services: # set file ownership zrok-init: image: busybox # matches uid:gid of "nobody" in zrok container image command: chown -Rc 65534:65534 /mnt/.zrok user: root volumes: - zrok_env:/mnt/.zrok # enable zrok environment zrok-enable: image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok} depends_on: zrok-init: condition: service_completed_successfully entrypoint: zrok-enable.bash volumes: - zrok_env:/mnt environment: STATE_DIRECTORY: /mnt ZROK_ENABLE_TOKEN: ZROK_API_ENDPOINT: ZROK_ENVIRONMENT_NAME: docker-public-share # provision a temporary zrok frontend subdomain and start sharing the backend target zrok-share: image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok} entrypoint: zrok-share.bash depends_on: zrok-enable: condition: service_completed_successfully volumes: - zrok_env:/mnt ports: [] # - 127.0.0.1:2019:2019 # Caddy admin API environment: # internal configuration STATE_DIRECTORY: /mnt # zrok homedir in container ZROK_FRONTEND_MODE: temp-public # tells zrok-share.bash to create a temporary subdomain and share until exit # most relevant options ZROK_BACKEND_MODE: proxy # web, caddy, drive, proxy ZROK_TARGET: http://zrok-test:9090 # backend target, is a path in container filesystem unless proxy mode ZROK_INSECURE: # "--insecure" if proxy target has unverifiable TLS server certificate ZROK_OAUTH_PROVIDER: # google, github ZROK_OATH_EMAILS: # space-separated list of OAuth email addresses or @domain.tld to allow ZROK_BASIC_AUTH: # username:password, mutually-exclusive with ZROK_OAUTH_PROVIDER # least relevant options ZROK_VERBOSE: # "--verbose" ZROK_SHARE_OPTS: # additional arguments to "zrok share public" command ZROK_FRONTENDS: # "public" PFXLOG_NO_JSON: "true" # suppress JSON logging format # demo server you can share with zrok zrok-test: image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok} command: test endpoint --address 0.0.0.0 # 9090 volumes: zrok_env: