diff --git a/etc/ctrl.yml b/etc/ctrl.yml index e714d1b4..f1aa058f 100644 --- a/etc/ctrl.yml +++ b/etc/ctrl.yml @@ -3,38 +3,98 @@ # / /| | | (_) | < # /___|_| \___/|_|\_\ # controller configuration +# -v: 1 +# The `v` field determines the configuration version. When software is released that changes the structure of the +# configuration, the software will expect this field to be incremented. This protects you against invalid configuration +# versions. +# +v: 2 +# The `admin/secrets` array contains a list of strings that represent valid `ZROK_ADMIN_TOKEN` values to be used for +# administration of the `zrok` controller. +# +# Change this for your installation. +# +admin: + secrets: + - 77623cad-1847-4d6d-8ffe-37defc33c909 + +# The `endpoint` section determines where the HTTP listener that serves the API and web console will be bound. +# endpoint: - host: 0.0.0.0 - port: 18080 + host: 0.0.0.0 + port: 18080 +# Outbound email configuration. +# email: - host: smtp.server.com - port: 587 - username: "" - password: "" + host: smtp.server.com + port: 587 + username: "" + password: "" + from: ziggy@zrok.io -registration: - email_from: ziggy@server.com - registration_url_template: https://zrok.server.com/register +# InfluxDB configuration. InfluxDB is used to support sparkline displays in the web console. +# +influx: + url: http://127.0.0.1:8086 + bucket: zrok + org: zrok + token: "" -store: - path: "host=127.0.0.1 user=zrok password=zrok dbname=zrok" - type: "postgres" +# Instance-wide limits for per-user limits. `-1` represents unlimited. Each user can have the `limitless` flag set on +# their record in the `accounts` table in the database, to allow the user to ignore the instance-wide limits. +# +limits: + environments: -1 + shares: -1 -ziti: - api_endpoint: "https://127.0.0.1:1280" - username: admin - password: "admin" +# Background maintenance job configuration. The `registration` job purges registration requests created through the +# `zrok invite` tool. The `reset_password` job purges password reset requests. +# +maintenance: + registration: + expiration_timeout: 24h + check_frequency: 1h + batch_limit: 500 + reset_password: + expiration_timeout: 15m + check_frequency: 15m + batch_limit: 500 +# The name of the service used to report metrics from the frontends (`zrok access public`) to the zrok controller +# fleet. +# metrics: service_name: metrics -influx: - url: "http://127.0.0.1:8086" - bucket: zrok - org: zrok - token: "" +# Configure the generated URL for the registration email. The registration token will be appended to this URL. +# +registration: + registration_url_template: https://zrok.server.com/register + token_strategy: store +# Configure the generated URL for password resets. The reset token will be appended to this URL. +# +reset_password: + reset_url_template: https://zrok.server.com/resetPassword + +# Configure the controller database. Supports either PostgreSQL or sqlite3. +# +# sqlite3 only supports a single controller instance. To run multiple controllers, you must use PostgreSQL. +# +#store: +# path: "host=127.0.0.1 user=zrok password=zrok dbname=zrok" +# type: "postgres" +# +store: + path: zrok.db + type: sqlite3 + +# Ziti configuration. +# +ziti: + api_endpoint: https://127.0.0.1:1280 + username: admin + password: admin diff --git a/etc/http-frontend.yml b/etc/http-frontend.yml index 6c812259..3bd07f0b 100644 --- a/etc/http-frontend.yml +++ b/etc/http-frontend.yml @@ -1 +1,5 @@ +# Setting the `host_match` setting will cause a `zrok access public` to ignore `Host` headers that do not contain the +# configured string. This will allow you to let a load balancer access the frontend by IP address for health check +# purposes, and will allow `Host` headers that match the configured DNS name to be routed through `zrok`. +# host_match: zrok.io