From e7bbf61aa7caa5860635f7ff32065686cef59034 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Mon, 19 Aug 2024 17:38:14 -0400 Subject: [PATCH] update zrok Docker instance to use the new 'create account' API endpoint --- docker/compose/zrok-instance/README.md | 10 +++++----- .../{caddy.compose.override.yml => compose.caddy.yml} | 0 docker/compose/zrok-instance/compose.yml | 2 ++ docs/guides/self-hosting/linux/index.mdx | 4 ++-- 4 files changed, 9 insertions(+), 7 deletions(-) rename docker/compose/zrok-instance/{caddy.compose.override.yml => compose.caddy.yml} (100%) diff --git a/docker/compose/zrok-instance/README.md b/docker/compose/zrok-instance/README.md index 8d56d167..3281f7a5 100644 --- a/docker/compose/zrok-instance/README.md +++ b/docker/compose/zrok-instance/README.md @@ -11,7 +11,7 @@ This Docker Compose project creates a zrok instance and includes a ziti controll #### Additional DNS Configuration for Caddy TLS -The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `caddy.compose.override.yml` as `compose.override.yml`. +The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `compose.caddy.yml` as `compose.override.yml`. 1. Ensure A Caddy DNS plugin is available for your DNS provider (see [github.com/caddy-dns](https://github.com/orgs/caddy-dns/repositories?type=all&q=sort%3Aname-asc)). 1. Designate A DNS zone for zrok, e.g. `example.com` or `share.example.com` and create the zone on your DNS provider's platform. @@ -64,7 +64,7 @@ ZROK_ADMIN_TOKEN=zroktoken ``` ```bash title=".env options" -# Caddy TLS option: rename caddy.compose.override.yml to compose.override.yml and set these vars; allow 80,443 in firewall +# Caddy TLS option: rename compose.caddy.yml to compose.override.yml and set these vars; allow 80,443 in firewall # plugin name for your DNS provider CADDY_DNS_PLUGIN=cloudflare # API token from your DNS provider @@ -110,11 +110,11 @@ ZITI_CLI_TAG=latest This step creates a user account. You will log in to the zrok web console with the account password created in this step. The ZROK_USER_EMAIL and ZROK_USER_PWD variables are set in the `.env` file. You can create more user accounts the same way by substituting a different email and password. ```bash title="Create the first user account" -docker compose exec zrok-controller bash -xc 'zrok admin create account /etc/zrok-controller/config.yml ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}' +docker compose exec zrok-controller bash -xc 'zrok admin create account ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}' ``` ```buttonless title="Example output" -+ zrok admin create account /etc/zrok-controller/config.yml me@example.com zrokuserpw ++ zrok admin create account me@example.com zrokuserpw [ 0.000] INFO zrok/controller/store.Open: database connected [ 0.002] INFO zrok/controller/store.(*Store).migrate: applied 0 migrations heMqncCyxZcx @@ -123,7 +123,7 @@ heMqncCyxZcx Create additional users by running the command again with a different email and password. ```bash title="Create another user" -docker compose exec zrok-controller zrok admin create account /etc/zrok-controller/config.yml +docker compose exec zrok-controller zrok admin create account ``` ### Enable the User Environment diff --git a/docker/compose/zrok-instance/caddy.compose.override.yml b/docker/compose/zrok-instance/compose.caddy.yml similarity index 100% rename from docker/compose/zrok-instance/caddy.compose.override.yml rename to docker/compose/zrok-instance/compose.caddy.yml diff --git a/docker/compose/zrok-instance/compose.yml b/docker/compose/zrok-instance/compose.yml index 805b130d..251b60ac 100644 --- a/docker/compose/zrok-instance/compose.yml +++ b/docker/compose/zrok-instance/compose.yml @@ -114,6 +114,8 @@ services: environment: ZROK_USER_PWD: ${ZROK_USER_PWD} # admin account password (initial user account) ZROK_USER_EMAIL: ${ZROK_USER_EMAIL} # login email address (initial user account) + ZROK_ADMIN_TOKEN: ${ZROK_ADMIN_TOKEN} # zrok controller admin password + ZROK_API_ENDPOINT: http://zrok-controller:${ZROK_CTRL_PORT:-18080} # bridge address of the zrok controller zrok-frontend: depends_on: diff --git a/docs/guides/self-hosting/linux/index.mdx b/docs/guides/self-hosting/linux/index.mdx index b23dbb7f..c942a4fa 100644 --- a/docs/guides/self-hosting/linux/index.mdx +++ b/docs/guides/self-hosting/linux/index.mdx @@ -231,7 +231,7 @@ address: 0.0.0.0:8080 This frontend config file has a `host_match` pattern that represents the DNS zone you're using with this instance of `zrok`. Incoming HTTP requests with a matching `Host` header will be handled by this frontend. You may also specify the interface address where the frontend will listen for public access requests. -The frontend does not provide server TLS, but you may front the server with a reverse proxy. It is essential the reverse proxy forwards the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend. +The frontend does not provide server TLS, but you may front the server with a reverse proxy. The reverse proxy must forward the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend. You can also specify an `oauth` configuration in this file, full details of are found in [OAuth Public Frontend Configuration](/guides/self-hosting/oauth/configuring-oauth.md#configuring-your-public-frontend). @@ -254,7 +254,7 @@ The `zrok` frontend uses the `public` identity created during the bootstrap proc With our `ZROK_ADMIN_TOKEN` and `ZROK_API_ENDPOINT` environment variables set, we can create our first user account. ```bash -zrok admin create account etc/ctrl.yml +zrok admin create account ``` The output is the account token you will use to enable each device's zrok environment.