extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2024-12-22 06:40:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

update zrok Docker instance to use the new 'create account' API endpoint

Browse Source
This commit is contained in:
Kenneth Bingham 2024-08-19 17:38:14 -04:00
parent e9b2a27747
commit e7bbf61aa7
No known key found for this signature in database
GPG Key ID: 31709281860130B6
4 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docker/compose/zrok-instance/README.md
View File

@ -11,7 +11,7 @@ This Docker Compose project creates a zrok instance and includes a ziti controll
#### Additional DNS Configuration for Caddy TLS
The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `caddy.compose.override.yml` as `compose.override.yml`.
The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `compose.caddy.yml` as `compose.override.yml`.
1. Ensure A Caddy DNS plugin is available for your DNS provider (see [github.com/caddy-dns](https://github.com/orgs/caddy-dns/repositories?type=all&q=sort%3Aname-asc)).
1. Designate A DNS zone for zrok, e.g. `example.com` or `share.example.com` and create the zone on your DNS provider's platform.
@ -64,7 +64,7 @@ ZROK_ADMIN_TOKEN=zroktoken
```
```bash title=".env options"
# Caddy TLS option: rename caddy.compose.override.yml to compose.override.yml and set these vars; allow 80,443 in firewall
# Caddy TLS option: rename compose.caddy.yml to compose.override.yml and set these vars; allow 80,443 in firewall
# plugin name for your DNS provider
CADDY_DNS_PLUGIN=cloudflare
# API token from your DNS provider
@ -110,11 +110,11 @@ ZITI_CLI_TAG=latest
This step creates a user account. You will log in to the zrok web console with the account password created in this step. The ZROK_USER_EMAIL and ZROK_USER_PWD variables are set in the `.env` file. You can create more user accounts the same way by substituting a different email and password.
```bash title="Create the first user account"
docker compose exec zrok-controller bash -xc 'zrok admin create account /etc/zrok-controller/config.yml ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}'
docker compose exec zrok-controller bash -xc 'zrok admin create account ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}'
```
```buttonless title="Example output"
+ zrok admin create account /etc/zrok-controller/config.yml me@example.com zrokuserpw
+ zrok admin create account me@example.com zrokuserpw
[ 0.000] INFO zrok/controller/store.Open: database connected
[ 0.002] INFO zrok/controller/store.(*Store).migrate: applied 0 migrations
heMqncCyxZcx
@ -123,7 +123,7 @@ heMqncCyxZcx
Create additional users by running the command again with a different email and password.
```bash title="Create another user"
docker compose exec zrok-controller zrok admin create account /etc/zrok-controller/config.yml <email> <password>
docker compose exec zrok-controller zrok admin create account <email> <password>
```
### Enable the User Environment

0
docker/compose/zrok-instance/caddy.compose.override.yml → docker/compose/zrok-instance/compose.caddy.yml
View File

2
docker/compose/zrok-instance/compose.yml
View File

@ -114,6 +114,8 @@ services:
environment:
ZROK_USER_PWD: ${ZROK_USER_PWD} # admin account password (initial user account)
ZROK_USER_EMAIL: ${ZROK_USER_EMAIL} # login email address (initial user account)
ZROK_ADMIN_TOKEN: ${ZROK_ADMIN_TOKEN} # zrok controller admin password
ZROK_API_ENDPOINT: http://zrok-controller:${ZROK_CTRL_PORT:-18080} # bridge address of the zrok controller
zrok-frontend:
depends_on:

4
docs/guides/self-hosting/linux/index.mdx
View File

@ -231,7 +231,7 @@ address: 0.0.0.0:8080
This frontend config file has a `host_match` pattern that represents the DNS zone you're using with this instance of `zrok`. Incoming HTTP requests with a matching `Host` header will be handled by this frontend. You may also specify the interface address where the frontend will listen for public access requests.
The frontend does not provide server TLS, but you may front the server with a reverse proxy. It is essential the reverse proxy forwards the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
The frontend does not provide server TLS, but you may front the server with a reverse proxy. The reverse proxy must forward the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
You can also specify an `oauth` configuration in this file, full details of are found in [OAuth Public Frontend Configuration](/guides/self-hosting/oauth/configuring-oauth.md#configuring-your-public-frontend).
@ -254,7 +254,7 @@ The `zrok` frontend uses the `public` identity created during the bootstrap proc
With our `ZROK_ADMIN_TOKEN` and `ZROK_API_ENDPOINT` environment variables set, we can create our first user account.
```bash
zrok admin create account etc/ctrl.yml <email> <password>
zrok admin create account <email> <password>
```
The output is the account token you will use to enable each device's zrok environment.