zrok/nfpm/zrok-share.env

# These values are sourced by the zrok-share.service. Search for "MUST" to identify the values that need to be changed.

#
## ZROK ENVIRONMENT
#
# You MUST enable a zrok environment by setting the environment enable token here. This file must be readable by
# 'other'.  Obtain the enable token from the zrok console after accepting your invitation and creating a password.
#
# WARNING: changing these values has no effect if /var/lib/zrok-share/.zrok/environment.json exists. Remove that file to
# enable a new environment and /var/lib/zrok-share/.zrok/reserved.json to provision a new frontend URL for the specified
# target.
#
ZROK_ENABLE_TOKEN=""

#
# You MAY customize the environment name that appears in the zrok console.
#
ZROK_ENVIRONMENT_NAME=""

# You MUST set this only if self-hosting the zrok controller.
#ZROK_API_ENDPOINT="https://api.zrok.io"

#
## ZROK BACKEND TARGET
#
# You MUST define the backend target and mode. The frontend URL will be provisioned when the service starts. You MAY
# change ZROK_TARGET and frontend URL will remain the same after a restart as long as the backend mode and frontend
# authentication options are the same. Options that require provisioning a new frontend URL when changed are marked with
# WARNING. You may delete /var/lib/zrok-share/.zrok/reserved.json and restart the service to provision a new frontend URL.
#
# backend-mode "proxy" (default): share a backend web server URL that's reachable by this host; must begin with 'http://' or
# 'https://'; must accept the HOST header of the proxy frontend. Check out backend mode "caddy" if you need more control.
ZROK_TARGET=""                  # e.g., http://127.0.0.1:3000
ZROK_BACKEND_MODE="proxy"
# if defined, an https share's backend server certificate will not be verified with backend-mode 'proxy'
# NOTE: changing this value does not require provisioning a new frontend URL
#ZROK_INSECURE="--insecure"

# backend-mode "web": run a web server and share a static HTML directory that's present on this host. Must be an
# absolute path to a directory that is readable by 'other'
#ZROK_TARGET="/var/www/html"
#ZROK_BACKEND_MODE="web"

# backend-mode "drive": run a WebDAV file server sharing a directory that's present on this host. Must be an absolute
# path to a directory that is readable by 'other'
#ZROK_TARGET="/usr/share/doc"
#ZROK_BACKEND_MODE="drive"

# backend-mode "caddy": run an embedded Caddy server configured by the supplied Caddyfile. Must be an absolute path that
# is readable by 'other'.
#ZROK_TARGET="/opt/openziti/etc/zrok/multiple_upstream.Caddyfile"
#ZROK_BACKEND_MODE="caddy"

# DEBUG log level
# NOTE: changing this value does not require provisioning a new frontend URL
#ZROK_VERBOSE="--verbose"

# you MAY set additional command-line options for the share; see "zrok reserve public --help" for hints
# WARNING: changing this value requires provisioning a new frontend URL
# NOTE: basic auth and oauth are mutually exclusive
ZROK_SHARE_OPTS=""

#
## ZROK FRONTEND 
#

# you MAY set one OAuth2/OIDC provider; "google" and "github" are valid for the default instance api.zrok.io
# WARNING: changing this value requires provisioning a new frontend URL
# NOTE: basic auth and oauth are mutually exclusive
#ZROK_OAUTH_PROVIDER="google"

# you MAY restrict access to one or more email addresses or domains; must be a space-separate list
# WARNING: changing this value requires provisioning a new frontend URL
#ZROK_OAUTH_EMAILS="bob@acme.example.com alice@forge.example.com @corp.example.com"

# you MAY require a password with HTTP basic authentication
# WARNING: changing this value requires provisioning a new frontend URL
# NOTE: basic auth and oauth are mutually exclusive
#ZROK_BASIC_AUTH=""

# set if self-hosting zrok and not using only the default frontend name 'public'; must be a space-separated list
# WARNING: changing this value requires provisioning a new frontend URL
#ZROK_FRONTENDS="public"