From e5a0aba760087759a3ab509d37d2cbde4ac60b43 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Wed, 13 Nov 2024 17:19:20 -0500 Subject: [PATCH] switch the default controller port to 80 --- docker/compose/zrok-instance/Caddyfile | 2 +- docker/compose/zrok-instance/README.md | 4 ++-- docker/compose/zrok-instance/compose.yml | 10 +++++----- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docker/compose/zrok-instance/Caddyfile b/docker/compose/zrok-instance/Caddyfile index de6c7d5f..6c6cc43e 100644 --- a/docker/compose/zrok-instance/Caddyfile +++ b/docker/compose/zrok-instance/Caddyfile @@ -22,7 +22,7 @@ # ziti administration console uses :443 for the benefit of a web UI cert and accesses the ziti edge-management API @ziti host ziti.{$ZROK_DNS_ZONE} - reverse_proxy @ziti ziti-quickstart:{$ZITI_CTRL_ADVERTISED_PORT:1280} { + reverse_proxy @ziti ziti-quickstart:{$ZITI_CTRL_ADVERTISED_PORT:80} { transport http { tls_insecure_skip_verify } diff --git a/docker/compose/zrok-instance/README.md b/docker/compose/zrok-instance/README.md index c6cb2ef7..dcfd1eb0 100644 --- a/docker/compose/zrok-instance/README.md +++ b/docker/compose/zrok-instance/README.md @@ -79,7 +79,7 @@ ZROK_FRONTEND_PORT=8080 ZROK_OAUTH_PORT=8081 # ziti ports must be published to the internet and allowed by firewall -ZITI_CTRL_ADVERTISED_PORT=1280 +ZITI_CTRL_ADVERTISED_PORT=80 ZITI_ROUTER_PORT=3022 # configure oauth for public shares @@ -157,7 +157,7 @@ The `ziti-quickstart` and `caddy` containers publish ports to all devices that u #### Required 1. `443/tcp` - reverse proxy handles HTTPS requests for zrok API, OAuth, and public shares (published by container `caddy`) -1. `1280/tcp` - ziti ctrl plane (published by container `ziti-quickstart`) +1. `80/tcp` - ziti ctrl plane (published by container `ziti-quickstart`) 1. `3022/tcp` - ziti data plane (published by container `ziti-quickstart`) diff --git a/docker/compose/zrok-instance/compose.yml b/docker/compose/zrok-instance/compose.yml index 251b60ac..80b9b143 100644 --- a/docker/compose/zrok-instance/compose.yml +++ b/docker/compose/zrok-instance/compose.yml @@ -14,7 +14,7 @@ services: - -euc - | ZITI_CMD+=" --ctrl-address ziti.${ZROK_DNS_ZONE}"\ - " --ctrl-port ${ZITI_CTRL_ADVERTISED_PORT:-1280}"\ + " --ctrl-port ${ZITI_CTRL_ADVERTISED_PORT:-80}"\ " --router-address ziti.${ZROK_DNS_ZONE}"\ " --router-port ${ZITI_ROUTER_PORT:-3022}"\ " --password ${ZITI_PWD:-admin}" @@ -31,10 +31,10 @@ services: # directory, ZITI_HOME - ${ZITI_HOME:-ziti_home}:/home/ziggy ports: - - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_CTRL_ADVERTISED_PORT:-1280}:${ZITI_CTRL_ADVERTISED_PORT:-1280} + - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_CTRL_ADVERTISED_PORT:-80}:${ZITI_CTRL_ADVERTISED_PORT:-80} - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022} expose: - - ${ZITI_CTRL_ADVERTISED_PORT:-1280} + - ${ZITI_CTRL_ADVERTISED_PORT:-80} - ${ZITI_ROUTER_PORT:-3022} depends_on: ziti-quickstart-init: @@ -94,7 +94,7 @@ services: ZROK_CLI_IMAGE: ${ZROK_CLI_IMAGE:-openziti/zrok} ZROK_CLI_TAG: ${ZROK_CLI_TAG:-latest} ZROK_DNS_ZONE: ${ZROK_DNS_ZONE} # e.g., "example.com" or "127.0.0.1.sslip.io" - ZITI_CTRL_ADVERTISED_PORT: ${ZITI_CTRL_ADVERTISED_PORT:-1280} + ZITI_CTRL_ADVERTISED_PORT: ${ZITI_CTRL_ADVERTISED_PORT:-80} ZROK_ADMIN_TOKEN: ${ZROK_ADMIN_TOKEN} # zrok controller admin password ZROK_CTRL_PORT: ${ZROK_CTRL_PORT:-18080} ZITI_PWD: ${ZITI_PWD} # ziti controller admin password @@ -155,7 +155,7 @@ services: ZROK_API_ENDPOINT: http://zrok-controller:${ZROK_CTRL_PORT:-18080} # bridge address of the zrok controller ZROK_FRONTEND_SCHEME: http ZROK_FRONTEND_PORT: ${ZROK_FRONTEND_PORT:-8080} - ZITI_CTRL_ADVERTISED_PORT: ${ZITI_CTRL_ADVERTISED_PORT:-1280} + ZITI_CTRL_ADVERTISED_PORT: ${ZITI_CTRL_ADVERTISED_PORT:-80} ZITI_PWD: ${ZITI_PWD} # ziti controller admin password volumes: