zrok/docker/compose/zrok-public-share/compose.yml

services:

  # set file ownership
  zrok-init:
    image: busybox
    # matches uid:gid of "nobody" in zrok container image
    command: chown -Rc 65534:65534 /mnt/.zrok
    user: root
    volumes:
      - zrok_env:/mnt/.zrok

  # enable zrok environment
  zrok-enable:
    image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
    depends_on:
      zrok-init:
        condition: service_completed_successfully
    entrypoint: zrok-enable.bash
    volumes:
      - zrok_env:/mnt
    environment:
      STATE_DIRECTORY: /mnt
      ZROK_ENABLE_TOKEN:
      ZROK_API_ENDPOINT:
      ZROK_ENVIRONMENT_NAME: docker-public-share

  # provision a temporary zrok frontend subdomain and start sharing the backend target
  zrok-share:
    image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
    restart: no
    entrypoint: zrok-share.bash
    depends_on:
      zrok-enable:
        condition: service_completed_successfully
    volumes:
      - zrok_env:/mnt
    environment:
      # internal configuration
      STATE_DIRECTORY: /mnt  # zrok homedir in container
      ZROK_FRONTEND_MODE: temp-public  # tells zrok-share.bash to create a temporary subdomain and share until exit

      # most relevant options
      ZROK_BACKEND_MODE: proxy  # web, caddy, drive, proxy
      ZROK_TARGET: http://zrok-test:9090  # backend target, is a path in container filesystem unless proxy mode
      ZROK_INSECURE:        # "--insecure" if proxy target has unverifiable TLS server certificate
      ZROK_OAUTH_PROVIDER:  # google, github
      ZROK_OAUTH_EMAILS:    # allow space-separated list of OAuth email address glob patterns
      ZROK_BASIC_AUTH:      # username:password, mutually-exclusive with ZROK_OAUTH_PROVIDER

      # least relevant options
      ZROK_VERBOSE:           # "--verbose"
      ZROK_SHARE_OPTS:        # additional arguments to "zrok share public" command
      ZROK_FRONTENDS:         # "public"
      PFXLOG_NO_JSON: "true"  # suppress JSON logging format

  # demo server you can share with zrok
  zrok-test:
    image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
    command: test endpoint --address 0.0.0.0  # 9090

volumes:
  zrok_env: