mirror of
https://github.com/openziti/zrok.git
synced 2024-12-22 06:40:50 +01:00
update zrok Docker instance to use the new 'create account' API endpoint
This commit is contained in:
parent
e9b2a27747
commit
e7bbf61aa7
@ -11,7 +11,7 @@ This Docker Compose project creates a zrok instance and includes a ziti controll
|
|||||||
|
|
||||||
#### Additional DNS Configuration for Caddy TLS
|
#### Additional DNS Configuration for Caddy TLS
|
||||||
|
|
||||||
The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `caddy.compose.override.yml` as `compose.override.yml`.
|
The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `compose.caddy.yml` as `compose.override.yml`.
|
||||||
|
|
||||||
1. Ensure A Caddy DNS plugin is available for your DNS provider (see [github.com/caddy-dns](https://github.com/orgs/caddy-dns/repositories?type=all&q=sort%3Aname-asc)).
|
1. Ensure A Caddy DNS plugin is available for your DNS provider (see [github.com/caddy-dns](https://github.com/orgs/caddy-dns/repositories?type=all&q=sort%3Aname-asc)).
|
||||||
1. Designate A DNS zone for zrok, e.g. `example.com` or `share.example.com` and create the zone on your DNS provider's platform.
|
1. Designate A DNS zone for zrok, e.g. `example.com` or `share.example.com` and create the zone on your DNS provider's platform.
|
||||||
@ -64,7 +64,7 @@ ZROK_ADMIN_TOKEN=zroktoken
|
|||||||
```
|
```
|
||||||
|
|
||||||
```bash title=".env options"
|
```bash title=".env options"
|
||||||
# Caddy TLS option: rename caddy.compose.override.yml to compose.override.yml and set these vars; allow 80,443 in firewall
|
# Caddy TLS option: rename compose.caddy.yml to compose.override.yml and set these vars; allow 80,443 in firewall
|
||||||
# plugin name for your DNS provider
|
# plugin name for your DNS provider
|
||||||
CADDY_DNS_PLUGIN=cloudflare
|
CADDY_DNS_PLUGIN=cloudflare
|
||||||
# API token from your DNS provider
|
# API token from your DNS provider
|
||||||
@ -110,11 +110,11 @@ ZITI_CLI_TAG=latest
|
|||||||
This step creates a user account. You will log in to the zrok web console with the account password created in this step. The ZROK_USER_EMAIL and ZROK_USER_PWD variables are set in the `.env` file. You can create more user accounts the same way by substituting a different email and password.
|
This step creates a user account. You will log in to the zrok web console with the account password created in this step. The ZROK_USER_EMAIL and ZROK_USER_PWD variables are set in the `.env` file. You can create more user accounts the same way by substituting a different email and password.
|
||||||
|
|
||||||
```bash title="Create the first user account"
|
```bash title="Create the first user account"
|
||||||
docker compose exec zrok-controller bash -xc 'zrok admin create account /etc/zrok-controller/config.yml ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}'
|
docker compose exec zrok-controller bash -xc 'zrok admin create account ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}'
|
||||||
```
|
```
|
||||||
|
|
||||||
```buttonless title="Example output"
|
```buttonless title="Example output"
|
||||||
+ zrok admin create account /etc/zrok-controller/config.yml me@example.com zrokuserpw
|
+ zrok admin create account me@example.com zrokuserpw
|
||||||
[ 0.000] INFO zrok/controller/store.Open: database connected
|
[ 0.000] INFO zrok/controller/store.Open: database connected
|
||||||
[ 0.002] INFO zrok/controller/store.(*Store).migrate: applied 0 migrations
|
[ 0.002] INFO zrok/controller/store.(*Store).migrate: applied 0 migrations
|
||||||
heMqncCyxZcx
|
heMqncCyxZcx
|
||||||
@ -123,7 +123,7 @@ heMqncCyxZcx
|
|||||||
Create additional users by running the command again with a different email and password.
|
Create additional users by running the command again with a different email and password.
|
||||||
|
|
||||||
```bash title="Create another user"
|
```bash title="Create another user"
|
||||||
docker compose exec zrok-controller zrok admin create account /etc/zrok-controller/config.yml <email> <password>
|
docker compose exec zrok-controller zrok admin create account <email> <password>
|
||||||
```
|
```
|
||||||
|
|
||||||
### Enable the User Environment
|
### Enable the User Environment
|
||||||
|
@ -114,6 +114,8 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
ZROK_USER_PWD: ${ZROK_USER_PWD} # admin account password (initial user account)
|
ZROK_USER_PWD: ${ZROK_USER_PWD} # admin account password (initial user account)
|
||||||
ZROK_USER_EMAIL: ${ZROK_USER_EMAIL} # login email address (initial user account)
|
ZROK_USER_EMAIL: ${ZROK_USER_EMAIL} # login email address (initial user account)
|
||||||
|
ZROK_ADMIN_TOKEN: ${ZROK_ADMIN_TOKEN} # zrok controller admin password
|
||||||
|
ZROK_API_ENDPOINT: http://zrok-controller:${ZROK_CTRL_PORT:-18080} # bridge address of the zrok controller
|
||||||
|
|
||||||
zrok-frontend:
|
zrok-frontend:
|
||||||
depends_on:
|
depends_on:
|
||||||
|
@ -231,7 +231,7 @@ address: 0.0.0.0:8080
|
|||||||
|
|
||||||
This frontend config file has a `host_match` pattern that represents the DNS zone you're using with this instance of `zrok`. Incoming HTTP requests with a matching `Host` header will be handled by this frontend. You may also specify the interface address where the frontend will listen for public access requests.
|
This frontend config file has a `host_match` pattern that represents the DNS zone you're using with this instance of `zrok`. Incoming HTTP requests with a matching `Host` header will be handled by this frontend. You may also specify the interface address where the frontend will listen for public access requests.
|
||||||
|
|
||||||
The frontend does not provide server TLS, but you may front the server with a reverse proxy. It is essential the reverse proxy forwards the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
|
The frontend does not provide server TLS, but you may front the server with a reverse proxy. The reverse proxy must forward the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
|
||||||
|
|
||||||
You can also specify an `oauth` configuration in this file, full details of are found in [OAuth Public Frontend Configuration](/guides/self-hosting/oauth/configuring-oauth.md#configuring-your-public-frontend).
|
You can also specify an `oauth` configuration in this file, full details of are found in [OAuth Public Frontend Configuration](/guides/self-hosting/oauth/configuring-oauth.md#configuring-your-public-frontend).
|
||||||
|
|
||||||
@ -254,7 +254,7 @@ The `zrok` frontend uses the `public` identity created during the bootstrap proc
|
|||||||
With our `ZROK_ADMIN_TOKEN` and `ZROK_API_ENDPOINT` environment variables set, we can create our first user account.
|
With our `ZROK_ADMIN_TOKEN` and `ZROK_API_ENDPOINT` environment variables set, we can create our first user account.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
zrok admin create account etc/ctrl.yml <email> <password>
|
zrok admin create account <email> <password>
|
||||||
```
|
```
|
||||||
|
|
||||||
The output is the account token you will use to enable each device's zrok environment.
|
The output is the account token you will use to enable each device's zrok environment.
|
||||||
|
Loading…
Reference in New Issue
Block a user