mirror of
https://github.com/openziti/zrok.git
synced 2025-01-25 07:19:11 +01:00
128 lines
5.2 KiB
Bash
128 lines
5.2 KiB
Bash
# These values are sourced by the zrok-share.service. Search for "MUST" to identify the values that need to be changed.
|
|
|
|
#
|
|
## ZROK ENVIRONMENT
|
|
#
|
|
# The variables in this section are not used by user units, i.e., systemctl --user, because it is assumed the user's
|
|
# environment in ~/.zrok is already enabled. The variables in this section are required by system-wide service units.
|
|
# For system services, you MUST enable a zrok environment by setting the account token here. This file must
|
|
# be readable by 'other'. Obtain the account token from the zrok console.
|
|
#
|
|
# WARNING: changing these values has no effect if /var/lib/zrok-share/.zrok/environment.json exists. Remove that file to
|
|
# enable a new environment and /var/lib/zrok-share/.zrok/reserved.json to provision a new frontend URL for the specified
|
|
# target.
|
|
#
|
|
ZROK_ENABLE_TOKEN=""
|
|
|
|
#
|
|
# You MAY customize the environment name that appears in the zrok console.
|
|
#
|
|
ZROK_ENVIRONMENT_NAME=""
|
|
|
|
# You MUST set this if not using the default API endpoint
|
|
#ZROK_API_ENDPOINT="https://api.zrok.io"
|
|
|
|
#
|
|
## ZROK BACKEND MODE AND TARGET
|
|
#
|
|
# You MUST define the backend target and mode. The frontend URL will be provisioned when the service starts. You MAY
|
|
# change ZROK_TARGET and frontend URL will remain the same after a restart as long as the backend mode and frontend
|
|
# authentication options are the same. Options that require provisioning a new frontend URL when changed are marked with
|
|
# WARNING. You may delete /var/lib/zrok-share/.zrok/reserved.json and restart the service to provision a new frontend URL.
|
|
|
|
#
|
|
## BACKEND MODES THAT WORK WITH PUBLIC AND PRIVATE HTTP SHARES
|
|
#
|
|
|
|
# backend-mode "proxy" (default): share a backend web server URL that's reachable by this host; must begin with 'http://' or
|
|
# 'https://'; must accept the HOST header of the proxy frontend. Check out backend mode "caddy" if you need more control.
|
|
ZROK_BACKEND_MODE="proxy"
|
|
ZROK_TARGET="" # e.g., http://127.0.0.1:3000
|
|
# if defined, an https share's backend server certificate will not be verified with backend-mode 'proxy'
|
|
# NOTE: changing this value does not require provisioning a new frontend URL
|
|
#ZROK_INSECURE="--insecure"
|
|
|
|
# backend-mode "web": run a web server and share a static HTML directory that's present on this host. Must be an
|
|
# absolute path to a directory that is readable by 'other'
|
|
#ZROK_BACKEND_MODE="web"
|
|
#ZROK_TARGET="/var/www/html"
|
|
|
|
# backend-mode "drive": run a WebDAV file server sharing a directory that's present on this host. Must be an absolute
|
|
# path to a directory that is readable by 'other'
|
|
#ZROK_BACKEND_MODE="drive"
|
|
#ZROK_TARGET="/usr/share/doc"
|
|
|
|
# backend-mode "caddy": run an embedded Caddy server configured by the supplied Caddyfile. Must be an absolute path that
|
|
# is readable by 'other'.
|
|
#ZROK_BACKEND_MODE="caddy"
|
|
#ZROK_TARGET="/opt/openziti/etc/zrok/multiple_upstream.Caddyfile"
|
|
|
|
#
|
|
## BACKEND MODES THAT ONLY WORK WITH PRIVATE SHARES
|
|
#
|
|
|
|
# you MUST set ZROK_FRONTEND_MODE to 'reserved-private' or 'temp-private' to use private share backend modes
|
|
|
|
#ZROK_BACKEND_MODE="tcpTunnel"
|
|
#ZROK_TARGET="127.0.0.1:25565"
|
|
|
|
#ZROK_BACKEND_MODE="udpTunnel"
|
|
#ZROK_TARGET="127.0.0.1:53"
|
|
|
|
# you MUST grant NET_ADMIN capability to the service to enable vpn mode, e.g., run:
|
|
# systemctl edit zrok-share.service
|
|
# uncomment 'AmbientCapabilities=CAP_NET_ADMIN'
|
|
#ZROK_BACKEND_MODE="vpn"
|
|
#ZROK_TARGET="10.122.0.1/16"
|
|
|
|
# there is no target for socks mode because the share is only a dynamic exit for the proxy client
|
|
#ZROK_BACKEND_MODE="socks"
|
|
#ZROK_TARGET=""
|
|
|
|
#
|
|
## ZROK FRONTEND
|
|
#
|
|
|
|
# you MAY customize the share token that is used to construct the reserved subdomain; if not set a random
|
|
# subdomain is reserved
|
|
# WARNING: changes take effect the next time the frontend URL is reserved
|
|
#ZROK_UNIQUE_NAME=""
|
|
|
|
# you MAY set one OAuth2/OIDC provider; "google" and "github" are valid for the default instance api.zrok.io
|
|
# WARNING: changes take effect the next time the frontend URL is reserved
|
|
# NOTE: basic auth and oauth are mutually exclusive
|
|
#ZROK_OAUTH_PROVIDER="google"
|
|
|
|
# you MAY restrict access to one or more email addresses or domains; must be a space-separate list
|
|
# WARNING: changes take effect the next time the frontend URL is reserved
|
|
#ZROK_OAUTH_EMAILS="alice@example.com *@acme.example.com"
|
|
|
|
# you MAY require a password with HTTP basic authentication
|
|
# WARNING: changes take effect the next time the frontend URL is reserved
|
|
# NOTE: basic auth and oauth are mutually exclusive
|
|
#ZROK_BASIC_AUTH=""
|
|
|
|
# set if self-hosting zrok and not using only the default frontend name 'public'; must be a space-separated list
|
|
# WARNING: changes take effect the next time the frontend URL is reserved
|
|
#ZROK_FRONTENDS="public"
|
|
|
|
# you MAY set to change the frontend mode: reserved-public (default), reserved-private, temp-public, temp-private
|
|
#ZROK_FRONTEND_MODE="reserved-public"
|
|
|
|
# you MAY restrict access to a private share allowing only your own zrok account
|
|
#ZROK_PERMISSION_MODE="closed"
|
|
# if permission mode "closed" - space-separated list of additional zrok account emails to grant access with the share token
|
|
#ZROK_ACCESS_GRANTS=""
|
|
|
|
|
|
#
|
|
## OPTIONS
|
|
#
|
|
|
|
# DEBUG log level
|
|
# NOTE: changing this value does not require provisioning a new frontend URL
|
|
#ZROK_VERBOSE="--verbose"
|
|
|
|
# you MAY set additional command-line options for the share; see "zrok reserve public --help" for hints
|
|
ZROK_SHARE_OPTS=""
|