p",null,"You can use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok status")," command to inspect the state of your local ",(0,r.kt)("em",{parentName:"p"},"environment"),". ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," refers to each shell where you install and ",(0,r.kt)("inlineCode",{parentName:"p"},"enable")," a copy of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," as as an ",(0,r.kt)("em",{parentName:"p"},"environment"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok status\n\nConfig:\n\n CONFIG VALUE SOURCE \n apiEndpoint https://zrok.mydomain.com config \n\n[WARNING]: Unable to load your local environment!\n\nTo create a local environment use the zrok enable command.\n")),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"The ",(0,r.kt)("inlineCode",{parentName:"p"},"WARNING")," about being ",(0,r.kt)("inlineCode",{parentName:"p"},"unable to load your local environment")," will go away once you've successfully enabled (",(0,r.kt)("inlineCode",{parentName:"p"},"zrok enable"),") for your shell (we'll get to that below). For now, this warning is ignorable.")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok status")," command shows the configured API service that your environment is using, as well as the ",(0,r.kt)("inlineCode",{parentName:"p"},"SOURCE")," where the setting was retrieved. In this case, ",(0,r.kt)("inlineCode",{parentName:"p"},"config")," means that the setting was set into the environment using the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok config")," command."),(0,r.kt)("h2",{id:"generating-an-invitation"},"Generating an Invitation"),(0,r.kt)("p",null,"In order to create an account with the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance, you will need to create an invitation. "),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"Some environments take advantage of ",(0,r.kt)("em",{parentName:"p"},"invitation tokens"),", which limit who is able to request an invitation on the service instance. If your service uses invitation tokens, the administrator of your instance will include details about how to use your token to generate your invitation.")),(0,r.kt)("p",null,"We generate an invitation with the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok invite")," command:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok invite\n\nenter and confirm your email address...\n\n> user@domain.com\n> user@domain.com\n\n[ Submit ]\n\ninvitation sent to 'user@domain.com'!\n")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok invite")," command presents a small form that allows you to enter (and then confirm) your email address. Tabbing to the ",(0,r.kt)("inlineCode",{parentName:"p"},"[ Submit ]")," button will send the request to your configured ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service."),(0,r.kt)("p",null,"Next, check the email where you sent the invite. You should receive a message asking you to click a link to create your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," account. When you click that link, you will be brought to a web page that will allow you to set a password for your new account:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Enter a Password",src:n(9744).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"Enter a password and it's confirmation, and click the ",(0,r.kt)("inlineCode",{parentName:"p"},"Register Account")," button. You'll see the following:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Successful Registration",src:n(242).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,'For now, we\'ll ignore the "enable your shell for zrok" section. Just click the ',(0,r.kt)("inlineCode",{parentName:"p"},"zrok web portal")," link:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Web Login",src:n(9509).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"After clicking the ",(0,r.kt)("inlineCode",{parentName:"p"},"Log In")," button, you'll be brought into the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," ",(0,r.kt)("em",{parentName:"p"},"web console"),":"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Web Console; Empty",src:n(2945).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"Congratulations! Your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," account is ready to go!"),(0,r.kt)("h2",{id:"enabling-your-zrok-environment"},"Enabling Your zrok Environment"),(0,r.kt)("p",null,"When your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," account was created, the service generated a ",(0,r.kt)("em",{parentName:"p"},"secret token")," that identifies and authenticates in a single step. Protect your secret token as if it were a password, or an important account number; it's a ",(0,r.kt)("em",{parentName:"p"},"secret"),", protect it."),(0,r.kt)("p",null,"When we left off you had downloaded, extracted, and configured your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," environment. In order to use that environment with your account, you'll need to ",(0,r.kt)("inlineCode",{parentName:"p"},"enable")," it. Enabling an environment generates a secure identity and the necessary underlying security policies with the OpenZiti network hosting the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service."),(0,r.kt)("p",null,"From the web console, click on your email address in the upper right corner of the header. That drop down menu contains an ",(0,r.kt)("inlineCode",{parentName:"p"},"Enable Your Environment")," link. Click that link and a modal dialog will be shown like this:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Enable Modal Dialog",src:n(9042).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"This dialog box shows you the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok enable")," command that you can use to enable any shell to work with your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," account with a single command."),(0,r.kt)("p",null,"Let's copy that command and paste it into your shell:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok enable klFEoIi0QAg7 \n\u28fb contacting the zrok service...\n")),(0,r.kt)("p",null,"After a few seconds, the message will change and indicate that the enable operation suceeded:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok enable klFEoIi0QAg7 \n\u28fb the zrok environment was successfully enabled...\n")),(0,r.kt)("p",null,"Now, if we run a ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok status")," command, you will see the details of your environment:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok status\n\nConfig:\n\n CONFIG VALUE SOURCE \n apiEndpoint https://api.zrok.io env \n\nEnvironment:\n\n PROPERTY VALUE \n Secret Token klFEoIi0QAg7 \n Ziti Identity FTpvelYD6h \n")),(0,r.kt)("p",null,"Excellent... our environment is now fully enabled."),(0,r.kt)("p",null,"If we return to the ",(0,r.kt)("em",{parentName:"p"},"web console"),", we'll now see the new environment reflected in the explorer view:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"New Environment in Web UI",src:n(5546).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"In my case, the environment is named ",(0,r.kt)("inlineCode",{parentName:"p"},"michael@ziti-lx"),", which is the username of my shell and the hostname of the system the shell is running on."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"Should you want to use a non-default name for your environment, you can pass the ",(0,r.kt)("inlineCode",{parentName:"p"},"-d")," option to the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok enable")," command. See ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok enable --help")," for details.")),(0,r.kt)("p",null,"If you click on the environment node in the explorer in the ",(0,r.kt)("em",{parentName:"p"},"web console"),", the details panel shown at the bottom of the page will change:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Empty Environment",src:n(3858).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"The explorer supports clicking, dragging, mouse wheel zooming, and selecting the nodes in the graph for more information (and available actions) for the selected node. If you ever get lost in the explorer, click the ",(0,r.kt)("img",{alt:"Zoom to Fit",src:n(3843).Z,width:"30",height:"25"})," ",(0,r.kt)("em",{parentName:"p"},"zoom to fit")," icon in the lower right corner of the explorer."),(0,r.kt)("p",null,"If we click on the ",(0,r.kt)("inlineCode",{parentName:"p"},"Detail")," tab for our environment, we'll see something like:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Environment Detail",src:n(2534).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"Your environment is fully ready to go. Now we can move on to the fun stuff..."),(0,r.kt)("h2",{id:"sharing"},"Sharing"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is designed to make sharing resources as effortless as possible, while providing a high degree of security and control."),(0,r.kt)("h3",{id:"ephemeral-by-default"},"Ephemeral by Default"),(0,r.kt)("p",null,"Shared resources are ",(0,r.kt)("em",{parentName:"p"},"ephemeral")," by default; as soon as you terminate the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command, the entire share is removed and is no longer available to any users. Identifiers for shared resources are randomly allocated when the share is created."),(0,r.kt)("h3",{id:"public-shares-and-frontends"},"Public Shares and Frontends"),(0,r.kt)("p",null,"Resources that are shared ",(0,r.kt)("em",{parentName:"p"},"publicly")," are exposed to any users on the internet who have access to the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),' service instance\'s "frontend".'),(0,r.kt)("p",null,"A frontend is an HTTPS listener exposed to the internet, that lets any user with your ephemeral share token access your publicly shared resources."),(0,r.kt)("p",null,"For example, I might create a public share using the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share public")," command, which results in my ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance exposing the following URL to access my resources:"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://h0fz2ts9c84t.share.zrok.io"},"https://h0fz2ts9c84t.share.zrok.io")),(0,r.kt)("p",null,'In this case my share was given the "share token" of ',(0,r.kt)("inlineCode",{parentName:"p"},"h0fz2ts9c84t"),". That URL can be given to any user, allowing them to immediately access the shared resources directly from my local environment, all without exposing any access to my private, secure environment. The physical network location of my environment is not exposed to anonymous consumers of my resources."),(0,r.kt)("p",null,"If we return to the web console, we see our share in the explorer:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Web Console Share",src:n(6097).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"If we click on our new share in the explorer, we can see the share details:\n",(0,r.kt)("img",{alt:"Share Details",src:n(4647).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"If we click on the ",(0,r.kt)("em",{parentName:"p"},"frontend endpoint")," a new browser tab opens and we see the content of our share:\n",(0,r.kt)("img",{alt:"Share Frontend",src:n(6254).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"If we click on the environment in the explorer, we're shown all of the shares for that environment (including our new share), along with a spark line that shows the activity:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Environment Spark Line",src:n(9737).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"And as soon as I terminate the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," client, the resources are removed from the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," environment."),(0,r.kt)("p",null,"If we try to reload the frontend endpoing in our web browser, we'll see:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Not Found",src:n(5724).Z,width:"1556",height:"1229"})),(0,r.kt)("h3",{id:"private-shares"},"Private Shares"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," also provides a powerful ",(0,r.kt)("em",{parentName:"p"},"private")," sharing model. If I execute the following command:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok share private http://localhost:8080\n")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service will respond with the following:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"access your share with: zrok access private wvszln4dyz9q\n")),(0,r.kt)("p",null,"Rather than allowing access to your service through a public frontend, a ",(0,r.kt)("em",{parentName:"p"},"private")," share is only exposed to the underlying OpenZiti network, and can only be accessed using the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok access")," command."),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok access private wvszln4dyz9q")," command can be run by any ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," user, allowing them to create and bind a local HTTP listener, that allows for private access to your shared resources."),(0,r.kt)("h3",{id:"proxy-backend-mode"},"Proxy Backend Mode"),(0,r.kt)("p",null,"Without specifying a ",(0,r.kt)("em",{parentName:"p"},"backend mode"),", the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command will assume that you're trying to share a ",(0,r.kt)("inlineCode",{parentName:"p"},"proxy")," resource. A ",(0,r.kt)("inlineCode",{parentName:"p"},"proxy")," resource is usually some private HTTP/HTTPS endpoint (like a development server, or a private application) running in your local environment. Usually such an endpoint would have no inbound connectivity except for however it is reachable from your local environment. It might be running on ",(0,r.kt)("inlineCode",{parentName:"p"},"localhost"),", or only listening on a private LAN segment behind a firewall. "),(0,r.kt)("p",null,"For these services a ",(0,r.kt)("inlineCode",{parentName:"p"},"proxy")," share will allow those endpoints to be reached, either ",(0,r.kt)("em",{parentName:"p"},"publicly")," or ",(0,r.kt)("em",{parentName:"p"},"privately")," through the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service."),(0,r.kt)("h3",{id:"web-backend-mode"},"Web Backend Mode"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command accepts a ",(0,r.kt)("inlineCode",{parentName:"p"},"--backend-mode")," option. Besides ",(0,r.kt)("inlineCode",{parentName:"p"},"proxy"),", the current ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.3")," release (as of this writing) also supports a ",(0,r.kt)("inlineCode",{parentName:"p"},"web")," mode. The ",(0,r.kt)("inlineCode",{parentName:"p"},"web")," mode allows you to specify a local folder on your filesystem, and instantly turns your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," client into a web server, exposing your web content either ",(0,r.kt)("em",{parentName:"p"},"publicly")," or ",(0,r.kt)("em",{parentName:"p"},"privately")," without having to a configure a web server."),(0,r.kt)("h3",{id:"reserved-shares"},"Reserved Shares"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," shares are ",(0,r.kt)("em",{parentName:"p"},"ephemeral"),' unless you specifically create a "reserved" share.'),(0,r.kt)("p",null,"A reserved share can be re-used multiple times; it will survive termination of the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command, allowing for longer-lasting semi-permanent access to shared resources."),(0,r.kt)("p",null,"The first step is to create the reserved share:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok reserve public --backend-mode web v0.3_getting_started\n[ 0.275] INFO main.(*reserveCommand).run: your reserved share token is 'mltwsinym1s2'\n[ 0.275] INFO main.(*reserveCommand).run: reserved frontend endpoint: https://mltwsinym1s2.share.zrok.io\n")),(0,r.kt)("p",null,"I'm asking the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service to reserve a share with a ",(0,r.kt)("inlineCode",{parentName:"p"},"web")," backend mode, pointing at my local ",(0,r.kt)("inlineCode",{parentName:"p"},"docs")," folder."),(0,r.kt)("p",null,"You'll want to remember the share token (",(0,r.kt)("inlineCode",{parentName:"p"},"mltwsinym1s2")," in this case), and the frontend endpoint URL. If this were a ",(0,r.kt)("em",{parentName:"p"},"private")," reserved share, there would not be a frontend URL."),(0,r.kt)("p",null,"If we do nothing else, and then point a web browser at the frontend endpoint, we get:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Not Found",src:n(7369).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"This is the ",(0,r.kt)("inlineCode",{parentName:"p"},"404")," error message returned by the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," frontend. We're getting this because we haven't yet started up a ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," for the service. Let's do that:"),(0,r.kt)("p",null,"This command:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok share reserved mltwsinym1s2\n")),(0,r.kt)("p",null,"...results in a new share backend starting up and connecting to the existing reserved share:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"zrok share reserved",src:n(1577).Z,width:"951",height:"706"})),(0,r.kt)("p",null,"And now if we refresh the frontend endpoint URL in the web browser, we'll see an index of the ",(0,r.kt)("inlineCode",{parentName:"p"},"docs")," directory:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"zrok docs share",src:n(6377).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"With the reserved share, we're free to stop and restart the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share reserved")," command as many times as we want, without losing the token for our share."),(0,r.kt)("p",null,"When we're done with the reserved share, we can ",(0,r.kt)("em",{parentName:"p"},"release")," it using this command:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok release mltwsinym1s2\n[ 0.230] INFO main.(*releaseCommand).run: reserved share 'mltwsinym1s2' released\n")),(0,r.kt)("h2",{id:"concepts-review"},"Concepts Review"),(0,r.kt)("p",null,"In summary, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," lets you easily and securely share resources with both general internet users (through ",(0,r.kt)("em",{parentName:"p"},"public")," sharing) and also with other ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," users (through ",(0,r.kt)("em",{parentName:"p"},"private")," sharing)."),(0,r.kt)("p",null,"Here's a quick review of the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," mental model and the vocabulary."),(0,r.kt)("h3",{id:"service-instance-and-account"},"Service Instance and Account"),(0,r.kt)("p",null,"You create an ",(0,r.kt)("em",{parentName:"p"},"account")," with a ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," ",(0,r.kt)("em",{parentName:"p"},"service instance"),". Your account is identified by a username and a password, which you use to log into the ",(0,r.kt)("em",{parentName:"p"},"web console"),". Your account also has a ",(0,r.kt)("em",{parentName:"p"},"secret token"),", which you will use to authenticate from the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," command-line to interact with the ",(0,r.kt)("em",{parentName:"p"},"service instance"),"."),(0,r.kt)("p",null,"You create a new ",(0,r.kt)("em",{parentName:"p"},"account")," with a ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," ",(0,r.kt)("em",{parentName:"p"},"service instance")," through the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok invite")," command."),(0,r.kt)("h3",{id:"environment"},"Environment"),(0,r.kt)("p",null,"Using your ",(0,r.kt)("em",{parentName:"p"},"secret token")," you use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," command-line interface to create an ",(0,r.kt)("em",{parentName:"p"},"environment"),". An ",(0,r.kt)("em",{parentName:"p"},"environment")," corresponds to a single command-line user on a specific ",(0,r.kt)("em",{parentName:"p"},"host system"),". "),(0,r.kt)("p",null,"You create a new ",(0,r.kt)("em",{parentName:"p"},"environment")," by using the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok enable")," command."),(0,r.kt)("h3",{id:"shares"},"Shares"),(0,r.kt)("p",null,"Once you've enabled an ",(0,r.kt)("em",{parentName:"p"},"environment"),", you then create one or more ",(0,r.kt)("em",{parentName:"p"},"shares"),". Shares have either a ",(0,r.kt)("em",{parentName:"p"},"public")," or ",(0,r.kt)("em",{parentName:"p"},"private")," ",(0,r.kt)("em",{parentName:"p"},"sharing mode"),". ",(0,r.kt)("em",{parentName:"p"},"Shares")," share a specific type of resource using a ",(0,r.kt)("em",{parentName:"p"},"backend mode"),". As of this writing ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," supports a ",(0,r.kt)("inlineCode",{parentName:"p"},"proxy")," ",(0,r.kt)("em",{parentName:"p"},"backend mode")," to share local HTTP resources as a ",(0,r.kt)("em",{parentName:"p"},"reverse proxy"),". ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," also supports a ",(0,r.kt)("inlineCode",{parentName:"p"},"web")," ",(0,r.kt)("em",{parentName:"p"},"backend mode")," to share local file and HTML resources by enabling a basic HTTP server."),(0,r.kt)("p",null,"Every ",(0,r.kt)("em",{parentName:"p"},"share")," is identified by a ",(0,r.kt)("em",{parentName:"p"},"share token"),". ",(0,r.kt)("em",{parentName:"p"},"Public shares")," can be accessed through either a ",(0,r.kt)("em",{parentName:"p"},"frontend")," instance offered through the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," ",(0,r.kt)("em",{parentName:"p"},"service instance"),", or through the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok access")," command. ",(0,r.kt)("em",{parentName:"p"},"Private shares")," can only be accessed through the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok access")," command."),(0,r.kt)("p",null,"You use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command to create and enable ",(0,r.kt)("em",{parentName:"p"},"ephemeral shares"),"."),(0,r.kt)("h3",{id:"reserved-shares-1"},"Reserved Shares"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," supports creating ",(0,r.kt)("em",{parentName:"p"},"shares")," that have a consistent ",(0,r.kt)("em",{parentName:"p"},"share token")," that survives restarts of the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command. These are considered ",(0,r.kt)("em",{parentName:"p"},"non-ephemeral"),", and is callled a ",(0,r.kt)("em",{parentName:"p"},"reserved share"),"."),(0,r.kt)("p",null,"You use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok reserve")," command to create ",(0,r.kt)("em",{parentName:"p"},"reserved shares"),". Reserved shares last until you use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok release")," command to delete them."),(0,r.kt)("h2",{id:"self-hosting-a-service-instance"},"Self-Hosting a Service Instance"),(0,r.kt)("p",null,"Interested in self-hosting your own ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance? See the ",(0,r.kt)("a",{parentName:"p",href:"/docs/guides/v0.3_self_hosting_guide"},"self-hosting guide")," for details."))}m.isMDXComponent=!0},6377:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_docs_share-1c87532d471ab25aaa1590d6215a1427.png"},9042:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_enable_modal-c62345bd12e17ec9dac2df2f46fc05e8.png"},5724:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_not_found-fa3415937c341eb10e1eb98c9b063583.png"},242:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_registration_success-3f3689bf6d7e28d4f4ec8081e94cd835.png"},7369:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_reserved_not_found-2519707e5cc3e635b7a6feb381c1d040.png"},1577:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_share_reserved-6bce67775ce2c41abb0ef13ee1fad972.png"},9744:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_verify-9c83189dde04c6fbab19b62ace653319.png"},2945:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_console_empty-863f7acf00cc43148999a937deb19830.png"},9737:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_console_environment_spark-eeea921884089d320f4b9b2ba2038a1d.png"},6097:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_console_explorer_share-7e6430b99ed60358da14491a97f153ae.png"},4647:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_console_share_detail-9c3f99ededaba7d1225cacd5ec81a06d.png"},6254:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_console_share_frontend-d36b169cea46f834e74af4aa456d0b89.png"},9509:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_login-2d339ab0b7c1e0aad4710d928b511cb0.png"},2534:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_ui_empty_environment_detail-1a3a35ddab829e3a9b951ef57cecde45.png"},3858:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_ui_empty_shares-a2ecccae2bbb1c006ea2a0ba1e85e335.png"},5546:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_ui_new_environment-a2745e4475025446ae38e5bd7708a9bf.png"},3843:(e,t,n)=>{n.d(t,{Z:()=>a});const a="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAZCAIAAACpVwlNAAAEr2lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS41LjAiPgogPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iCiAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyIKICAgIHhtbG5zOnBob3Rvc2hvcD0iaHR0cDovL25zLmFkb2JlLmNvbS9waG90b3Nob3AvMS4wLyIKICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIgogICAgeG1sbnM6c3RFdnQ9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZUV2ZW50IyIKICAgdGlmZjpJbWFnZUxlbmd0aD0iMjUiCiAgIHRpZmY6SW1hZ2VXaWR0aD0iMzAiCiAgIHRpZmY6UmVzb2x1dGlvblVuaXQ9IjIiCiAgIHRpZmY6WFJlc29sdXRpb249Ijk2LzEiCiAgIHRpZmY6WVJlc29sdXRpb249Ijk2LzEiCiAgIGV4aWY6UGl4ZWxYRGltZW5zaW9uPSIzMCIKICAgZXhpZjpQaXhlbFlEaW1lbnNpb249IjI1IgogICBleGlmOkNvbG9yU3BhY2U9IjEiCiAgIHBob3Rvc2hvcDpDb2xvck1vZGU9IjMiCiAgIHBob3Rvc2hvcDpJQ0NQcm9maWxlPSJzUkdCIElFQzYxOTY2LTIuMSIKICAgeG1wOk1vZGlmeURhdGU9IjIwMjMtMDEtMTlUMTA6NTY6NTYtMDU6MDAiCiAgIHhtcDpNZXRhZGF0YURhdGU9IjIwMjMtMDEtMTlUMTA6NTY6NTYtMDU6MDAiPgogICA8eG1wTU06SGlzdG9yeT4KICAgIDxyZGY6U2VxPgogICAgIDxyZGY6bGkKICAgICAgc3RFdnQ6YWN0aW9uPSJwcm9kdWNlZCIKICAgICAgc3RFdnQ6c29mdHdhcmVBZ2VudD0iQWZmaW5pdHkgUGhvdG8gMi4wLjMiCiAgICAgIHN0RXZ0OndoZW49IjIwMjMtMDEtMTlUMTA6NTY6NTYtMDU6MDAiLz4KICAgIDwvcmRmOlNlcT4KICAgPC94bXBNTTpIaXN0b3J5PgogIDwvcmRmOkRlc2NyaXB0aW9uPgogPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KPD94cGFja2V0IGVuZD0iciI/Pq+HLHgAAAGBaUNDUHNSR0IgSUVDNjE5NjYtMi4xAAAokXWRy0tCQRSHP7UwemBQixYtJKyVRg8Q27RQyoJqYQZZbfTmI/BxuVcJaRu0FQqiNr0W9RfUNmgdBEURRNtaF7UpuZ2rghF5hjnzzW/OOcycAWs4rWT0piHIZPNaKOh3LkaWnPYXLHThwIclqujq7PxkmIb2eS/RYrces1bjuH+tbTWuK2BpER5XVC0vPCU8s55XTd4R7lZS0VXhM2G3JhcUvjP1WJVfTU5W+dtkLRwKgLVT2Jn8xbFfrKS0jLC8HFcmXVBq9zFf0h7PLszL2iezF50QQfw4mWaCAF6GGRPvxcMIg7KjQf5QJX+OnOQq4lWKaKyRJEUet6gFqR6XNSF6XEaaotn/v33VE6Mj1ertfmh+Noz3frBvQ7lkGF9HhlE+BtsTXGbr+blD8H2IXqprrgNwbML5VV2L7cLFFvQ8qlEtWpFsMq2JBLydQkcEum6gdbnas9o5Jw8Q3pCvuoa9fRiQeMfKD2DYZ+PDGzxnAAAACXBIWXMAAA7EAAAOxAGVKw4bAAABZklEQVRIie2VvW7CMBDHr1UfwE5fII7lvahIWUEiQ7qxMLEwsVQMSB0YKsTExsDGxFs0QyqlYyMVld3k4wWw/QgMlqp+JXFQGZB649n3k+9/f9sX9w+PcJq4PBH3H/0zrkrWfK99jVF5/V6qIIzqod1m485rC6nK0S5GAPArvRDNHFtINZ0vviQp4Un2OTObjIs6q6G122yMhgPfaxvuN0VbGDHHBgDm2FbVAGqgLYyEVPFmCwDB84uQilHyB2i32ej3uoySvZDT+YInGaPE77QqlSkznz5vv9cFAEbJdL4QUlkYjYYDnYnf3o9HC6mewog5ttZBq7xcrf1OK95sy61ZgQaAIIx2lGgdRsPBcrXmSbYXstLyRmPkSWZh5HdaAODe3uipVlaZmk9IxdMcAHiam3DBRJCPCMJol+bfbuMxaJ7mjJLZZFxeb2Gku6mDTrJXjExeviILFqJF8WtpGOf5y5wn+gBcXI4F9z6rgwAAAABJRU5ErkJggg=="}}]); \ No newline at end of file diff --git a/assets/js/8d0344ba.ee833643.js b/assets/js/8d0344ba.ee833643.js deleted file mode 100644 index 685b99c3..00000000 --- a/assets/js/8d0344ba.ee833643.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[218],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>h});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},d=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},m="mdxType",c={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},k=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),m=p(n),k=r,h=m["".concat(s,".").concat(k)]||m[k]||c[k]||o;return n?a.createElement(h,i(i({ref:t},d),{},{components:n})):a.createElement(h,i({ref:t},d))}));function h(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=k;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l[m]="string"==typeof e?e:r,i[1]=l;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>m,frontMatter:()=>o,metadata:()=>l,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const o={sidebar_position:0},i="Getting Started with zrok",l={unversionedId:"getting-started",id:"getting-started",title:"Getting Started with zrok",description:"zrok is a next-generation sharing platform built on top of OpenZiti, a programmable zero trust network overlay. zrok is an OpenZiti Native Application.",source:"@site/../docs/getting-started.md",sourceDirName:".",slug:"/getting-started",permalink:"/docs/getting-started",draft:!1,editUrl:"https://github.com/openziti/zrok/tree/main/../docs/getting-started.md",tags:[],version:"current",sidebarPosition:0,frontMatter:{sidebar_position:0},sidebar:"tutorialSidebar",next:{title:"Guides",permalink:"/docs/category/guides"}},s={},p=[{value:"Downloading zrok",id:"downloading-zrok",level:2},{value:"Extract zrok Distribution",id:"extract-zrok-distribution",level:3},{value:"Configure Your zrok Service Instance",id:"configure-your-zrok-service-instance",level:2},{value:"Generating an Invitation",id:"generating-an-invitation",level:2},{value:"Enabling Your zrok Environment",id:"enabling-your-zrok-environment",level:2},{value:"Sharing",id:"sharing",level:2},{value:"Ephemeral by Default",id:"ephemeral-by-default",level:3},{value:"Public Shares and Frontends",id:"public-shares-and-frontends",level:3},{value:"Private Shares",id:"private-shares",level:3},{value:"Proxy Backend Mode",id:"proxy-backend-mode",level:3},{value:"Web Backend Mode",id:"web-backend-mode",level:3},{value:"Reserved Shares",id:"reserved-shares",level:3},{value:"Concepts Review",id:"concepts-review",level:2},{value:"Service Instance and Account",id:"service-instance-and-account",level:3},{value:"Environment",id:"environment",level:3},{value:"Shares",id:"shares",level:3},{value:"Reserved Shares",id:"reserved-shares-1",level:3},{value:"Self-Hosting a Service Instance",id:"self-hosting-a-service-instance",level:2}],d={toc:p};function m(e){let{components:t,...o}=e;return(0,r.kt)("wrapper",(0,a.Z)({},d,o,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"getting-started-with-zrok"},"Getting Started with zrok"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is a next-generation sharing platform built on top of ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/ziti/stargazers"},"OpenZiti"),", a programmable zero trust network overlay. ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is an ",(0,r.kt)("em",{parentName:"p"},"OpenZiti Native Application"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," facilitates sharing resources publicly and privately with an audience of your choosing."),(0,r.kt)("p",null,"As of version ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.3.0"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," provides users the ability to publicly proxy local HTTP endpoints (similar to other offerings in this space). Additionally, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," provides the ability to:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("em",{parentName:"li"},"privately")," share resources with other ",(0,r.kt)("inlineCode",{parentName:"li"},"zrok")," users; in ",(0,r.kt)("em",{parentName:"li"},"private")," usage scenarios, your private resources are not exposed to any public endpoints, and all communication is securely and privately transported between ",(0,r.kt)("inlineCode",{parentName:"li"},"zrok")," clients"),(0,r.kt)("li",{parentName:"ul"},"use ",(0,r.kt)("inlineCode",{parentName:"li"},"web")," sharing; easily share files with others using a single ",(0,r.kt)("inlineCode",{parentName:"li"},"zrok")," command")),(0,r.kt)("p",null,"Let's take a look at how to get started with ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),"."),(0,r.kt)("h2",{id:"downloading-zrok"},"Downloading zrok"),(0,r.kt)("p",null,"Releases are also available from the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," project repository on GitHub at ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/openziti/zrok/releases/latest"},"https://github.com/openziti/zrok/releases/latest")),(0,r.kt)("h3",{id:"extract-zrok-distribution"},"Extract zrok Distribution"),(0,r.kt)("p",null,"Move the downloaded ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," distribution into a directory on your system. In my case, I've placed it in my home directory:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ ls -lF zrok*\n-rwxr-xr-x 1 michael michael 12724747 Jan 17 12:57 zrok_0.3.0-rc1_linux_amd64.tar.gz*\n")),(0,r.kt)("p",null,"Create a directory where the extracted distribution will sit:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ mkdir zrok\n$ cd zrok/\n")),(0,r.kt)("p",null,"Extract the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," distribution:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ tar zxvf ../zrok_0.3.0-rc1_linux_amd64.tar.gz\nCHANGELOG.md\nREADME.md\nzrok\n")),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},"NOTE: On Windows platforms the distribution is shipped as a ",(0,r.kt)("inlineCode",{parentName:"p"},"zip")," archive. Windows Explorer includes support for extracting ",(0,r.kt)("inlineCode",{parentName:"p"},"zip")," archives natively.")),(0,r.kt)("p",null,"Add ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," to your shell's environment."),(0,r.kt)("p",null,"For Linux or macos:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ export PATH=`pwd`:$PATH\n")),(0,r.kt)("p",null,"For Windows (using Command Prompt):"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"> set PATH=%CD%;%PATH%\n")),(0,r.kt)("p",null,"For Windows (using PowerShell):"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},'$env:path += ";"+$pwd.Path\n')),(0,r.kt)("p",null,"With the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," executable in your path, you can then execute the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," command from your shell:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok version\n _ \n _____ __ ___ | | __\n|_ / '__/ _ \\| |/ /\n / /| | | (_) | < \n/___|_| \\___/|_|\\_\\\n\nv0.3.0-rc1 [0d43b55]\n")),(0,r.kt)("h2",{id:"configure-your-zrok-service-instance"},"Configure Your zrok Service Instance"),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},'Most users can safely skip this section and proceed to "Generating an Invitation" below.'),(0,r.kt)("p",{parentName:"admonition"},"This section is relevant if you want to use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," CLI with an alternate service instance (in the case of self-hosting, etc.).")),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is both an installable utility that you interact with from your local computer, and also a ",(0,r.kt)("em",{parentName:"p"},"service")," that exists on the network. NetFoundry operates the public ",(0,r.kt)("em",{parentName:"p"},"service instance")," that is available at ",(0,r.kt)("inlineCode",{parentName:"p"},"api.zrok.io"),", but because ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is open source and self-hostable, you're free to create your own ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance."),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," executable defaults to using the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance at ",(0,r.kt)("inlineCode",{parentName:"p"},"api.zrok.io"),". Should you need to change the endpoint to use a different service instance, you can do that with the following command:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok config set apiEndpoint https://zrok.mydomain.com\n[WARNING]: unable to open zrokdir metadata; ignoring\n\nzrok configuration updated\n")),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"The ",(0,r.kt)("inlineCode",{parentName:"p"},"WARNING")," about ",(0,r.kt)("inlineCode",{parentName:"p"},"zrokdir metadata")," is ignorable. Running the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok config set")," command writes a small piece of metadata into a ",(0,r.kt)("inlineCode",{parentName:"p"},".zrok")," folder inside your home directory. This allows ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," to identify the version of its settings, providing a mechanism to upgrade your installation as new versions are released. This ",(0,r.kt)("inlineCode",{parentName:"p"},"WARNING")," is letting you know that your current environment has not be initialized by ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),"."),(0,r.kt)("p",{parentName:"admonition"},"You can use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok status")," command to inspect the state of your local ",(0,r.kt)("em",{parentName:"p"},"environment"),". ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," refers to each shell where you install and ",(0,r.kt)("inlineCode",{parentName:"p"},"enable")," a copy of ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," as as an ",(0,r.kt)("em",{parentName:"p"},"environment"),".")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok status\n\nConfig:\n\n CONFIG VALUE SOURCE \n apiEndpoint https://zrok.mydomain.com config \n\n[WARNING]: Unable to load your local environment!\n\nTo create a local environment use the zrok enable command.\n")),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"The ",(0,r.kt)("inlineCode",{parentName:"p"},"WARNING")," about being ",(0,r.kt)("inlineCode",{parentName:"p"},"unable to load your local environment")," will go away once you've successfully enabled (",(0,r.kt)("inlineCode",{parentName:"p"},"zrok enable"),") for your shell (we'll get to that below). For now, this warning is ignorable.")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok status")," command shows the configured API service that your environment is using, as well as the ",(0,r.kt)("inlineCode",{parentName:"p"},"SOURCE")," where the setting was retrieved. In this case, ",(0,r.kt)("inlineCode",{parentName:"p"},"config")," means that the setting was set into the environment using the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok config")," command."),(0,r.kt)("h2",{id:"generating-an-invitation"},"Generating an Invitation"),(0,r.kt)("p",null,"In order to create an account with the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance, you will need to create an invitation. "),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"Some environments take advantage of ",(0,r.kt)("em",{parentName:"p"},"invitation tokens"),", which limit who is able to request an invitation on the service instance. If your service uses invitation tokens, the administrator of your instance will include details about how to use your token to generate your invitation.")),(0,r.kt)("p",null,"We generate an invitation with the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok invite")," command:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok invite\n\nenter and confirm your email address...\n\n> user@domain.com\n> user@domain.com\n\n[ Submit ]\n\ninvitation sent to 'user@domain.com'!\n")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok invite")," command presents a small form that allows you to enter (and then confirm) your email address. Tabbing to the ",(0,r.kt)("inlineCode",{parentName:"p"},"[ Submit ]")," button will send the request to your configured ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service."),(0,r.kt)("p",null,"Next, check the email where you sent the invite. You should receive a message asking you to click a link to create your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," account. When you click that link, you will be brought to a web page that will allow you to set a password for your new account:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Enter a Password",src:n(9744).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"Enter a password and it's confirmation, and click the ",(0,r.kt)("inlineCode",{parentName:"p"},"Register Account")," button. You'll see the following:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Successful Registration",src:n(242).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,'For now, we\'ll ignore the "enable your shell for zrok" section. Just click the ',(0,r.kt)("inlineCode",{parentName:"p"},"zrok web portal")," link:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Web Login",src:n(9509).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"After clicking the ",(0,r.kt)("inlineCode",{parentName:"p"},"Log In")," button, you'll be brought into the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," ",(0,r.kt)("em",{parentName:"p"},"web console"),":"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Web Console; Empty",src:n(2945).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"Congratulations! Your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," account is ready to go!"),(0,r.kt)("h2",{id:"enabling-your-zrok-environment"},"Enabling Your zrok Environment"),(0,r.kt)("p",null,"When your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," account was created, the service generated a ",(0,r.kt)("em",{parentName:"p"},"secret token")," that identifies and authenticates in a single step. Protect your secret token as if it were a password, or an important account number; it's a ",(0,r.kt)("em",{parentName:"p"},"secret"),", protect it."),(0,r.kt)("p",null,"When we left off you had downloaded, extracted, and configured your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," environment. In order to use that environment with your account, you'll need to ",(0,r.kt)("inlineCode",{parentName:"p"},"enable")," it. Enabling an environment generates a secure identity and the necessary underlying security policies with the OpenZiti network hosting the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service."),(0,r.kt)("p",null,"From the web console, click on your email address in the upper right corner of the header. That drop down menu contains an ",(0,r.kt)("inlineCode",{parentName:"p"},"Enable Your Environment")," link. Click that link and a modal dialog will be shown like this:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Enable Modal Dialog",src:n(9042).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"This dialog box shows you the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok enable")," command that you can use to enable any shell to work with your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," account with a single command."),(0,r.kt)("p",null,"Let's copy that command and paste it into your shell:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok enable klFEoIi0QAg7 \n\u28fb contacting the zrok service...\n")),(0,r.kt)("p",null,"After a few seconds, the message will change and indicate that the enable operation suceeded:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok enable klFEoIi0QAg7 \n\u28fb the zrok environment was successfully enabled...\n")),(0,r.kt)("p",null,"Now, if we run a ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok status")," command, you will see the details of your environment:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok status\n\nConfig:\n\n CONFIG VALUE SOURCE \n apiEndpoint https://api.zrok.io env \n\nEnvironment:\n\n PROPERTY VALUE \n Secret Token klFEoIi0QAg7 \n Ziti Identity FTpvelYD6h \n")),(0,r.kt)("p",null,"Excellent... our environment is now fully enabled."),(0,r.kt)("p",null,"If we return to the ",(0,r.kt)("em",{parentName:"p"},"web console"),", we'll now see the new environment reflected in the explorer view:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"New Environment in Web UI",src:n(5546).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"In my case, the environment is named ",(0,r.kt)("inlineCode",{parentName:"p"},"michael@ziti-lx"),", which is the username of my shell and the hostname of the system the shell is running on."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"Should you want to use a non-default name for your environment, you can pass the ",(0,r.kt)("inlineCode",{parentName:"p"},"-d")," option to the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok enable")," command. See ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok enable --help")," for details.")),(0,r.kt)("p",null,"If you click on the environment node in the explorer in the ",(0,r.kt)("em",{parentName:"p"},"web console"),", the details panel shown at the bottom of the page will change:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Empty Environment",src:n(3858).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"The explorer supports clicking, dragging, mouse wheel zooming, and selecting the nodes in the graph for more information (and available actions) for the selected node. If you ever get lost in the explorer, click the ",(0,r.kt)("img",{alt:"Zoom to Fit",src:n(3843).Z,width:"30",height:"25"})," ",(0,r.kt)("em",{parentName:"p"},"zoom to fit")," icon in the lower right corner of the explorer."),(0,r.kt)("p",null,"If we click on the ",(0,r.kt)("inlineCode",{parentName:"p"},"Detail")," tab for our environment, we'll see something like:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Environment Detail",src:n(2534).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"Your environment is fully ready to go. Now we can move on to the fun stuff..."),(0,r.kt)("h2",{id:"sharing"},"Sharing"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," is designed to make sharing resources as effortless as possible, while providing a high degree of security and control."),(0,r.kt)("h3",{id:"ephemeral-by-default"},"Ephemeral by Default"),(0,r.kt)("p",null,"Shared resources are ",(0,r.kt)("em",{parentName:"p"},"ephemeral")," by default; as soon as you terminate the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command, the entire share is removed and is no longer available to any users. Identifiers for shared resources are randomly allocated when the share is created."),(0,r.kt)("h3",{id:"public-shares-and-frontends"},"Public Shares and Frontends"),(0,r.kt)("p",null,"Resources that are shared ",(0,r.kt)("em",{parentName:"p"},"publicly")," are exposed to any users on the internet who have access to the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok"),' service instance\'s "frontend".'),(0,r.kt)("p",null,"A frontend is an HTTPS listener exposed to the internet, that lets any user with your ephemeral share token access your publicly shared resources."),(0,r.kt)("p",null,"For example, I might create a public share using the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share public")," command, which results in my ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance exposing the following URL to access my resources:"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://h0fz2ts9c84t.share.zrok.io"},"https://h0fz2ts9c84t.share.zrok.io")),(0,r.kt)("p",null,'In this case my share was given the "share token" of ',(0,r.kt)("inlineCode",{parentName:"p"},"h0fz2ts9c84t"),". That URL can be given to any user, allowing them to immediately access the shared resources directly from my local environment, all without exposing any access to my private, secure environment. The physical network location of my environment is not exposed to anonymous consumers of my resources."),(0,r.kt)("p",null,"If we return to the web console, we see our share in the explorer:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Web Console Share",src:n(6097).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"If we click on our new share in the explorer, we can see the share details:\n",(0,r.kt)("img",{alt:"Share Details",src:n(4647).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"If we click on the ",(0,r.kt)("em",{parentName:"p"},"frontend endpoint")," a new browser tab opens and we see the content of our share:\n",(0,r.kt)("img",{alt:"Share Frontend",src:n(6254).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"If we click on the environment in the explorer, we're shown all of the shares for that environment (including our new share), along with a spark line that shows the activity:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Environment Spark Line",src:n(9737).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"And as soon as I terminate the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," client, the resources are removed from the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," environment."),(0,r.kt)("p",null,"If we try to reload the frontend endpoing in our web browser, we'll see:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Not Found",src:n(5724).Z,width:"1556",height:"1229"})),(0,r.kt)("h3",{id:"private-shares"},"Private Shares"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," also provides a powerful ",(0,r.kt)("em",{parentName:"p"},"private")," sharing model. If I execute the following command:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok share private http://localhost:8080\n")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service will respond with the following:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"access your share with: zrok access private wvszln4dyz9q\n")),(0,r.kt)("p",null,"Rather than allowing access to your service through a public frontend, a ",(0,r.kt)("em",{parentName:"p"},"private")," share is only exposed to the underlying OpenZiti network, and can only be accessed using the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok access")," command."),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok access private wvszln4dyz9q")," command can be run by any ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," user, allowing them to create and bind a local HTTP listener, that allows for private access to your shared resources."),(0,r.kt)("h3",{id:"proxy-backend-mode"},"Proxy Backend Mode"),(0,r.kt)("p",null,"Without specifying a ",(0,r.kt)("em",{parentName:"p"},"backend mode"),", the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command will assume that you're trying to share a ",(0,r.kt)("inlineCode",{parentName:"p"},"proxy")," resource. A ",(0,r.kt)("inlineCode",{parentName:"p"},"proxy")," resource is usually some private HTTP/HTTPS endpoint (like a development server, or a private application) running in your local environment. Usually such an endpoint would have no inbound connectivity except for however it is reachable from your local environment. It might be running on ",(0,r.kt)("inlineCode",{parentName:"p"},"localhost"),", or only listening on a private LAN segment behind a firewall. "),(0,r.kt)("p",null,"For these services a ",(0,r.kt)("inlineCode",{parentName:"p"},"proxy")," share will allow those endpoints to be reached, either ",(0,r.kt)("em",{parentName:"p"},"publicly")," or ",(0,r.kt)("em",{parentName:"p"},"privately")," through the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service."),(0,r.kt)("h3",{id:"web-backend-mode"},"Web Backend Mode"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command accepts a ",(0,r.kt)("inlineCode",{parentName:"p"},"--backend-mode")," option. Besides ",(0,r.kt)("inlineCode",{parentName:"p"},"proxy"),", the current ",(0,r.kt)("inlineCode",{parentName:"p"},"v0.3")," release (as of this writing) also supports a ",(0,r.kt)("inlineCode",{parentName:"p"},"web")," mode. The ",(0,r.kt)("inlineCode",{parentName:"p"},"web")," mode allows you to specify a local folder on your filesystem, and instantly turns your ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," client into a web server, exposing your web content either ",(0,r.kt)("em",{parentName:"p"},"publicly")," or ",(0,r.kt)("em",{parentName:"p"},"privately")," without having to a configure a web server."),(0,r.kt)("h3",{id:"reserved-shares"},"Reserved Shares"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," shares are ",(0,r.kt)("em",{parentName:"p"},"ephemeral"),' unless you specifically create a "reserved" share.'),(0,r.kt)("p",null,"A reserved share can be re-used multiple times; it will survive termination of the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command, allowing for longer-lasting semi-permanent access to shared resources."),(0,r.kt)("p",null,"The first step is to create the reserved share:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok reserve public --backend-mode web v0.3_getting_started\n[ 0.275] INFO main.(*reserveCommand).run: your reserved share token is 'mltwsinym1s2'\n[ 0.275] INFO main.(*reserveCommand).run: reserved frontend endpoint: https://mltwsinym1s2.share.zrok.io\n")),(0,r.kt)("p",null,"I'm asking the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service to reserve a share with a ",(0,r.kt)("inlineCode",{parentName:"p"},"web")," backend mode, pointing at my local ",(0,r.kt)("inlineCode",{parentName:"p"},"docs")," folder."),(0,r.kt)("p",null,"You'll want to remember the share token (",(0,r.kt)("inlineCode",{parentName:"p"},"mltwsinym1s2")," in this case), and the frontend endpoint URL. If this were a ",(0,r.kt)("em",{parentName:"p"},"private")," reserved share, there would not be a frontend URL."),(0,r.kt)("p",null,"If we do nothing else, and then point a web browser at the frontend endpoint, we get:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"Not Found",src:n(7369).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"This is the ",(0,r.kt)("inlineCode",{parentName:"p"},"404")," error message returned by the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," frontend. We're getting this because we haven't yet started up a ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," for the service. Let's do that:"),(0,r.kt)("p",null,"This command:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok share reserved mltwsinym1s2\n")),(0,r.kt)("p",null,"...results in a new share backend starting up and connecting to the existing reserved share:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"zrok share reserved",src:n(1577).Z,width:"951",height:"706"})),(0,r.kt)("p",null,"And now if we refresh the frontend endpoint URL in the web browser, we'll see an index of the ",(0,r.kt)("inlineCode",{parentName:"p"},"docs")," directory:"),(0,r.kt)("p",null,(0,r.kt)("img",{alt:"zrok docs share",src:n(6377).Z,width:"1556",height:"1229"})),(0,r.kt)("p",null,"With the reserved share, we're free to stop and restart the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share reserved")," command as many times as we want, without losing the token for our share."),(0,r.kt)("p",null,"When we're done with the reserved share, we can ",(0,r.kt)("em",{parentName:"p"},"release")," it using this command:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"$ zrok release mltwsinym1s2\n[ 0.230] INFO main.(*releaseCommand).run: reserved share 'mltwsinym1s2' released\n")),(0,r.kt)("h2",{id:"concepts-review"},"Concepts Review"),(0,r.kt)("p",null,"In summary, ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," lets you easily and securely share resources with both general internet users (through ",(0,r.kt)("em",{parentName:"p"},"public")," sharing) and also with other ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," users (through ",(0,r.kt)("em",{parentName:"p"},"private")," sharing)."),(0,r.kt)("p",null,"Here's a quick review of the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," mental model and the vocabulary."),(0,r.kt)("h3",{id:"service-instance-and-account"},"Service Instance and Account"),(0,r.kt)("p",null,"You create an ",(0,r.kt)("em",{parentName:"p"},"account")," with a ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," ",(0,r.kt)("em",{parentName:"p"},"service instance"),". Your account is identified by a username and a password, which you use to log into the ",(0,r.kt)("em",{parentName:"p"},"web console"),". Your account also has a ",(0,r.kt)("em",{parentName:"p"},"secret token"),", which you will use to authenticate from the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," command-line to interact with the ",(0,r.kt)("em",{parentName:"p"},"service instance"),"."),(0,r.kt)("p",null,"You create a new ",(0,r.kt)("em",{parentName:"p"},"account")," with a ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," ",(0,r.kt)("em",{parentName:"p"},"service instance")," through the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok invite")," command."),(0,r.kt)("h3",{id:"environment"},"Environment"),(0,r.kt)("p",null,"Using your ",(0,r.kt)("em",{parentName:"p"},"secret token")," you use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," command-line interface to create an ",(0,r.kt)("em",{parentName:"p"},"environment"),". An ",(0,r.kt)("em",{parentName:"p"},"environment")," corresponds to a single command-line user on a specific ",(0,r.kt)("em",{parentName:"p"},"host system"),". "),(0,r.kt)("p",null,"You create a new ",(0,r.kt)("em",{parentName:"p"},"environment")," by using the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok enable")," command."),(0,r.kt)("h3",{id:"shares"},"Shares"),(0,r.kt)("p",null,"Once you've enabled an ",(0,r.kt)("em",{parentName:"p"},"environment"),", you then create one or more ",(0,r.kt)("em",{parentName:"p"},"shares"),". Shares have either a ",(0,r.kt)("em",{parentName:"p"},"public")," or ",(0,r.kt)("em",{parentName:"p"},"private")," ",(0,r.kt)("em",{parentName:"p"},"sharing mode"),". ",(0,r.kt)("em",{parentName:"p"},"Shares")," share a specific type of resource using a ",(0,r.kt)("em",{parentName:"p"},"backend mode"),". As of this writing ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," supports a ",(0,r.kt)("inlineCode",{parentName:"p"},"proxy")," ",(0,r.kt)("em",{parentName:"p"},"backend mode")," to share local HTTP resources as a ",(0,r.kt)("em",{parentName:"p"},"reverse proxy"),". ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," also supports a ",(0,r.kt)("inlineCode",{parentName:"p"},"web")," ",(0,r.kt)("em",{parentName:"p"},"backend mode")," to share local file and HTML resources by enabling a basic HTTP server."),(0,r.kt)("p",null,"Every ",(0,r.kt)("em",{parentName:"p"},"share")," is identified by a ",(0,r.kt)("em",{parentName:"p"},"share token"),". ",(0,r.kt)("em",{parentName:"p"},"Public shares")," can be accessed through either a ",(0,r.kt)("em",{parentName:"p"},"frontend")," instance offered through the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," ",(0,r.kt)("em",{parentName:"p"},"service instance"),", or through the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok access")," command. ",(0,r.kt)("em",{parentName:"p"},"Private shares")," can only be accessed through the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok access")," command."),(0,r.kt)("p",null,"You use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command to create and enable ",(0,r.kt)("em",{parentName:"p"},"ephemeral shares"),"."),(0,r.kt)("h3",{id:"reserved-shares-1"},"Reserved Shares"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," supports creating ",(0,r.kt)("em",{parentName:"p"},"shares")," that have a consistent ",(0,r.kt)("em",{parentName:"p"},"share token")," that survives restarts of the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok share")," command. These are considered ",(0,r.kt)("em",{parentName:"p"},"non-ephemeral"),", and is callled a ",(0,r.kt)("em",{parentName:"p"},"reserved share"),"."),(0,r.kt)("p",null,"You use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok reserve")," command to create ",(0,r.kt)("em",{parentName:"p"},"reserved shares"),". Reserved shares last until you use the ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok release")," command to delete them."),(0,r.kt)("h2",{id:"self-hosting-a-service-instance"},"Self-Hosting a Service Instance"),(0,r.kt)("p",null,"Interested in self-hosting your own ",(0,r.kt)("inlineCode",{parentName:"p"},"zrok")," service instance? See the ",(0,r.kt)("a",{parentName:"p",href:"/docs/guides/v0.3_self_hosting_guide"},"self-hosting guide")," for details."))}m.isMDXComponent=!0},6377:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_docs_share-1c87532d471ab25aaa1590d6215a1427.png"},9042:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_enable_modal-c62345bd12e17ec9dac2df2f46fc05e8.png"},5724:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_not_found-fa3415937c341eb10e1eb98c9b063583.png"},242:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_registration_success-3f3689bf6d7e28d4f4ec8081e94cd835.png"},7369:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_reserved_not_found-2519707e5cc3e635b7a6feb381c1d040.png"},1577:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_share_reserved-6bce67775ce2c41abb0ef13ee1fad972.png"},9744:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_verify-9c83189dde04c6fbab19b62ace653319.png"},2945:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_console_empty-863f7acf00cc43148999a937deb19830.png"},9737:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_console_environment_spark-eeea921884089d320f4b9b2ba2038a1d.png"},6097:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_console_explorer_share-7e6430b99ed60358da14491a97f153ae.png"},4647:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_console_share_detail-9c3f99ededaba7d1225cacd5ec81a06d.png"},6254:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_console_share_frontend-d36b169cea46f834e74af4aa456d0b89.png"},9509:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_login-2d339ab0b7c1e0aad4710d928b511cb0.png"},2534:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_ui_empty_environment_detail-1a3a35ddab829e3a9b951ef57cecde45.png"},3858:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_ui_empty_shares-a2ecccae2bbb1c006ea2a0ba1e85e335.png"},5546:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/zrok_web_ui_new_environment-a2745e4475025446ae38e5bd7708a9bf.png"},3843:(e,t,n)=>{n.d(t,{Z:()=>a});const a="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAZCAIAAACpVwlNAAAEr2lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS41LjAiPgogPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iCiAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyIKICAgIHhtbG5zOnBob3Rvc2hvcD0iaHR0cDovL25zLmFkb2JlLmNvbS9waG90b3Nob3AvMS4wLyIKICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIgogICAgeG1sbnM6c3RFdnQ9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZUV2ZW50IyIKICAgdGlmZjpJbWFnZUxlbmd0aD0iMjUiCiAgIHRpZmY6SW1hZ2VXaWR0aD0iMzAiCiAgIHRpZmY6UmVzb2x1dGlvblVuaXQ9IjIiCiAgIHRpZmY6WFJlc29sdXRpb249Ijk2LzEiCiAgIHRpZmY6WVJlc29sdXRpb249Ijk2LzEiCiAgIGV4aWY6UGl4ZWxYRGltZW5zaW9uPSIzMCIKICAgZXhpZjpQaXhlbFlEaW1lbnNpb249IjI1IgogICBleGlmOkNvbG9yU3BhY2U9IjEiCiAgIHBob3Rvc2hvcDpDb2xvck1vZGU9IjMiCiAgIHBob3Rvc2hvcDpJQ0NQcm9maWxlPSJzUkdCIElFQzYxOTY2LTIuMSIKICAgeG1wOk1vZGlmeURhdGU9IjIwMjMtMDEtMTlUMTA6NTY6NTYtMDU6MDAiCiAgIHhtcDpNZXRhZGF0YURhdGU9IjIwMjMtMDEtMTlUMTA6NTY6NTYtMDU6MDAiPgogICA8eG1wTU06SGlzdG9yeT4KICAgIDxyZGY6U2VxPgogICAgIDxyZGY6bGkKICAgICAgc3RFdnQ6YWN0aW9uPSJwcm9kdWNlZCIKICAgICAgc3RFdnQ6c29mdHdhcmVBZ2VudD0iQWZmaW5pdHkgUGhvdG8gMi4wLjMiCiAgICAgIHN0RXZ0OndoZW49IjIwMjMtMDEtMTlUMTA6NTY6NTYtMDU6MDAiLz4KICAgIDwvcmRmOlNlcT4KICAgPC94bXBNTTpIaXN0b3J5PgogIDwvcmRmOkRlc2NyaXB0aW9uPgogPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KPD94cGFja2V0IGVuZD0iciI/Pq+HLHgAAAGBaUNDUHNSR0IgSUVDNjE5NjYtMi4xAAAokXWRy0tCQRSHP7UwemBQixYtJKyVRg8Q27RQyoJqYQZZbfTmI/BxuVcJaRu0FQqiNr0W9RfUNmgdBEURRNtaF7UpuZ2rghF5hjnzzW/OOcycAWs4rWT0piHIZPNaKOh3LkaWnPYXLHThwIclqujq7PxkmIb2eS/RYrces1bjuH+tbTWuK2BpER5XVC0vPCU8s55XTd4R7lZS0VXhM2G3JhcUvjP1WJVfTU5W+dtkLRwKgLVT2Jn8xbFfrKS0jLC8HFcmXVBq9zFf0h7PLszL2iezF50QQfw4mWaCAF6GGRPvxcMIg7KjQf5QJX+OnOQq4lWKaKyRJEUet6gFqR6XNSF6XEaaotn/v33VE6Mj1ertfmh+Noz3frBvQ7lkGF9HhlE+BtsTXGbr+blD8H2IXqprrgNwbML5VV2L7cLFFvQ8qlEtWpFsMq2JBLydQkcEum6gdbnas9o5Jw8Q3pCvuoa9fRiQeMfKD2DYZ+PDGzxnAAAACXBIWXMAAA7EAAAOxAGVKw4bAAABZklEQVRIie2VvW7CMBDHr1UfwE5fII7lvahIWUEiQ7qxMLEwsVQMSB0YKsTExsDGxFs0QyqlYyMVld3k4wWw/QgMlqp+JXFQGZB649n3k+9/f9sX9w+PcJq4PBH3H/0zrkrWfK99jVF5/V6qIIzqod1m485rC6nK0S5GAPArvRDNHFtINZ0vviQp4Un2OTObjIs6q6G122yMhgPfaxvuN0VbGDHHBgDm2FbVAGqgLYyEVPFmCwDB84uQilHyB2i32ej3uoySvZDT+YInGaPE77QqlSkznz5vv9cFAEbJdL4QUlkYjYYDnYnf3o9HC6mewog5ttZBq7xcrf1OK95sy61ZgQaAIIx2lGgdRsPBcrXmSbYXstLyRmPkSWZh5HdaAODe3uipVlaZmk9IxdMcAHiam3DBRJCPCMJol+bfbuMxaJ7mjJLZZFxeb2Gku6mDTrJXjExeviILFqJF8WtpGOf5y5wn+gBcXI4F9z6rgwAAAABJRU5ErkJggg=="}}]); \ No newline at end of file diff --git a/assets/js/b2f554cd.cfc94408.js b/assets/js/b2f554cd.26969ac1.js similarity index 99% rename from assets/js/b2f554cd.cfc94408.js rename to assets/js/b2f554cd.26969ac1.js index a4fb3c52..a70bd8e5 100644 --- a/assets/js/b2f554cd.cfc94408.js +++ b/assets/js/b2f554cd.26969ac1.js @@ -1 +1 @@ -"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[477],{10:e=>{e.exports=JSON.parse('{"blogPosts":[{"id":"/introducing_zrok","metadata":{"permalink":"/blog/introducing_zrok","source":"@site/blog/introducing_zrok.md","title":"Introducing zrok","description":"I\'m fortunate that I\'ve had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the \\"edge\\" layers. It\'s been quite exciting to watch OpenZiti blossom and grow over the years.","date":"2023-01-30T20:07:48.000Z","formattedDate":"January 30, 2023","tags":[],"readingTime":4.595,"hasTruncateMarker":false,"authors":[],"frontMatter":{}},"content":"I\'m fortunate that I\'ve had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the [OpenZiti](https://github.com/openziti/ziti) project back in 2017. Most of my work on OpenZiti centered on the [fabric](https://github.com/openziti/fabric), data and control plane design, and designing abstractions that would support a lot of what became the \\"edge\\" layers. It\'s been quite exciting to watch OpenZiti blossom and grow over the years. \\n\\nFor the last six months, I\'ve had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I\'m working from the perspective of usability and enabling an amazing end-user experience. I\'m excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent.\\n\\nThis new project is called... `zrok`.\\n\\n`zrok` focuses on streamlining sharing for both developers and end users alike. `zrok` takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, `zrok` adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti.\\n\\nHere are some of the things that make `zrok` different...\\n\\n## Private Sharing\\n\\nMost of the offerings in this space allow you to easily create \\"tunnels\\" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you\'ve got a public URL that you can share to allow access to your endpoint.\\n\\n`zrok` expands on this model by supporting something that we\'re calling \\"private sharing\\". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You\'re still sharing with a single command, but your resources are only available to other `zrok` users through the zero-trust overlay network.\\n\\nIn this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. `zrok` handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect.\\n\\nAnd if you want public sharing, `zrok` has that also. Our private sharing modes are an additional capability that `zrok` adds to the recipe. `zrok` supports fleets of \\"public frontends\\" that can be geographically deployed wherever your internet users need them.\\n\\n## Files; Repositories; Video... Decentralized\\n\\nMost of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It\'s considered table stakes for these tools to do this in a _frictionless_ way.\\n\\n`zrok` also provides a frictionless experience for sharing these kinds of network resources. However, we\'re taking it a step further... `zrok` will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven\'t even thought of yet.\\n\\nCombine this kind of resource sharing with our private peer-to-peer capabilities, and you\'ve got the recipe for very powerful decentralized services. Imagine using `zrok` as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms.\\n\\nWe\'re still just getting started on building out these aspects of `zrok`. `zrok` already provides built-in single-command file sharing. You can [get started](https://github.com/openziti/zrok/blob/main/docs/v0.3_getting_started/getting_started.md) using these powerful tools today!\\n\\n## Production zrok\\n\\n[NetFoundry](https://netfoundry.io) is offering [zrok.io](https://zrok.io), a managed `zrok` service instance you can use to try out `zrok` and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit [zrok.io](https://zrok.io) for details about requesting an invite.\\n\\nOnce `zrok` and `zrok.io` are out of beta, we\'ll be opening this service up to the public.\\n\\n`zrok.io` runs on top of the open-source version of `zrok`. We\'re building on top of the same open-source codebase that\'s [available](https://github.com/openziti/zrok) today.\\n\\n## Open-Source; Self-Host\\n\\n`zrok` is committed to being open-source. You\'ve got everything you need to host your own `zrok` instance on top of your own private OpenZiti network. We\'ve even streamlined this process, and we\'re including a simple [guide](https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md) to getting this running in minutes, including the OpenZiti portions.\\n\\nYou can [access](https://github.com/openziti/zrok) the open-source version of `zrok` today.\\n\\n## A Start\\n\\nI\'m really excited about sharing `zrok` with you. As of this writing, we\'re at `v0.3.0`, and there is still a ton of work to do to get `zrok` to where I know it can go. `zrok` is open-source, and we\'re going to be developing it in public, just like the rest of the OpenZiti products (check out the [OpenZiti GitHub](https://github.com/openziti)).\\n\\nStarting with `v0.4`, I\'m planning on producing a set of regularly-released \\"development notebooks\\", documenting the development process and giving you a look at the work we\'re doing with `zrok`. I\'m also planning on producing a set of videos that work through some of what\'s involved in building your own tiny version of `zrok` on top of OpenZiti; these will be a great introduction to building a _Ziti Native Application_ from the ground up. These videos will also be a comprehensive look at how `zrok` works.\\n\\nWe\'d love your participation in the `zrok` project! You can find us on GitHub at [https://github.com/openziti/zrok](https://github.com/openziti/zrok)."}]}')}}]); \ No newline at end of file +"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[477],{10:e=>{e.exports=JSON.parse('{"blogPosts":[{"id":"/introducing_zrok","metadata":{"permalink":"/blog/introducing_zrok","source":"@site/blog/introducing_zrok.md","title":"Introducing zrok","description":"I\'m fortunate that I\'ve had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the \\"edge\\" layers. It\'s been quite exciting to watch OpenZiti blossom and grow over the years.","date":"2023-01-30T20:11:30.000Z","formattedDate":"January 30, 2023","tags":[],"readingTime":4.595,"hasTruncateMarker":false,"authors":[],"frontMatter":{}},"content":"I\'m fortunate that I\'ve had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the [OpenZiti](https://github.com/openziti/ziti) project back in 2017. Most of my work on OpenZiti centered on the [fabric](https://github.com/openziti/fabric), data and control plane design, and designing abstractions that would support a lot of what became the \\"edge\\" layers. It\'s been quite exciting to watch OpenZiti blossom and grow over the years. \\n\\nFor the last six months, I\'ve had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I\'m working from the perspective of usability and enabling an amazing end-user experience. I\'m excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent.\\n\\nThis new project is called... `zrok`.\\n\\n`zrok` focuses on streamlining sharing for both developers and end users alike. `zrok` takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, `zrok` adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti.\\n\\nHere are some of the things that make `zrok` different...\\n\\n## Private Sharing\\n\\nMost of the offerings in this space allow you to easily create \\"tunnels\\" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you\'ve got a public URL that you can share to allow access to your endpoint.\\n\\n`zrok` expands on this model by supporting something that we\'re calling \\"private sharing\\". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You\'re still sharing with a single command, but your resources are only available to other `zrok` users through the zero-trust overlay network.\\n\\nIn this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. `zrok` handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect.\\n\\nAnd if you want public sharing, `zrok` has that also. Our private sharing modes are an additional capability that `zrok` adds to the recipe. `zrok` supports fleets of \\"public frontends\\" that can be geographically deployed wherever your internet users need them.\\n\\n## Files; Repositories; Video... Decentralized\\n\\nMost of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It\'s considered table stakes for these tools to do this in a _frictionless_ way.\\n\\n`zrok` also provides a frictionless experience for sharing these kinds of network resources. However, we\'re taking it a step further... `zrok` will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven\'t even thought of yet.\\n\\nCombine this kind of resource sharing with our private peer-to-peer capabilities, and you\'ve got the recipe for very powerful decentralized services. Imagine using `zrok` as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms.\\n\\nWe\'re still just getting started on building out these aspects of `zrok`. `zrok` already provides built-in single-command file sharing. You can [get started](https://github.com/openziti/zrok/blob/main/docs/v0.3_getting_started/getting_started.md) using these powerful tools today!\\n\\n## Production zrok\\n\\n[NetFoundry](https://netfoundry.io) is offering [zrok.io](https://zrok.io), a managed `zrok` service instance you can use to try out `zrok` and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit [zrok.io](https://zrok.io) for details about requesting an invite.\\n\\nOnce `zrok` and `zrok.io` are out of beta, we\'ll be opening this service up to the public.\\n\\n`zrok.io` runs on top of the open-source version of `zrok`. We\'re building on top of the same open-source codebase that\'s [available](https://github.com/openziti/zrok) today.\\n\\n## Open-Source; Self-Host\\n\\n`zrok` is committed to being open-source. You\'ve got everything you need to host your own `zrok` instance on top of your own private OpenZiti network. We\'ve even streamlined this process, and we\'re including a simple [guide](https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md) to getting this running in minutes, including the OpenZiti portions.\\n\\nYou can [access](https://github.com/openziti/zrok) the open-source version of `zrok` today.\\n\\n## A Start\\n\\nI\'m really excited about sharing `zrok` with you. As of this writing, we\'re at `v0.3.0`, and there is still a ton of work to do to get `zrok` to where I know it can go. `zrok` is open-source, and we\'re going to be developing it in public, just like the rest of the OpenZiti products (check out the [OpenZiti GitHub](https://github.com/openziti)).\\n\\nStarting with `v0.4`, I\'m planning on producing a set of regularly-released \\"development notebooks\\", documenting the development process and giving you a look at the work we\'re doing with `zrok`. I\'m also planning on producing a set of videos that work through some of what\'s involved in building your own tiny version of `zrok` on top of OpenZiti; these will be a great introduction to building a _Ziti Native Application_ from the ground up. These videos will also be a comprehensive look at how `zrok` works.\\n\\nWe\'d love your participation in the `zrok` project! You can find us on GitHub at [https://github.com/openziti/zrok](https://github.com/openziti/zrok)."}]}')}}]); \ No newline at end of file diff --git a/assets/js/runtime~main.4957642e.js b/assets/js/runtime~main.17220c5f.js similarity index 82% rename from assets/js/runtime~main.4957642e.js rename to assets/js/runtime~main.17220c5f.js index 41767445..084a7014 100644 --- a/assets/js/runtime~main.4957642e.js +++ b/assets/js/runtime~main.17220c5f.js @@ -1 +1 @@ -(()=>{"use strict";var e,t,r,a,o,n={},d={};function f(e){var t=d[e];if(void 0!==t)return t.exports;var r=d[e]={id:e,loaded:!1,exports:{}};return n[e].call(r.exports,r,r.exports,f),r.loaded=!0,r.exports}f.m=n,f.c=d,e=[],f.O=(t,r,a,o)=>{if(!r){var n=1/0;for(b=0;b=o)&&Object.keys(f.O).every((e=>f.O[e](r[i])))?r.splice(i--,1):(d=!1,o0&&e[b-1][2]>o;b--)e[b]=e[b-1];e[b]=[r,a,o]},f.n=e=>{var t=e&&e.__esModule?()=>e.default:()=>e;return f.d(t,{a:t}),t},r=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,f.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var o=Object.create(null);f.r(o);var n={};t=t||[null,r({}),r([]),r(r)];for(var d=2&a&&e;"object"==typeof d&&!~t.indexOf(d);d=r(d))Object.getOwnPropertyNames(d).forEach((t=>n[t]=()=>e[t]));return n.default=()=>e,f.d(o,n),o},f.d=(e,t)=>{for(var r in t)f.o(t,r)&&!f.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},f.f={},f.e=e=>Promise.all(Object.keys(f.f).reduce(((t,r)=>(f.f[r](e,t),t)),[])),f.u=e=>"assets/js/"+({53:"935f2afb",55:"613b9d03",60:"0774a47f",89:"a6aa9e1f",103:"ccc49370",161:"04b79425",195:"c4f5d8e4",212:"8ae7f3b1",218:"8d0344ba",451:"af60b64a",474:"3953c40d",477:"b2f554cd",514:"1be78505",533:"b2b675dd",535:"814f3328",543:"05a04aa0",608:"9e4087bc",711:"9a9d4214",759:"6dca1809",817:"14eb3368",918:"17896441"}[e]||e)+"."+{4:"ad6148c8",53:"a94a4db4",55:"70520b78",60:"e3fc285d",89:"fbce15d2",103:"7060b92b",161:"5ec6e66b",195:"6798201d",212:"e5110459",218:"ee833643",451:"ebf6bd06",474:"4a8fa8a7",477:"cfc94408",514:"3c788369",533:"962454e8",535:"e5f343b0",543:"14e60244",608:"cb7c0455",639:"fc858d1d",711:"1eaae2f3",759:"b1dedb29",817:"83e9c257",918:"d88a4a03",972:"a74fd964"}[e]+".js",f.miniCssF=e=>{},f.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),f.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),a={},o="website:",f.l=(e,t,r,n)=>{if(a[e])a[e].push(t);else{var d,i;if(void 0!==r)for(var c=document.getElementsByTagName("script"),b=0;b{d.onerror=d.onload=null,clearTimeout(s);var o=a[e];if(delete a[e],d.parentNode&&d.parentNode.removeChild(d),o&&o.forEach((e=>e(r))),t)return t(r)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:d}),12e4);d.onerror=l.bind(null,d.onerror),d.onload=l.bind(null,d.onload),i&&document.head.appendChild(d)}},f.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},f.p="/",f.gca=function(e){return e={17896441:"918","935f2afb":"53","613b9d03":"55","0774a47f":"60",a6aa9e1f:"89",ccc49370:"103","04b79425":"161",c4f5d8e4:"195","8ae7f3b1":"212","8d0344ba":"218",af60b64a:"451","3953c40d":"474",b2f554cd:"477","1be78505":"514",b2b675dd:"533","814f3328":"535","05a04aa0":"543","9e4087bc":"608","9a9d4214":"711","6dca1809":"759","14eb3368":"817"}[e]||e,f.p+f.u(e)},(()=>{var e={303:0,532:0};f.f.j=(t,r)=>{var a=f.o(e,t)?e[t]:void 0;if(0!==a)if(a)r.push(a[2]);else if(/^(303|532)$/.test(t))e[t]=0;else{var o=new Promise(((r,o)=>a=e[t]=[r,o]));r.push(a[2]=o);var n=f.p+f.u(t),d=new Error;f.l(n,(r=>{if(f.o(e,t)&&(0!==(a=e[t])&&(e[t]=void 0),a)){var o=r&&("load"===r.type?"missing":r.type),n=r&&r.target&&r.target.src;d.message="Loading chunk "+t+" failed.\n("+o+": "+n+")",d.name="ChunkLoadError",d.type=o,d.request=n,a[1](d)}}),"chunk-"+t,t)}},f.O.j=t=>0===e[t];var t=(t,r)=>{var a,o,n=r[0],d=r[1],i=r[2],c=0;if(n.some((t=>0!==e[t]))){for(a in d)f.o(d,a)&&(f.m[a]=d[a]);if(i)var b=i(f)}for(t&&t(r);c{"use strict";var e,t,r,a,o,n={},d={};function f(e){var t=d[e];if(void 0!==t)return t.exports;var r=d[e]={id:e,loaded:!1,exports:{}};return n[e].call(r.exports,r,r.exports,f),r.loaded=!0,r.exports}f.m=n,f.c=d,e=[],f.O=(t,r,a,o)=>{if(!r){var n=1/0;for(b=0;b=o)&&Object.keys(f.O).every((e=>f.O[e](r[c])))?r.splice(c--,1):(d=!1,o0&&e[b-1][2]>o;b--)e[b]=e[b-1];e[b]=[r,a,o]},f.n=e=>{var t=e&&e.__esModule?()=>e.default:()=>e;return f.d(t,{a:t}),t},r=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,f.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var o=Object.create(null);f.r(o);var n={};t=t||[null,r({}),r([]),r(r)];for(var d=2&a&&e;"object"==typeof d&&!~t.indexOf(d);d=r(d))Object.getOwnPropertyNames(d).forEach((t=>n[t]=()=>e[t]));return n.default=()=>e,f.d(o,n),o},f.d=(e,t)=>{for(var r in t)f.o(t,r)&&!f.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},f.f={},f.e=e=>Promise.all(Object.keys(f.f).reduce(((t,r)=>(f.f[r](e,t),t)),[])),f.u=e=>"assets/js/"+({53:"935f2afb",55:"613b9d03",60:"0774a47f",89:"a6aa9e1f",103:"ccc49370",161:"04b79425",195:"c4f5d8e4",212:"8ae7f3b1",218:"8d0344ba",451:"af60b64a",474:"3953c40d",477:"b2f554cd",514:"1be78505",533:"b2b675dd",535:"814f3328",543:"05a04aa0",608:"9e4087bc",711:"9a9d4214",759:"6dca1809",817:"14eb3368",918:"17896441"}[e]||e)+"."+{4:"ad6148c8",53:"a94a4db4",55:"70520b78",60:"e3fc285d",89:"fbce15d2",103:"7060b92b",161:"5ec6e66b",195:"6798201d",212:"e5110459",218:"19c037c2",451:"ebf6bd06",474:"f9f388b4",477:"26969ac1",514:"3c788369",533:"962454e8",535:"e5f343b0",543:"1067f8a2",608:"cb7c0455",639:"fc858d1d",711:"1eaae2f3",759:"b1dedb29",817:"83e9c257",918:"d88a4a03",972:"a74fd964"}[e]+".js",f.miniCssF=e=>{},f.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),f.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),a={},o="website:",f.l=(e,t,r,n)=>{if(a[e])a[e].push(t);else{var d,c;if(void 0!==r)for(var i=document.getElementsByTagName("script"),b=0;b{d.onerror=d.onload=null,clearTimeout(s);var o=a[e];if(delete a[e],d.parentNode&&d.parentNode.removeChild(d),o&&o.forEach((e=>e(r))),t)return t(r)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:d}),12e4);d.onerror=l.bind(null,d.onerror),d.onload=l.bind(null,d.onload),c&&document.head.appendChild(d)}},f.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},f.p="/",f.gca=function(e){return e={17896441:"918","935f2afb":"53","613b9d03":"55","0774a47f":"60",a6aa9e1f:"89",ccc49370:"103","04b79425":"161",c4f5d8e4:"195","8ae7f3b1":"212","8d0344ba":"218",af60b64a:"451","3953c40d":"474",b2f554cd:"477","1be78505":"514",b2b675dd:"533","814f3328":"535","05a04aa0":"543","9e4087bc":"608","9a9d4214":"711","6dca1809":"759","14eb3368":"817"}[e]||e,f.p+f.u(e)},(()=>{var e={303:0,532:0};f.f.j=(t,r)=>{var a=f.o(e,t)?e[t]:void 0;if(0!==a)if(a)r.push(a[2]);else if(/^(303|532)$/.test(t))e[t]=0;else{var o=new Promise(((r,o)=>a=e[t]=[r,o]));r.push(a[2]=o);var n=f.p+f.u(t),d=new Error;f.l(n,(r=>{if(f.o(e,t)&&(0!==(a=e[t])&&(e[t]=void 0),a)){var o=r&&("load"===r.type?"missing":r.type),n=r&&r.target&&r.target.src;d.message="Loading chunk "+t+" failed.\n("+o+": "+n+")",d.name="ChunkLoadError",d.type=o,d.request=n,a[1](d)}}),"chunk-"+t,t)}},f.O.j=t=>0===e[t];var t=(t,r)=>{var a,o,n=r[0],d=r[1],c=r[2],i=0;if(n.some((t=>0!==e[t]))){for(a in d)f.o(d,a)&&(f.m[a]=d[a]);if(c)var b=c(f)}for(t&&t(r);i Archive | Zrok - +
- + \ No newline at end of file diff --git a/blog/atom.xml b/blog/atom.xml index 71e95ede..ab83d97c 100644 --- a/blog/atom.xml +++ b/blog/atom.xml @@ -2,7 +2,7 @@ https://zrok.io/blog Zrok Blog - 2023-01-30T20:07:48.000Z + 2023-01-30T20:11:30.000Z https://github.com/jpmonette/feed Zrok Blog @@ -11,7 +11,7 @@ <![CDATA[Introducing zrok]]> /introducing_zrok - 2023-01-30T20:07:48.000Z + 2023-01-30T20:11:30.000Z I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.

For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent.

This new project is called... zrok.

zrok focuses on streamlining sharing for both developers and end users alike. zrok takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, zrok adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti.

Here are some of the things that make zrok different...

Private Sharing

Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you've got a public URL that you can share to allow access to your endpoint.

zrok expands on this model by supporting something that we're calling "private sharing". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other zrok users through the zero-trust overlay network.

In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. zrok handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect.

And if you want public sharing, zrok has that also. Our private sharing modes are an additional capability that zrok adds to the recipe. zrok supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.

Files; Repositories; Video... Decentralized

Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a frictionless way.

zrok also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... zrok will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet.

Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using zrok as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms.

We're still just getting started on building out these aspects of zrok. zrok already provides built-in single-command file sharing. You can get started using these powerful tools today!

Production zrok

NetFoundry is offering zrok.io, a managed zrok service instance you can use to try out zrok and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit zrok.io for details about requesting an invite.

Once zrok and zrok.io are out of beta, we'll be opening this service up to the public.

zrok.io runs on top of the open-source version of zrok. We're building on top of the same open-source codebase that's available today.

Open-Source; Self-Host

zrok is committed to being open-source. You've got everything you need to host your own zrok instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple guide to getting this running in minutes, including the OpenZiti portions.

You can access the open-source version of zrok today.

A Start

I'm really excited about sharing zrok with you. As of this writing, we're at v0.3.0, and there is still a ton of work to do to get zrok to where I know it can go. zrok is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the OpenZiti GitHub).

Starting with v0.4, I'm planning on producing a set of regularly-released "development notebooks", documenting the development process and giving you a look at the work we're doing with zrok. I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of zrok on top of OpenZiti; these will be a great introduction to building a Ziti Native Application from the ground up. These videos will also be a comprehensive look at how zrok works.

We'd love your participation in the zrok project! You can find us on GitHub at https://github.com/openziti/zrok.

]]>
diff --git a/blog/index.html b/blog/index.html index 466b6b1f..b9f27f5a 100644 --- a/blog/index.html +++ b/blog/index.html @@ -5,13 +5,13 @@ Blog | Zrok - +
-

· 5 min read

I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.

For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent.

This new project is called... zrok.

zrok focuses on streamlining sharing for both developers and end users alike. zrok takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, zrok adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti.

Here are some of the things that make zrok different...

Private Sharing

Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you've got a public URL that you can share to allow access to your endpoint.

zrok expands on this model by supporting something that we're calling "private sharing". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other zrok users through the zero-trust overlay network.

In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. zrok handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect.

And if you want public sharing, zrok has that also. Our private sharing modes are an additional capability that zrok adds to the recipe. zrok supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.

Files; Repositories; Video... Decentralized

Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a frictionless way.

zrok also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... zrok will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet.

Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using zrok as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms.

We're still just getting started on building out these aspects of zrok. zrok already provides built-in single-command file sharing. You can get started using these powerful tools today!

Production zrok

NetFoundry is offering zrok.io, a managed zrok service instance you can use to try out zrok and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit zrok.io for details about requesting an invite.

Once zrok and zrok.io are out of beta, we'll be opening this service up to the public.

zrok.io runs on top of the open-source version of zrok. We're building on top of the same open-source codebase that's available today.

Open-Source; Self-Host

zrok is committed to being open-source. You've got everything you need to host your own zrok instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple guide to getting this running in minutes, including the OpenZiti portions.

You can access the open-source version of zrok today.

A Start

I'm really excited about sharing zrok with you. As of this writing, we're at v0.3.0, and there is still a ton of work to do to get zrok to where I know it can go. zrok is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the OpenZiti GitHub).

Starting with v0.4, I'm planning on producing a set of regularly-released "development notebooks", documenting the development process and giving you a look at the work we're doing with zrok. I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of zrok on top of OpenZiti; these will be a great introduction to building a Ziti Native Application from the ground up. These videos will also be a comprehensive look at how zrok works.

We'd love your participation in the zrok project! You can find us on GitHub at https://github.com/openziti/zrok.

- +

· 5 min read

I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.

For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent.

This new project is called... zrok.

zrok focuses on streamlining sharing for both developers and end users alike. zrok takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, zrok adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti.

Here are some of the things that make zrok different...

Private Sharing

Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you've got a public URL that you can share to allow access to your endpoint.

zrok expands on this model by supporting something that we're calling "private sharing". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other zrok users through the zero-trust overlay network.

In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. zrok handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect.

And if you want public sharing, zrok has that also. Our private sharing modes are an additional capability that zrok adds to the recipe. zrok supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.

Files; Repositories; Video... Decentralized

Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a frictionless way.

zrok also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... zrok will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet.

Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using zrok as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms.

We're still just getting started on building out these aspects of zrok. zrok already provides built-in single-command file sharing. You can get started using these powerful tools today!

Production zrok

NetFoundry is offering zrok.io, a managed zrok service instance you can use to try out zrok and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit zrok.io for details about requesting an invite.

Once zrok and zrok.io are out of beta, we'll be opening this service up to the public.

zrok.io runs on top of the open-source version of zrok. We're building on top of the same open-source codebase that's available today.

Open-Source; Self-Host

zrok is committed to being open-source. You've got everything you need to host your own zrok instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple guide to getting this running in minutes, including the OpenZiti portions.

You can access the open-source version of zrok today.

A Start

I'm really excited about sharing zrok with you. As of this writing, we're at v0.3.0, and there is still a ton of work to do to get zrok to where I know it can go. zrok is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the OpenZiti GitHub).

Starting with v0.4, I'm planning on producing a set of regularly-released "development notebooks", documenting the development process and giving you a look at the work we're doing with zrok. I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of zrok on top of OpenZiti; these will be a great introduction to building a Ziti Native Application from the ground up. These videos will also be a comprehensive look at how zrok works.

We'd love your participation in the zrok project! You can find us on GitHub at https://github.com/openziti/zrok.

+ \ No newline at end of file diff --git a/blog/introducing_zrok/index.html b/blog/introducing_zrok/index.html index c6c38282..edc63e18 100644 --- a/blog/introducing_zrok/index.html +++ b/blog/introducing_zrok/index.html @@ -3,15 +3,15 @@ -Introducing zrok | Zrok +Introducing zrok | Zrok - +
-

Introducing zrok

· 5 min read

I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.

For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent.

This new project is called... zrok.

zrok focuses on streamlining sharing for both developers and end users alike. zrok takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, zrok adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti.

Here are some of the things that make zrok different...

Private Sharing

Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you've got a public URL that you can share to allow access to your endpoint.

zrok expands on this model by supporting something that we're calling "private sharing". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other zrok users through the zero-trust overlay network.

In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. zrok handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect.

And if you want public sharing, zrok has that also. Our private sharing modes are an additional capability that zrok adds to the recipe. zrok supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.

Files; Repositories; Video... Decentralized

Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a frictionless way.

zrok also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... zrok will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet.

Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using zrok as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms.

We're still just getting started on building out these aspects of zrok. zrok already provides built-in single-command file sharing. You can get started using these powerful tools today!

Production zrok

NetFoundry is offering zrok.io, a managed zrok service instance you can use to try out zrok and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit zrok.io for details about requesting an invite.

Once zrok and zrok.io are out of beta, we'll be opening this service up to the public.

zrok.io runs on top of the open-source version of zrok. We're building on top of the same open-source codebase that's available today.

Open-Source; Self-Host

zrok is committed to being open-source. You've got everything you need to host your own zrok instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple guide to getting this running in minutes, including the OpenZiti portions.

You can access the open-source version of zrok today.

A Start

I'm really excited about sharing zrok with you. As of this writing, we're at v0.3.0, and there is still a ton of work to do to get zrok to where I know it can go. zrok is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the OpenZiti GitHub).

Starting with v0.4, I'm planning on producing a set of regularly-released "development notebooks", documenting the development process and giving you a look at the work we're doing with zrok. I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of zrok on top of OpenZiti; these will be a great introduction to building a Ziti Native Application from the ground up. These videos will also be a comprehensive look at how zrok works.

We'd love your participation in the zrok project! You can find us on GitHub at https://github.com/openziti/zrok.

- +

Introducing zrok

· 5 min read

I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.

For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent.

This new project is called... zrok.

zrok focuses on streamlining sharing for both developers and end users alike. zrok takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, zrok adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti.

Here are some of the things that make zrok different...

Private Sharing

Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you've got a public URL that you can share to allow access to your endpoint.

zrok expands on this model by supporting something that we're calling "private sharing". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other zrok users through the zero-trust overlay network.

In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. zrok handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect.

And if you want public sharing, zrok has that also. Our private sharing modes are an additional capability that zrok adds to the recipe. zrok supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.

Files; Repositories; Video... Decentralized

Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a frictionless way.

zrok also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... zrok will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet.

Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using zrok as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms.

We're still just getting started on building out these aspects of zrok. zrok already provides built-in single-command file sharing. You can get started using these powerful tools today!

Production zrok

NetFoundry is offering zrok.io, a managed zrok service instance you can use to try out zrok and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit zrok.io for details about requesting an invite.

Once zrok and zrok.io are out of beta, we'll be opening this service up to the public.

zrok.io runs on top of the open-source version of zrok. We're building on top of the same open-source codebase that's available today.

Open-Source; Self-Host

zrok is committed to being open-source. You've got everything you need to host your own zrok instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple guide to getting this running in minutes, including the OpenZiti portions.

You can access the open-source version of zrok today.

A Start

I'm really excited about sharing zrok with you. As of this writing, we're at v0.3.0, and there is still a ton of work to do to get zrok to where I know it can go. zrok is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the OpenZiti GitHub).

Starting with v0.4, I'm planning on producing a set of regularly-released "development notebooks", documenting the development process and giving you a look at the work we're doing with zrok. I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of zrok on top of OpenZiti; these will be a great introduction to building a Ziti Native Application from the ground up. These videos will also be a comprehensive look at how zrok works.

We'd love your participation in the zrok project! You can find us on GitHub at https://github.com/openziti/zrok.

+ \ No newline at end of file diff --git a/blog/rss.xml b/blog/rss.xml index 75263a3b..cb182361 100644 --- a/blog/rss.xml +++ b/blog/rss.xml @@ -4,7 +4,7 @@ Zrok Blog https://zrok.io/blog Zrok Blog - Mon, 30 Jan 2023 20:07:48 GMT + Mon, 30 Jan 2023 20:11:30 GMT https://validator.w3.org/feed/docs/rss2.html https://github.com/jpmonette/feed en @@ -12,7 +12,7 @@ <![CDATA[Introducing zrok]]> https://zrok.io/blog/introducing_zrok /introducing_zrok - Mon, 30 Jan 2023 20:07:48 GMT + Mon, 30 Jan 2023 20:11:30 GMT I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years.

For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent.

This new project is called... zrok.

zrok focuses on streamlining sharing for both developers and end users alike. zrok takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, zrok adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti.

Here are some of the things that make zrok different...

Private Sharing

Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you've got a public URL that you can share to allow access to your endpoint.

zrok expands on this model by supporting something that we're calling "private sharing". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other zrok users through the zero-trust overlay network.

In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. zrok handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect.

And if you want public sharing, zrok has that also. Our private sharing modes are an additional capability that zrok adds to the recipe. zrok supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them.

Files; Repositories; Video... Decentralized

Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a frictionless way.

zrok also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... zrok will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet.

Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using zrok as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms.

We're still just getting started on building out these aspects of zrok. zrok already provides built-in single-command file sharing. You can get started using these powerful tools today!

Production zrok

NetFoundry is offering zrok.io, a managed zrok service instance you can use to try out zrok and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit zrok.io for details about requesting an invite.

Once zrok and zrok.io are out of beta, we'll be opening this service up to the public.

zrok.io runs on top of the open-source version of zrok. We're building on top of the same open-source codebase that's available today.

Open-Source; Self-Host

zrok is committed to being open-source. You've got everything you need to host your own zrok instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple guide to getting this running in minutes, including the OpenZiti portions.

You can access the open-source version of zrok today.

A Start

I'm really excited about sharing zrok with you. As of this writing, we're at v0.3.0, and there is still a ton of work to do to get zrok to where I know it can go. zrok is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the OpenZiti GitHub).

Starting with v0.4, I'm planning on producing a set of regularly-released "development notebooks", documenting the development process and giving you a look at the work we're doing with zrok. I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of zrok on top of OpenZiti; these will be a great introduction to building a Ziti Native Application from the ground up. These videos will also be a comprehensive look at how zrok works.

We'd love your participation in the zrok project! You can find us on GitHub at https://github.com/openziti/zrok.

]]>
diff --git a/docs/category/guides/index.html b/docs/category/guides/index.html index d1c3a771..bd104b53 100644 --- a/docs/category/guides/index.html +++ b/docs/category/guides/index.html @@ -5,13 +5,13 @@ Guides | Zrok - + - + \ No newline at end of file diff --git a/docs/downloads/index.html b/docs/downloads/index.html index 02c6cb95..a1c179bd 100644 --- a/docs/downloads/index.html +++ b/docs/downloads/index.html @@ -5,13 +5,13 @@ Downloads | Zrok - +
- + \ No newline at end of file diff --git a/docs/getting-started/index.html b/docs/getting-started/index.html index e7c7db0d..c22db5ab 100644 --- a/docs/getting-started/index.html +++ b/docs/getting-started/index.html @@ -5,15 +5,15 @@ Getting Started with zrok | Zrok - +
-

Getting Started with zrok

zrok is a next-generation sharing platform built on top of OpenZiti, a programmable zero trust network overlay. zrok is an OpenZiti Native Application.

zrok facilitates sharing resources publicly and privately with an audience of your choosing.

As of version v0.3.0, zrok provides users the ability to publicly proxy local HTTP endpoints (similar to other offerings in this space). Additionally, zrok provides the ability to:

  • privately share resources with other zrok users; in private usage scenarios, your private resources are not exposed to any public endpoints, and all communication is securely and privately transported between zrok clients
  • use web sharing; easily share files with others using a single zrok command

Let's take a look at how to get started with zrok.

Downloading zrok

Releases are also available from the zrok project repository on GitHub at https://github.com/openziti/zrok/releases/latest

Extract zrok Distribution

Move the downloaded zrok distribution into a directory on your system. In my case, I've placed it in my home directory:

$ ls -lF zrok*
-rwxr-xr-x 1 michael michael 12724747 Jan 17 12:57 zrok_0.3.0-rc1_linux_amd64.tar.gz*

Create a directory where the extracted distribution will sit:

$ mkdir zrok
$ cd zrok/

Extract the zrok distribution:

$ tar zxvf ../zrok_0.3.0-rc1_linux_amd64.tar.gz
CHANGELOG.md
README.md
zrok

NOTE: On Windows platforms the distribution is shipped as a zip archive. Windows Explorer includes support for extracting zip archives natively.

Add zrok to your shell's environment.

For Linux or macos:

$ export PATH=`pwd`:$PATH

For Windows (using Command Prompt):

> set PATH=%CD%;%PATH%

For Windows (using PowerShell):

$env:path += ";"+$pwd.Path

With the zrok executable in your path, you can then execute the zrok command from your shell:

$ zrok version
_
_____ __ ___ | | __
|_ / '__/ _ \| |/ /
/ /| | | (_) | <
/___|_| \___/|_|\_\

v0.3.0-rc1 [0d43b55]

Configure Your zrok Service Instance

note

Most users can safely skip this section and proceed to "Generating an Invitation" below.

This section is relevant if you want to use the zrok CLI with an alternate service instance (in the case of self-hosting, etc.).

zrok is both an installable utility that you interact with from your local computer, and also a service that exists on the network. NetFoundry operates the public service instance that is available at api.zrok.io, but because zrok is open source and self-hostable, you're free to create your own zrok service instance.

The zrok executable defaults to using the zrok service instance at api.zrok.io. Should you need to change the endpoint to use a different service instance, you can do that with the following command:

$ zrok config set apiEndpoint https://zrok.mydomain.com
[WARNING]: unable to open zrokdir metadata; ignoring

zrok configuration updated
note

The WARNING about zrokdir metadata is ignorable. Running the zrok config set command writes a small piece of metadata into a .zrok folder inside your home directory. This allows zrok to identify the version of its settings, providing a mechanism to upgrade your installation as new versions are released. This WARNING is letting you know that your current environment has not be initialized by zrok.

You can use the zrok status command to inspect the state of your local environment. zrok refers to each shell where you install and enable a copy of zrok as as an environment.

$ zrok status

Config:

CONFIG VALUE SOURCE
apiEndpoint https://zrok.mydomain.com config

[WARNING]: Unable to load your local environment!

To create a local environment use the zrok enable command.
note

The WARNING about being unable to load your local environment will go away once you've successfully enabled (zrok enable) for your shell (we'll get to that below). For now, this warning is ignorable.

The zrok status command shows the configured API service that your environment is using, as well as the SOURCE where the setting was retrieved. In this case, config means that the setting was set into the environment using the zrok config command.

Generating an Invitation

In order to create an account with the zrok service instance, you will need to create an invitation.

note

Some environments take advantage of invitation tokens, which limit who is able to request an invitation on the service instance. If your service uses invitation tokens, the administrator of your instance will include details about how to use your token to generate your invitation.

We generate an invitation with the zrok invite command:

$ zrok invite

enter and confirm your email address...

> user@domain.com
> user@domain.com

[ Submit ]

invitation sent to 'user@domain.com'!

The zrok invite command presents a small form that allows you to enter (and then confirm) your email address. Tabbing to the [ Submit ] button will send the request to your configured zrok service.

Next, check the email where you sent the invite. You should receive a message asking you to click a link to create your zrok account. When you click that link, you will be brought to a web page that will allow you to set a password for your new account:

Enter a Password

Enter a password and it's confirmation, and click the Register Account button. You'll see the following:

Successful Registration

For now, we'll ignore the "enable your shell for zrok" section. Just click the zrok web portal link:

Web Login

After clicking the Log In button, you'll be brought into the zrok web console:

Web Console; Empty

Congratulations! Your zrok account is ready to go!

Enabling Your zrok Environment

When your zrok account was created, the service generated a secret token that identifies and authenticates in a single step. Protect your secret token as if it were a password, or an important account number; it's a secret, protect it.

When we left off you had downloaded, extracted, and configured your zrok environment. In order to use that environment with your account, you'll need to enable it. Enabling an environment generates a secure identity and the necessary underlying security policies with the OpenZiti network hosting the zrok service.

From the web console, click on your email address in the upper right corner of the header. That drop down menu contains an Enable Your Environment link. Click that link and a modal dialog will be shown like this:

Enable Modal Dialog

This dialog box shows you the zrok enable command that you can use to enable any shell to work with your zrok account with a single command.

Let's copy that command and paste it into your shell:

$ zrok enable klFEoIi0QAg7 
⣻ contacting the zrok service...

After a few seconds, the message will change and indicate that the enable operation suceeded:

$ zrok enable klFEoIi0QAg7 
⣻ the zrok environment was successfully enabled...

Now, if we run a zrok status command, you will see the details of your environment:

$ zrok status

Config:

CONFIG VALUE SOURCE
apiEndpoint https://api.zrok.io env

Environment:

PROPERTY VALUE
Secret Token klFEoIi0QAg7
Ziti Identity FTpvelYD6h

Excellent... our environment is now fully enabled.

If we return to the web console, we'll now see the new environment reflected in the explorer view:

New Environment in Web UI

In my case, the environment is named michael@ziti-lx, which is the username of my shell and the hostname of the system the shell is running on.

note

Should you want to use a non-default name for your environment, you can pass the -d option to the zrok enable command. See zrok enable --help for details.

If you click on the environment node in the explorer in the web console, the details panel shown at the bottom of the page will change:

Empty Environment

The explorer supports clicking, dragging, mouse wheel zooming, and selecting the nodes in the graph for more information (and available actions) for the selected node. If you ever get lost in the explorer, click the Zoom to Fit zoom to fit icon in the lower right corner of the explorer.

If we click on the Detail tab for our environment, we'll see something like:

Environment Detail

Your environment is fully ready to go. Now we can move on to the fun stuff...

Sharing

zrok is designed to make sharing resources as effortless as possible, while providing a high degree of security and control.

Ephemeral by Default

Shared resources are ephemeral by default; as soon as you terminate the zrok share command, the entire share is removed and is no longer available to any users. Identifiers for shared resources are randomly allocated when the share is created.

Public Shares and Frontends

Resources that are shared publicly are exposed to any users on the internet who have access to the zrok service instance's "frontend".

A frontend is an HTTPS listener exposed to the internet, that lets any user with your ephemeral share token access your publicly shared resources.

For example, I might create a public share using the zrok share public command, which results in my zrok service instance exposing the following URL to access my resources:

https://h0fz2ts9c84t.share.zrok.io

In this case my share was given the "share token" of h0fz2ts9c84t. That URL can be given to any user, allowing them to immediately access the shared resources directly from my local environment, all without exposing any access to my private, secure environment. The physical network location of my environment is not exposed to anonymous consumers of my resources.

If we return to the web console, we see our share in the explorer:

Web Console Share

If we click on our new share in the explorer, we can see the share details: +

Getting Started with zrok

zrok is a next-generation sharing platform built on top of OpenZiti, a programmable zero trust network overlay. zrok is an OpenZiti Native Application.

zrok facilitates sharing resources publicly and privately with an audience of your choosing.

As of version v0.3.0, zrok provides users the ability to publicly proxy local HTTP endpoints (similar to other offerings in this space). Additionally, zrok provides the ability to:

  • privately share resources with other zrok users; in private usage scenarios, your private resources are not exposed to any public endpoints, and all communication is securely and privately transported between zrok clients
  • use web sharing; easily share files with others using a single zrok command

Let's take a look at how to get started with zrok.

Downloading zrok

Releases are also available from the zrok project repository on GitHub at https://github.com/openziti/zrok/releases/latest

Extract zrok Distribution

Move the downloaded zrok distribution into a directory on your system. In my case, I've placed it in my home directory:

$ ls -lF zrok*
-rwxr-xr-x 1 michael michael 12724747 Jan 17 12:57 zrok_0.3.0-rc1_linux_amd64.tar.gz*

Create a directory where the extracted distribution will sit:

$ mkdir zrok
$ cd zrok/

Extract the zrok distribution:

$ tar zxvf ../zrok_0.3.0-rc1_linux_amd64.tar.gz
CHANGELOG.md
README.md
zrok

NOTE: On Windows platforms the distribution is shipped as a zip archive. Windows Explorer includes support for extracting zip archives natively.

Add zrok to your shell's environment.

For Linux or macos:

$ export PATH=`pwd`:$PATH

For Windows (using Command Prompt):

> set PATH=%CD%;%PATH%

For Windows (using PowerShell):

$env:path += ";"+$pwd.Path

With the zrok executable in your path, you can then execute the zrok command from your shell:

$ zrok version
_
_____ __ ___ | | __
|_ / '__/ _ \| |/ /
/ /| | | (_) | <
/___|_| \___/|_|\_\

v0.3.0-rc1 [0d43b55]

Configure Your zrok Service Instance

note

Most users can safely skip this section and proceed to "Generating an Invitation" below.

This section is relevant if you want to use the zrok CLI with an alternate service instance (in the case of self-hosting, etc.).

zrok is both an installable utility that you interact with from your local computer, and also a service that exists on the network. NetFoundry operates the public service instance that is available at api.zrok.io, but because zrok is open source and self-hostable, you're free to create your own zrok service instance.

The zrok executable defaults to using the zrok service instance at api.zrok.io. Should you need to change the endpoint to use a different service instance, you can do that with the following command:

$ zrok config set apiEndpoint https://zrok.mydomain.com
[WARNING]: unable to open zrokdir metadata; ignoring

zrok configuration updated
note

The WARNING about zrokdir metadata is ignorable. Running the zrok config set command writes a small piece of metadata into a .zrok folder inside your home directory. This allows zrok to identify the version of its settings, providing a mechanism to upgrade your installation as new versions are released. This WARNING is letting you know that your current environment has not be initialized by zrok.

You can use the zrok status command to inspect the state of your local environment. zrok refers to each shell where you install and enable a copy of zrok as as an environment.

$ zrok status

Config:

CONFIG VALUE SOURCE
apiEndpoint https://zrok.mydomain.com config

[WARNING]: Unable to load your local environment!

To create a local environment use the zrok enable command.
note

The WARNING about being unable to load your local environment will go away once you've successfully enabled (zrok enable) for your shell (we'll get to that below). For now, this warning is ignorable.

The zrok status command shows the configured API service that your environment is using, as well as the SOURCE where the setting was retrieved. In this case, config means that the setting was set into the environment using the zrok config command.

Generating an Invitation

In order to create an account with the zrok service instance, you will need to create an invitation.

note

Some environments take advantage of invitation tokens, which limit who is able to request an invitation on the service instance. If your service uses invitation tokens, the administrator of your instance will include details about how to use your token to generate your invitation.

We generate an invitation with the zrok invite command:

$ zrok invite

enter and confirm your email address...

> user@domain.com
> user@domain.com

[ Submit ]

invitation sent to 'user@domain.com'!

The zrok invite command presents a small form that allows you to enter (and then confirm) your email address. Tabbing to the [ Submit ] button will send the request to your configured zrok service.

Next, check the email where you sent the invite. You should receive a message asking you to click a link to create your zrok account. When you click that link, you will be brought to a web page that will allow you to set a password for your new account:

Enter a Password

Enter a password and it's confirmation, and click the Register Account button. You'll see the following:

Successful Registration

For now, we'll ignore the "enable your shell for zrok" section. Just click the zrok web portal link:

Web Login

After clicking the Log In button, you'll be brought into the zrok web console:

Web Console; Empty

Congratulations! Your zrok account is ready to go!

Enabling Your zrok Environment

When your zrok account was created, the service generated a secret token that identifies and authenticates in a single step. Protect your secret token as if it were a password, or an important account number; it's a secret, protect it.

When we left off you had downloaded, extracted, and configured your zrok environment. In order to use that environment with your account, you'll need to enable it. Enabling an environment generates a secure identity and the necessary underlying security policies with the OpenZiti network hosting the zrok service.

From the web console, click on your email address in the upper right corner of the header. That drop down menu contains an Enable Your Environment link. Click that link and a modal dialog will be shown like this:

Enable Modal Dialog

This dialog box shows you the zrok enable command that you can use to enable any shell to work with your zrok account with a single command.

Let's copy that command and paste it into your shell:

$ zrok enable klFEoIi0QAg7 
⣻ contacting the zrok service...

After a few seconds, the message will change and indicate that the enable operation suceeded:

$ zrok enable klFEoIi0QAg7 
⣻ the zrok environment was successfully enabled...

Now, if we run a zrok status command, you will see the details of your environment:

$ zrok status

Config:

CONFIG VALUE SOURCE
apiEndpoint https://api.zrok.io env

Environment:

PROPERTY VALUE
Secret Token klFEoIi0QAg7
Ziti Identity FTpvelYD6h

Excellent... our environment is now fully enabled.

If we return to the web console, we'll now see the new environment reflected in the explorer view:

New Environment in Web UI

In my case, the environment is named michael@ziti-lx, which is the username of my shell and the hostname of the system the shell is running on.

note

Should you want to use a non-default name for your environment, you can pass the -d option to the zrok enable command. See zrok enable --help for details.

If you click on the environment node in the explorer in the web console, the details panel shown at the bottom of the page will change:

Empty Environment

The explorer supports clicking, dragging, mouse wheel zooming, and selecting the nodes in the graph for more information (and available actions) for the selected node. If you ever get lost in the explorer, click the Zoom to Fit zoom to fit icon in the lower right corner of the explorer.

If we click on the Detail tab for our environment, we'll see something like:

Environment Detail

Your environment is fully ready to go. Now we can move on to the fun stuff...

Sharing

zrok is designed to make sharing resources as effortless as possible, while providing a high degree of security and control.

Ephemeral by Default

Shared resources are ephemeral by default; as soon as you terminate the zrok share command, the entire share is removed and is no longer available to any users. Identifiers for shared resources are randomly allocated when the share is created.

Public Shares and Frontends

Resources that are shared publicly are exposed to any users on the internet who have access to the zrok service instance's "frontend".

A frontend is an HTTPS listener exposed to the internet, that lets any user with your ephemeral share token access your publicly shared resources.

For example, I might create a public share using the zrok share public command, which results in my zrok service instance exposing the following URL to access my resources:

https://h0fz2ts9c84t.share.zrok.io

In this case my share was given the "share token" of h0fz2ts9c84t. That URL can be given to any user, allowing them to immediately access the shared resources directly from my local environment, all without exposing any access to my private, secure environment. The physical network location of my environment is not exposed to anonymous consumers of my resources.

If we return to the web console, we see our share in the explorer:

Web Console Share

If we click on our new share in the explorer, we can see the share details: Share Details

If we click on the frontend endpoint a new browser tab opens and we see the content of our share: Share Frontend

If we click on the environment in the explorer, we're shown all of the shares for that environment (including our new share), along with a spark line that shows the activity:

Environment Spark Line

And as soon as I terminate the zrok share client, the resources are removed from the zrok environment.

If we try to reload the frontend endpoing in our web browser, we'll see:

Not Found

Private Shares

zrok also provides a powerful private sharing model. If I execute the following command:

$ zrok share private http://localhost:8080

The zrok service will respond with the following:

access your share with: zrok access private wvszln4dyz9q

Rather than allowing access to your service through a public frontend, a private share is only exposed to the underlying OpenZiti network, and can only be accessed using the zrok access command.

The zrok access private wvszln4dyz9q command can be run by any zrok user, allowing them to create and bind a local HTTP listener, that allows for private access to your shared resources.

Proxy Backend Mode

Without specifying a backend mode, the zrok share command will assume that you're trying to share a proxy resource. A proxy resource is usually some private HTTP/HTTPS endpoint (like a development server, or a private application) running in your local environment. Usually such an endpoint would have no inbound connectivity except for however it is reachable from your local environment. It might be running on localhost, or only listening on a private LAN segment behind a firewall.

For these services a proxy share will allow those endpoints to be reached, either publicly or privately through the zrok service.

Web Backend Mode

The zrok share command accepts a --backend-mode option. Besides proxy, the current v0.3 release (as of this writing) also supports a web mode. The web mode allows you to specify a local folder on your filesystem, and instantly turns your zrok client into a web server, exposing your web content either publicly or privately without having to a configure a web server.

Reserved Shares

zrok shares are ephemeral unless you specifically create a "reserved" share.

A reserved share can be re-used multiple times; it will survive termination of the zrok share command, allowing for longer-lasting semi-permanent access to shared resources.

The first step is to create the reserved share:

$ zrok reserve public --backend-mode web v0.3_getting_started
[ 0.275] INFO main.(*reserveCommand).run: your reserved share token is 'mltwsinym1s2'
[ 0.275] INFO main.(*reserveCommand).run: reserved frontend endpoint: https://mltwsinym1s2.share.zrok.io

I'm asking the zrok service to reserve a share with a web backend mode, pointing at my local docs folder.

You'll want to remember the share token (mltwsinym1s2 in this case), and the frontend endpoint URL. If this were a private reserved share, there would not be a frontend URL.

If we do nothing else, and then point a web browser at the frontend endpoint, we get:

Not Found

This is the 404 error message returned by the zrok frontend. We're getting this because we haven't yet started up a zrok share for the service. Let's do that:

This command:

$ zrok share reserved mltwsinym1s2

...results in a new share backend starting up and connecting to the existing reserved share:

zrok share reserved

And now if we refresh the frontend endpoint URL in the web browser, we'll see an index of the docs directory:

zrok docs share

With the reserved share, we're free to stop and restart the zrok share reserved command as many times as we want, without losing the token for our share.

When we're done with the reserved share, we can release it using this command:

$ zrok release mltwsinym1s2
[ 0.230] INFO main.(*releaseCommand).run: reserved share 'mltwsinym1s2' released

Concepts Review

In summary, zrok lets you easily and securely share resources with both general internet users (through public sharing) and also with other zrok users (through private sharing).

Here's a quick review of the zrok mental model and the vocabulary.

Service Instance and Account

You create an account with a zrok service instance. Your account is identified by a username and a password, which you use to log into the web console. Your account also has a secret token, which you will use to authenticate from the zrok command-line to interact with the service instance.

You create a new account with a zrok service instance through the zrok invite command.

Environment

Using your secret token you use the zrok command-line interface to create an environment. An environment corresponds to a single command-line user on a specific host system.

You create a new environment by using the zrok enable command.

Shares

Once you've enabled an environment, you then create one or more shares. Shares have either a public or private sharing mode. Shares share a specific type of resource using a backend mode. As of this writing zrok supports a proxy backend mode to share local HTTP resources as a reverse proxy. zrok also supports a web backend mode to share local file and HTML resources by enabling a basic HTTP server.

Every share is identified by a share token. Public shares can be accessed through either a frontend instance offered through the zrok service instance, or through the zrok access command. Private shares can only be accessed through the zrok access command.

You use the zrok share command to create and enable ephemeral shares.

Reserved Shares

zrok supports creating shares that have a consistent share token that survives restarts of the zrok share command. These are considered non-ephemeral, and is callled a reserved share.

You use the zrok reserve command to create reserved shares. Reserved shares last until you use the zrok release command to delete them.

Self-Hosting a Service Instance

Interested in self-hosting your own zrok service instance? See the self-hosting guide for details.

- + \ No newline at end of file diff --git a/docs/guides/v0.3_nginx_tls_guide/index.html b/docs/guides/v0.3_nginx_tls_guide/index.html index f714f0bd..80bdefe7 100644 --- a/docs/guides/v0.3_nginx_tls_guide/index.html +++ b/docs/guides/v0.3_nginx_tls_guide/index.html @@ -5,13 +5,13 @@ Nginx Reverse Proxy for zrok | Zrok - +

Nginx Reverse Proxy for zrok

I'll assume you have a running zrok controller and public frontend and wish to front both with Nginx providing server TLS. Go back to Self-Hosting Guide if you still need to spin those up.

Choose a Reverse Proxy Address

I'll use https://api.zrok.quigley.com:443 in this example, and assume you already set up wildcard DNS like *.zrok.quigley.com. This lets us elect api.zrok.quigley.com as the controller DNS name, and forward any other incoming requests to the zrok public frontend.

Obtain a Wildcard Server Certificate

You must complete a DNS challenge to obtain a wildcard certificate from Let's Encrypt. I'll assume you know how to create the necessary TXT record in the DNS zone you're using with zrok.

  1. Install certbot: https://eff-certbot.readthedocs.io/en/stable/install.html

  2. Run certbot with the manual plugin: https://certbot.eff.org/docs/using.html#manual

    # install cert for *.zrok.quigley.com in /etc/letsencrypt
    sudo certbot certonly --manual

Install Nginx

Configure Nginx

server {
listen 443 ssl;
server_name api.zrok.quigley.com;
ssl_certificate /etc/letsencrypt/live/zrok.quigley.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zrok.quigley.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

location / {
proxy_pass http://127.0.0.1:18080;
error_log /var/log/nginx/zrok-controller.log;
}

}

server {
listen 443 ssl;
server_name *.zrok.quigley.com;
ssl_certificate /etc/letsencrypt/live/zrok.quigley.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zrok.quigley.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
error_log /var/log/nginx/zrok-frontend.log;
proxy_busy_buffers_size 512k;
proxy_buffers 4 512k;
proxy_buffer_size 256k;

}

}

Restart Nginx

Load the new configuration by restarting Nginx. Check the logs to make sure it's happy.

Started A high performance web server and a reverse proxy server.

Check the Firewall

If you followed the non-TLS quickstart then you may have opened 8080,108080/tcp in your firewall. You can go ahead and replace those exceptions with 443/tcp because only Nginx needs to be reachable for zrok to function.

Update the zrok Frontend

List available frontends to obtain the token identifier of the frontend named "public". You may need to set ZROK_ADMIN_TOKEN or ZROK_API_ENDPOINT before running zrok admin.

$ zrok admin list frontends

TOKEN ZID PUBLIC NAME URL TEMPLATE CREATED AT UPDATED AT
2NiDTRYUww18 7DsLh9DXG public http://{token}.zrok.quigley.com:8080 2023-01-19 05:29:20.793 +0000 UTC 2023-01-19 06:17:25 +0000 UTC

Update the URL template to use Nginx.

$ zrok admin update frontend 2NiDTRYUww18 --url-template https://{token}.zrok.quigley.com:443
[ 0.028] INFO main.(*adminUpdateFrontendCommand).run: updated global frontend '2NiDTRYUww18'
- + \ No newline at end of file diff --git a/docs/guides/v0.3_self_hosting_guide/index.html b/docs/guides/v0.3_self_hosting_guide/index.html index e7a43057..e2829ea8 100644 --- a/docs/guides/v0.3_self_hosting_guide/index.html +++ b/docs/guides/v0.3_self_hosting_guide/index.html @@ -5,13 +5,13 @@ Self-Hosting Guide | Zrok - +

Self-Hosting Guide

OpenZiti Quickstart

https://openziti.github.io/docs/quickstarts/network/

I specifically used the "no docker" variant:

$ source /dev/stdin <<< "$(wget -qO- https://get.openziti.io/quick/ziti-cli-functions.sh)"; expressInstall
$ startController
$ startRouter

Keep track of the generated admin password when running the expressInstall script. The script will prompt you like this:

Do you want to keep the generated admin password 'XO0xHp75uuyeireO2xmmVlK91T7B9fpD'? (Y/n)

You'll need that generated password (XO0xHp75uuyeireO2xmmVlK91T7B9fpD) when building your zrok controller configuration.

Configure the Controller

Create a controller configuration file in etc/ctrl.yml. The controller does not provide server TLS, but you may front the server with a reverse proxy. This example will expose the non-TLS listener for the controller.

#    _____ __ ___ | | __
# |_ / '__/ _ \| |/ /
# / /| | | (_) | <
# /___|_| \___/|_|\_\
# controller configuration

v: 1

admin:
secrets:
- f60b55fa-4dec-4c4a-9244-e3b7d6b9bb13

endpoint:
host: 0.0.0.0
port: 18080

store:
path: zrok.db
type: sqlite3

ziti:
api_endpoint: "https://127.0.0.1:1280"
username: admin
password: "XO0xHp75uuyeireO2xmmVlK91T7B9fpD"

The admin section defines privileged administrative credentials and must be set in the ZROK_ADMIN_TOKEN environment variable in shells where you want to run zrok admin.

The endpoint section defines where your zrok controller will listen.

The store section defines the local sqlite3 database used by the controller.

The ziti section defines how the zrok controller should communicate with your OpenZiti installation. When using the OpenZiti quickstart, an administrative password will be generated; the password in the ziti stanza should reflect this password.

Environment Variables

The zrok binaries are configured to work with the global zrok.io service, and default to using api.zrok.io as the endpoint for communicating with the service.

To work with a local zrok deployment, you'll need to set the ZROK_API_ENDPOINT environment variable to point to the address where your zrok controller will be listening, according to endpoint in the configuration file above.

In my case, I've set:

$ export ZROK_API_ENDPOINT=http://localhost:18080

Bootstrap OpenZiti for zrok

With your OpenZiti network running and your configuration saved to a local file (I refer to mine as etc/ctrl.yml in these examples), you're ready to bootstrap the Ziti network.

Use the zrok admin bootstrap command to bootstrap like this:

$ zrok admin bootstrap etc/ctrl.yml 
[ 0.002] INFO main.(*adminBootstrap).run: {
...
}
[ 0.002] INFO zrok/controller/store.Open: database connected
[ 0.006] INFO zrok/controller/store.(*Store).migrate: applied 0 migrations
[ 0.006] INFO zrok/controller.Bootstrap: connecting to the ziti edge management api
[ 0.039] INFO zrok/controller.Bootstrap: creating identity for controller ziti access
[ 0.071] INFO zrok/controller.Bootstrap: controller identity: jKd8AINSz
[ 0.082] INFO zrok/controller.assertIdentity: asserted identity 'jKd8AINSz'
[ 0.085] INFO zrok/controller.assertErpForIdentity: asserted erps for 'ctrl' (jKd8AINSz)
[ 0.085] INFO zrok/controller.Bootstrap: creating identity for frontend ziti access
[ 0.118] INFO zrok/controller.Bootstrap: frontend identity: sqJRAINSiB
[ 0.119] INFO zrok/controller.assertIdentity: asserted identity 'sqJRAINSiB'
[ 0.120] INFO zrok/controller.assertErpForIdentity: asserted erps for 'frontend' (sqJRAINSiB)
[ 0.120] WARNING zrok/controller.Bootstrap: missing public frontend for ziti id 'sqJRAINSiB'; please use 'zrok admin create frontend sqJRAINSiB public https://{token}.your.dns.name' to create a frontend instance
[ 0.123] INFO zrok/controller.assertZrokProxyConfigType: found 'zrok.proxy.v1' config type with id '33CyjNbIepkXHN5VzGDA8L'
[ 0.124] INFO zrok/controller.assertMetricsService: creating 'metrics' service
[ 0.126] INFO zrok/controller.assertMetricsService: asserted 'metrics' service (5RpPZZ7T8bZf1ENjwGiPc3)
[ 0.128] INFO zrok/controller.assertMetricsSerp: creating 'metrics' serp
[ 0.130] INFO zrok/controller.assertMetricsSerp: asserted 'metrics' serp
[ 0.134] INFO zrok/controller.assertCtrlMetricsBind: creating 'ctrl-metrics-bind' service policy
[ 0.135] INFO zrok/controller.assertCtrlMetricsBind: asserted 'ctrl-metrics-bind' service policy
[ 0.138] INFO zrok/controller.assertFrontendMetricsDial: creating 'frontend-metrics-dial' service policy
[ 0.140] INFO zrok/controller.assertFrontendMetricsDial: asserted 'frontend-metrics-dial' service policy
[ 0.140] INFO main.(*adminBootstrap).run: bootstrap complete!

The zrok admin bootstrap command configures the zrok database, the necessary OpenZiti identities, and all of the OpenZiti policies required to run a zrok service.

Notice this warning:

[   0.120] WARNING zrok/controller.Bootstrap: missing public frontend for ziti id 'sqJRAINSiB'; please use 'zrok admin create frontend sqJRAINSiB public https://{token}.your.dns.name' to create a frontend instance

The zrok bootstrap process wants us to create a "public frontend" for our service. zrok uses public frontends to allow users to specify where they would like public traffic to ingress from.

The zrok admin create frontend command requires a running zrok controller, so let's start that up first:

$ zrok controller etc/ctrl.yml 
[ 0.003] INFO main.(*controllerCommand).run: {
...
}
[ 0.016] INFO zrok/controller.inspectZiti: inspecting ziti controller configuration
[ 0.048] INFO zrok/controller.findZrokProxyConfigType: found 'zrok.proxy.v1' config type with id '33CyjNbIepkXHN5VzGDA8L'
[ 0.048] INFO zrok/controller/store.Open: database connected
[ 0.048] INFO zrok/controller/store.(*Store).migrate: applied 0 migrations
[ 0.049] INFO zrok/controller.(*metricsAgent).run: starting
[ 0.064] INFO zrok/rest_server_zrok.setupGlobalMiddleware: configuring
[ 0.064] INFO zrok/ui.StaticBuilder: building
[ 0.065] INFO zrok/rest_server_zrok.(*Server).Logf: Serving zrok at http://[::]:18080
[ 0.085] INFO zrok/controller.(*metricsAgent).listen: started

With our ZROK_ADMIN_TOKEN and ZROK_API_ENDPOINT environment variables set, we can create our public frontend like this:

$ zrok admin create frontend sqJRAINSiB public http://{token}.zrok.quigley.com:8080
[ 0.037] INFO main.(*adminCreateFrontendCommand).run: created global public frontend 'WEirJNHVlcW9'

Now our zrok controller is fully configured.

Configure the Public Frontend

Create etc/http-frontend.yml. You must reiterate the pattern you expressed in the public frontend URL template as a host_match pattern, and you may change the default address where the frontend will listen for public access requests. The frontend does not provide server TLS, but you may front the server with a reverse proxy. It is essential the reverse proxy forwards the Host header supplied by the viewer. This example will expose the non-TLS listener for the frontend.

host_match: zrok.quigley.com
address: 0.0.0.0:8080

Start Public Frontend

In another terminal window, run:

$ zrok access public etc/http-frontend.yml
[ 0.002] INFO main.(*accessPublicCommand).run: {
...
}
[ 0.002] INFO zrok/endpoints/public_frontend.newMetricsAgent: loaded 'frontend' identity

This process uses the frontend identity created during the bootstrap process to provide public access for the zrok deployment. It is expected that the configured listener for this frontend corresponds to the DNS template specified when creating the public frontend record above.

Invite Yourself

$ zrok invite
New Email: user@domain.com
Confirm Email: user@domain.com
invitation sent to 'user@domain.com'!

If you look at the console output from your zrok controller, you'll see a message like this:

[ 238.168]    INFO zrok/controller.(*inviteHandler).Handle: account request for 'user@domain.com' has registration token 'U2Ewt1UCn3ql'

You can access your zrok controller's registration UI by pointing a web browser at:

http://localhost:18080/register/U2Ewt1UCn3ql

The UI will ask you to set a password for your new account. Go ahead and do that.

After doing that, I see the following output in my controller console:

[ 516.778]    INFO zrok/controller.(*registerHandler).Handle: created account 'user@domain.com' with token 'SuGzRPjVDIcF'

Keep track of the token listed above (SuGzRPjVDIcF). We'll use this to enable our shell for this zrok deployment.

Enable Your Shell

$ zrok enable SuGzRPjVDIcF
zrok environment '2AS1WZ3Sz' enabled for 'SuGzRPjVDIcF'

Congratulations. You have a working zrok environment!

- + \ No newline at end of file diff --git a/index.html b/index.html index c382bf0f..7fd938af 100644 --- a/index.html +++ b/index.html @@ -5,13 +5,13 @@ Zrok - +
- + \ No newline at end of file