extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-05-30 14:49:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

add preamble to Docker frontdoor

Browse Source
This commit is contained in:
Kenneth Bingham 2023-11-27 17:22:00 -05:00
parent 52da8333bf
commit d2dd89f6e5
No known key found for this signature in database
GPG Key ID: 31709281860130B6
3 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docker/compose/zrok-public-reserved/compose.yml
View File

@ -126,6 +126,7 @@ services:
# start share on reserved public frontend url # start share on reserved public frontend url
zrok-share: zrok-share:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok} image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
restart: unless-stopped
entrypoint: entrypoint:
- bash - bash
- -euc - -euc

32
docs/guides/docker-share/_reserved_public_share.mdx
View File

@ -1,7 +1,22 @@
## Goal
1. Make a folder on your computer to use as a Docker Compose project for your zrok public share with a reserved subdomain. Proxy a reserved public subdomain to a backend target with Docker.
1. In your terminal, go to the newly-created project folder.
1. Download [the reserved public share project file](pathname:///zrok-public-reserved/compose.yml) into the project folder. ## How it Works
The Docker Compose project uses your zrok account token to reserve a public subdomain and keep sharing the backend
target.
When the project runs it will:
1. enable a zrok environment unless `/mnt/.zrok/environment.json` exists in the `zrok_env` volume
1. reserve a public subdomain for the service unless `/mnt/.zrok/reserved.json` exists
1. start sharing the target specified in the `.env` configuration file
## Create the Docker Project
1. Make a folder on your computer to use as a Docker Compose project for your zrok public share with a reserved subdomain and switch to the new directory in your terminal.
1. Download [the reserved public share `compose.yml` project file](pathname:///zrok-public-reserved/compose.yml) into the same directory.
1. Copy your zrok account's enable token from the zrok web console to your clipboard and paste it in a file named `.env` in the same folder like this: 1. Copy your zrok account's enable token from the zrok web console to your clipboard and paste it in a file named `.env` in the same folder like this:
```bash title=".env" ```bash title=".env"
@ -14,7 +29,7 @@
docker compose up --detach docker compose up --detach
``` ```
1. Get the public share URL from the output of the `zrok-share` service or by peeking in the zrok console where the share will be graphed. 1. Get the public share URL from the output of the `zrok-share` service or by peeking in the zrok console where the share will appear in the graph.
```bash ```bash
docker compose logs zrok-share docker compose logs zrok-share
@ -28,7 +43,7 @@ This concludes the minimum steps to begin sharing the demo web server. Read on t
## Proxy Any Web Server ## Proxy Any Web Server
The simplest way to share your web server is to set `ZROK_TARGET` (e.g. `https://example.com`) in the environment of the `docker compose up` command. When you restart the share will auto-configure for that upstream server URL. This applies to both temporary and reserved public shares. The simplest way to share your existing HTTP server is to set `ZROK_TARGET` (e.g. `https://example.com`) in the environment of the `docker compose up` command. When you restart the share will auto-configure for that URL.
```bash title=".env" ```bash title=".env"
ZROK_TARGET="http://example.com:8080" ZROK_TARGET="http://example.com:8080"
@ -40,10 +55,15 @@ docker compose down && docker compose up
## Require Authentication ## Require Authentication
You can require authentication for your public share by setting `ZROK_OAUTH_PROVIDER` to `github` or `google` if you're using our hosted zrok.io, and any OIDC provider you've configured if self-hosting. You can parse the authenticated email address from the request cookie. Read more about the OAuth features in [this blog post](https://blog.openziti.io/the-zrok-oauth-public-frontend). This applies to both temporary and reserved public shares. You can require a password or an OAuth login with certain email addresses.
## OAuth Email
You can allow specific email addresses or an email domain by setting `ZROK_OAUTH_PROVIDER` to `github` or `google` and `ZROK_SHARE_OPTS` to specify additional command-line options to `zrok reserve public`. Read more about the OAuth features in [this blog post](https://blog.openziti.io/the-zrok-oauth-public-frontend).
```bash title=".env" ```bash title=".env"
ZROK_OAUTH_PROVIDER="github" ZROK_OAUTH_PROVIDER="github"
ZROK_SHARE_OPTS="--oauth-email-domains @example.com"
``` ```
## Share Something Different ## Share Something Different

2
docs/guides/frontdoor.mdx
View File

@ -11,7 +11,7 @@ import TabItem from '@theme/TabItem';
import LinuxService from './_linux-service.mdx'; import LinuxService from './_linux-service.mdx';
import ReservedDocker from './docker-share/_reserved_public_share.mdx'; import ReservedDocker from './docker-share/_reserved_public_share.mdx';
zrok frontdoor is a way of using zrok-as-a-service from [zrok.io](https://zrok.io) as a shielded entry point to your website or service. This is useful if you want to expose a service to the public internet, but don't want to expose the service directly. **zrok frontdoor** provides a shielded entry point for your production website or service. This is useful if you want to expose it to the public internet, but not directly.
<OsTabs <OsTabs
queryString="os" queryString="os"