mirror of
https://github.com/openziti/zrok.git
synced 2024-12-23 07:09:12 +01:00
Merge branch 'main' into v1_0_0
This commit is contained in:
commit
f693a89c99
45
.github/workflows/zhook.yml
vendored
45
.github/workflows/zhook.yml
vendored
@ -1,45 +0,0 @@
|
||||
name: mattermost-ziti-webhook
|
||||
on:
|
||||
create:
|
||||
delete:
|
||||
issues:
|
||||
issue_comment:
|
||||
pull_request_review:
|
||||
types: [submitted]
|
||||
pull_request_review_comment:
|
||||
pull_request:
|
||||
types: [opened, reopened]
|
||||
push:
|
||||
fork:
|
||||
release:
|
||||
types: [released]
|
||||
workflow_dispatch:
|
||||
watch:
|
||||
types: [started]
|
||||
|
||||
jobs:
|
||||
mattermost-ziti-webhook:
|
||||
runs-on: ubuntu-latest
|
||||
name: POST Webhook
|
||||
steps:
|
||||
- uses: openziti/ziti-mattermost-action-py@main
|
||||
if: |
|
||||
env.ZHOOK_URL != null
|
||||
&& !(
|
||||
github.event_name == 'issue_comment'
|
||||
&& github.event.sender.login == 'vercel[bot]'
|
||||
&& (contains(github.event.comment.body, 'Building') || contains(github.event.comment.body, 'Ignored'))
|
||||
)
|
||||
&& (
|
||||
github.event_name != 'pull_request_review'
|
||||
|| (github.event_name == 'pull_request_review' && github.event.review.state == 'approved')
|
||||
)
|
||||
env:
|
||||
ZHOOK_URL: ${{ secrets.ZHOOK_URL }}
|
||||
with:
|
||||
zitiId: ${{ secrets.ZITI_MATTERMOST_IDENTITY }}
|
||||
webhookUrl: ${{ secrets.ZHOOK_URL }}
|
||||
eventJson: ${{ toJson(github.event) }}
|
||||
senderUsername: "GitHubZ"
|
||||
destChannel: "dev-notifications"
|
||||
|
@ -12,6 +12,8 @@ FEATURE: `zrok share [public|private|reserved]` and `zrok access private` now au
|
||||
|
||||
FIX: Fixed crash when invoking `zrok share reserved` with no arguments (https://github.com/openziti/zrok/issues/740)
|
||||
|
||||
FIX: zrok-share.service on Linux failed to start with a private share in closed permission mode
|
||||
|
||||
## v0.4.40
|
||||
|
||||
FEATURE: New endpoint for synchronizing grants for an account (https://github.com/openziti/zrok/pull/744). Useful for updating the `zrok.proxy.v1` config objects containing interstitial setting when the `skip_interstitial_grants` table has been updated.
|
||||
|
@ -9,24 +9,9 @@ import DownloadCard from '@site/src/components/download-card';
|
||||
import DownloadCardStyles from '@site/src/css/download-card.module.css';
|
||||
|
||||
|
||||
## Choose Your Path
|
||||
## Get an Account
|
||||
|
||||
<Columns className='text--center getting-started-cards'>
|
||||
<Column style={{paddingBottom: 20}}>
|
||||
<Card shadow='tl'>
|
||||
<CardHeader>
|
||||
<h3>Self-Hosted zrok</h3>
|
||||
</CardHeader>
|
||||
<CardBody>
|
||||
Run a zrok instance on Linux, Docker, or Kubernetes.
|
||||
</CardBody>
|
||||
<CardFooter>
|
||||
<a href="/docs/category/self-hosting/">
|
||||
<button className='button button--secondary button--block'>Guides</button>
|
||||
</a>
|
||||
</CardFooter>
|
||||
</Card>
|
||||
</Column>
|
||||
<Column style={{paddingBottom: 20}}>
|
||||
<Card shadow='tl'>
|
||||
<CardHeader>
|
||||
@ -42,6 +27,21 @@ import DownloadCardStyles from '@site/src/css/download-card.module.css';
|
||||
</CardFooter>
|
||||
</Card>
|
||||
</Column>
|
||||
<Column style={{paddingBottom: 20}}>
|
||||
<Card shadow='tl'>
|
||||
<CardHeader>
|
||||
<h3>Self-Hosted zrok</h3>
|
||||
</CardHeader>
|
||||
<CardBody>
|
||||
Run a zrok instance on Linux, Docker, or Kubernetes.
|
||||
</CardBody>
|
||||
<CardFooter>
|
||||
<a href="/docs/category/self-hosting/">
|
||||
<button className='button button--secondary button--block'>Guides</button>
|
||||
</a>
|
||||
</CardFooter>
|
||||
</Card>
|
||||
</Column>
|
||||
</Columns>
|
||||
|
||||
|
||||
@ -96,51 +96,10 @@ If [sharing privately](./concepts/sharing-private.md), only users with the share
|
||||
</div>
|
||||
</AssetsProvider>
|
||||
|
||||
## Generating an Invitation
|
||||
|
||||
:::note
|
||||
If not using `zrok.io` (zrok-as-a-service), you must configure the `zrok` command to use your instance. See the [instance configuration guide](/guides/self-hosting/instance-configuration.mdx) in the self-hosting section for details.
|
||||
:::
|
||||
|
||||
Invite yourself to `zrok` by running the `zrok invite` command:
|
||||
|
||||
```text
|
||||
zrok invite
|
||||
```
|
||||
|
||||
```buttonless title="Output"
|
||||
enter and confirm your email address...
|
||||
|
||||
> user@domain.com
|
||||
> user@domain.com
|
||||
|
||||
[ Submit ]
|
||||
|
||||
invitation sent to 'user@domain.com'!
|
||||
```
|
||||
|
||||
The `zrok invite` command presents a small form that allows you to enter (and then confirm) your email address. Tabbing to the `[ Submit ]` button will send the request to your configured `zrok` service.
|
||||
|
||||
Next, check the email where you sent the invite. You should receive a message asking you to click a link to create your `zrok` account. When you click that link, you will be brought to a web page that will allow you to set a password for your new account:
|
||||
|
||||
![Enter a Password](images/zrok_verify.png)
|
||||
|
||||
Enter a password and its confirmation, and click the `Register Account` button. You'll see the following:
|
||||
|
||||
![Successful Registration](images/zrok_registration_success.png)
|
||||
|
||||
For now, we'll ignore the "enable your shell for zrok" section. Just click the `zrok web portal` link:
|
||||
|
||||
![Web Login](images/zrok_web_login.png)
|
||||
|
||||
After clicking the `Log In` button, you'll be brought into the `zrok` _web console_:
|
||||
|
||||
![Web Console; Empty](images/zrok_web_console_empty.png)
|
||||
|
||||
Congratulations! Your `zrok` account is ready to go!
|
||||
|
||||
## Enabling Your zrok Environment
|
||||
|
||||
After you have [an account](#get-an-account), you can enable your `zrok` environment.
|
||||
|
||||
A zrok environment usually refers to an enabled device where shares and accesses can be created, .e.g., `~/.zrok` on a Unix machine. It can be a specific user's environment or a system-wide agent's environment owned by the administrator.
|
||||
|
||||
When your `zrok` account was created, the service generated a _secret token_ that identifies and authenticates in a single step. Protect your secret token as if it were a password, or an important account number; it's a _secret_, protect it.
|
||||
@ -371,7 +330,7 @@ Here's a quick review of the `zrok` mental model and the vocabulary.
|
||||
|
||||
You create an _account_ with a `zrok` _instance_. Your account is identified by a username and a password, which you use to log into the _web console_. Your account also has a _secret token_, which you will use to authenticate from the `zrok` command-line to interact with the _instance_.
|
||||
|
||||
You create a new _account_ with a `zrok` _instance_ through the `zrok invite` command.
|
||||
You create a new _account_ with NetFoundry's `zrok` _instance_ by subscribing in [myzrok.io](https://myzrok.io) or in a self-hosted `zrok` _instance_ by running [the `zrok invite` command](/guides/self-hosting/self-service-invite.mdx).
|
||||
|
||||
### Environment
|
||||
|
||||
|
@ -108,7 +108,7 @@ You must set the permission mode before you reserve the share.
|
||||
Only your own account can access the private share.
|
||||
|
||||
```bash
|
||||
ZROK_PERMISSION_MODE=closed
|
||||
ZROK_PERMISSION_MODE="closed"
|
||||
```
|
||||
|
||||
Grant access to additional zrok accounts.
|
||||
|
54
docs/guides/self-hosting/self-service-invite.mdx
Normal file
54
docs/guides/self-hosting/self-service-invite.mdx
Normal file
@ -0,0 +1,54 @@
|
||||
---
|
||||
title: Invitations
|
||||
---
|
||||
|
||||
This is how to set up self-service invitations for your users to get an account on your self-hosted zrok instance.
|
||||
|
||||
## Overview
|
||||
|
||||
- You can create user accounts directly with the `zrok admin` CLI or API.
|
||||
- You can welcome users to invite themselves via email.
|
||||
- You can generate invitation tokens if you want to restrict self-service invitations.
|
||||
- To enable self-service invitations you must also configure the controller to send email.
|
||||
|
||||
## The Self-Service User Experience
|
||||
|
||||
This is what your users will do.
|
||||
|
||||
```bash
|
||||
zrok invite
|
||||
```
|
||||
|
||||
```buttonless title="Output"
|
||||
enter and confirm your email address...
|
||||
|
||||
> user@domain.com
|
||||
> user@domain.com
|
||||
|
||||
[ Submit ]
|
||||
|
||||
invitation sent to 'user@domain.com'!
|
||||
```
|
||||
|
||||
## How it Works
|
||||
|
||||
The `zrok invite` command presents a small form that allows you to enter (and then confirm) your email address. Tabbing to the `[ Submit ]` button will start the invitation process.
|
||||
|
||||
Next, check the email where you sent the invite. You should receive a message asking you to click a link to create your `zrok` account. When you click that link, you will be brought to a web page that will allow you to set a password for your new account.
|
||||
|
||||
![Enter a Password](/zrok_verify.png)
|
||||
|
||||
Enter a password and its confirmation, and click the `Register Account` button. You'll see the following:
|
||||
|
||||
![Successful Registration](/zrok_registration_success.png)
|
||||
|
||||
For now, we'll ignore the "enable your shell for zrok" section. Just click the `zrok web portal` link:
|
||||
|
||||
![Web Login](/zrok_web_login.png)
|
||||
|
||||
After clicking the `Log In` button, you'll be brought into the `zrok` _web console_:
|
||||
|
||||
![Web Console; Empty](/zrok_web_console_empty.png)
|
||||
|
||||
Congratulations! Your `zrok` account is ready to go!
|
||||
|
@ -174,7 +174,6 @@ if [[ "${ZROK_FRONTEND_MODE:-}" =~ -private$ && "${ZROK_PERMISSION_MODE:-}" == c
|
||||
done
|
||||
else
|
||||
echo "WARNING: ZROK_PERMISSION_MODE='${ZROK_PERMISSION_MODE}' and no additional ZROK_ACCESS_GRANTS; will be granted access" >&2
|
||||
exit 1
|
||||
fi
|
||||
elif [[ "${ZROK_FRONTEND_MODE:-}" =~ -private$ && -n "${ZROK_PERMISSION_MODE:-}" && "${ZROK_PERMISSION_MODE}" != open ]]; then
|
||||
echo "WARNING: ZROK_PERMISSION_MODE='${ZROK_PERMISSION_MODE}' is not a recognized value'" >&2
|
||||
|
@ -108,7 +108,7 @@ ZROK_TARGET="" # e.g., http://127.0.0.1:3000
|
||||
#ZROK_FRONTEND_MODE="reserved-public"
|
||||
|
||||
# you MAY restrict access to a private share allowing only your own zrok account
|
||||
#ZROK_PERMISSION_MODE=closed
|
||||
#ZROK_PERMISSION_MODE="closed"
|
||||
# if permission mode "closed" - space-separated list of additional zrok account emails to grant access with the share token
|
||||
#ZROK_ACCESS_GRANTS=""
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user