mirror of
https://github.com/openziti/zrok.git
synced 2024-12-24 23:59:50 +01:00
16 lines
18 KiB
HTML
16 lines
18 KiB
HTML
<!doctype html>
|
||
<html lang="en" dir="ltr" class="docs-wrapper docs-doc-page docs-version-current plugin-docs plugin-id-default docs-doc-id-v0.3_sharing_modes">
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<meta name="generator" content="Docusaurus v2.2.0">
|
||
<title data-rh="true">v0.3 Public/Private Sharing | Zrok</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://zrok.io/docs/v0.3_sharing_modes"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="v0.3 Public/Private Sharing | Zrok"><meta data-rh="true" name="description" content="The v0.3 series introduces new sharing modes, and new types of built-in services."><meta data-rh="true" property="og:description" content="The v0.3 series introduces new sharing modes, and new types of built-in services."><link data-rh="true" rel="icon" href="/img/space-ziggy.png"><link data-rh="true" rel="canonical" href="https://zrok.io/docs/v0.3_sharing_modes"><link data-rh="true" rel="alternate" href="https://zrok.io/docs/v0.3_sharing_modes" hreflang="en"><link data-rh="true" rel="alternate" href="https://zrok.io/docs/v0.3_sharing_modes" hreflang="x-default"><link rel="stylesheet" href="/assets/css/styles.229c1336.css">
|
||
<link rel="preload" href="/assets/js/runtime~main.e144ca62.js" as="script">
|
||
<link rel="preload" href="/assets/js/main.15b8ad08.js" as="script">
|
||
</head>
|
||
<body class="navigation-with-keyboard">
|
||
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"dark")}()</script><div id="__docusaurus">
|
||
<div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#docusaurus_skipToContent_fallback">Skip to main content</a></div><nav class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><div class="navbar__logo"><img src="/img/space-ziggy.png" alt="Ziggy Goes to Space" class="themedImage_ToTc themedImage--light_HNdA"><img src="/img/space-ziggy.png" alt="Ziggy Goes to Space" class="themedImage_ToTc themedImage--dark_i4oU"></div><b class="navbar__title text--truncate">zrok</b></a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/docs/">Docs</a></div><div class="navbar__items navbar__items--right"><a href="https://github.com/openziti/zrok" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="Switch between dark and light mode (currently dark mode)" aria-label="Switch between dark and light mode (currently dark mode)" aria-live="polite"><svg viewBox="0 0 24 24" width="24" height="24" class="lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" class="darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg></button></div><div class="searchBox_ZlJk"></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebar_njMd"><nav class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/">Zrok</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/network/prod/zrok.io-network-skeleton">network</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/v0.1_overview">zrok v0.1.x</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/v0.2_account_requests">Account Request Process</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/v0.2_quickstart">zrok quickstart</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/docs/v0.3_getting_started/getting_started">v0.3_getting_started</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/v0.3_nginx_tls_guide">Nginx Reverse Proxy for zrok</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/v0.3_reserved_services">v0.3 Reserved Services</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/v0.3_self_hosting_guide">v0.3 Self-Hosting Guide</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" href="/docs/v0.3_sharing_modes">v0.3 Public/Private Sharing</a></li></ul></nav></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs" itemscope="" itemtype="https://schema.org/BreadcrumbList"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_OVgt"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li itemscope="" itemprop="itemListElement" itemtype="https://schema.org/ListItem" class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link" itemprop="name">v0.3 Public/Private Sharing</span><meta itemprop="position" content="1"></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><h1>v0.3 Public/Private Sharing</h1><p>The <code>v0.3</code> series introduces new sharing modes, and new types of built-in services.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="share-modes">Share Modes<a class="hash-link" href="#share-modes" title="Direct link to heading"></a></h2><p><em>Note: In <code>v0.3</code>, the <code>tunnel</code> and <code>untunnel</code> concepts get renamed to <code>share</code> and <code>unshare</code>.</em></p><p><em>Note: We're going to continue using <code>frontend</code> and <code>backend</code> as concepts, even though those words will be changing in the <code>zrok</code> CLI. A <code>frontend</code> will continue to describe an "ingress" into the <code>zrok</code>service, and is the tool that is used by the user "consuming" or <code>access</code>-ing the the <code>zrok</code> service. A <code>backend</code> will continue to describe the "binding" created by a user that wants to <code>share</code> a resource.</em></p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="public-sharing">Public Sharing<a class="hash-link" href="#public-sharing" title="Direct link to heading"></a></h3><p>In <code>v0.2</code>, <code>zrok</code> only offered a "public" sharing mode. The public sharing mode will allow any configured <code>frontend</code> instances to send traffic to any <code>backend</code>. The policy and permission model was very simple and flat. A <code>v0.2</code> deployment considers any available <code>frontend</code> instance to be allowed to send traffic to configured services. The access for <code>frontend</code> instances is controlled by identity provisioning within the underlying Ziti network.</p><p>In <code>v0.3</code>, <code>zrok</code> will offer both a "public" and a "private" sharing mode. When <code>v0.3</code> configures the policies for a service, a publicly-shared service will have policies created that allow whichever selected public <code>frontend</code> instances to access the shared <code>backend</code>. A <code>v0.3</code> deployment will have a collection of multi-tenant, high-capacity <code>frontend</code> instances available to be selected from. The <code>zrok</code> CLI will default to selecting the <code>public</code> <code>frontend</code> instances.</p><p>The <code>frontend</code> selection approach also gives us a clean implementation for picking public <code>frontend</code> instances based on geography (either network or physical). The production <code>zrok.io</code> service could easily offer multiple different fleets of <code>frontend</code> instances, and this mechanism will allow <code>backend</code> users to choose where they want to offer access to their service.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="private-sharing">Private Sharing<a class="hash-link" href="#private-sharing" title="Direct link to heading"></a></h3><p><code>v0.3</code> introduces a "private" sharing mode. When provisioning a service for private sharing, <code>zrok</code> will not create any policies for the service, until a request for a <code>frontend</code> binding is created for the service (through the <code>v0.3</code> <code>zrok access</code> command).</p><p>The <code>v0.3</code> <code>zrok</code> API will support creating <code>frontend</code> instances for both identified users (where the <code>zrok</code> user has a provisioned <code>environment</code>), as well as ephemeral users (the <code>zrok</code> controller will create a single-use "ephemeral environment" for these <code>frontend</code> instances).</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="backend-modes">Backend Modes<a class="hash-link" href="#backend-modes" title="Direct link to heading"></a></h2><p>In <code>v0.2</code>, the only possible <code>backend</code> "mode" was used for reverse proxying HTTP traffic to a local endpoint. The <code>v0.3</code> <code>zrok</code> client will support several different <code>backend</code> modes, providing a number of built-in conveniences.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="web-mode">Web Mode<a class="hash-link" href="#web-mode" title="Direct link to heading"></a></h3><p>A user has a collection of files on disk. Sharing with a <code>backend</code> mode of "web", will create a <code>backend</code> that shares a file tree as if it were a local web server. This effectively allows a user to bind a web-server backend to a document root with a single CLI command.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="dav-mode">DAV Mode<a class="hash-link" href="#dav-mode" title="Direct link to heading"></a></h3><p>A user wants to operate a read/write repository of files accessible through either conventional WebDAV clients (through <code>public</code> <code>frontend</code> instances), or through the <code>zrok</code> CLI (a convenience wrapper, embedding WebDAV capabilities).</p><p>This allows users to create read/write repositories of files that can be shared with multiple users, and also allows for the creation of write-only "drop boxes" for receiving files from another user (often a tricky thing to do well and securely on the public internet).</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="proxy-mode">Proxy Mode<a class="hash-link" href="#proxy-mode" title="Direct link to heading"></a></h3><p><code>v0.3</code> will retain the classic reverse proxy mode, as well. Will continue to allow a user to expose a local HTTP endpoint through <code>zrok</code>.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="entities-sql">Entities (SQL)<a class="hash-link" href="#entities-sql" title="Direct link to heading"></a></h2><p><code>v0.3</code> introduces a new <code>frontends</code> table to allow the <code>zrok</code> controller to track the frontend instances that are available to any account or environment.</p><p>The following illustration shows the possibilities available.</p><p><img loading="lazy" alt="v0.3 Frontend Selection" src="/assets/images/zrok_frontends_v0.3-d84f72f42d54f6cda21dca1b56e4954c.png" width="747" height="341" class="img_ev3q"></p><p>The <code>*.in.zrok.io</code> frontend is a "public" frontend, available to all <code>zrok</code> users. Most <code>zrok</code> installations will want to have at least one public, global frontend for all public, internet-facing ingress traffic for private backend instances. In the underlying data store, the public frontend will have a <code>name</code> set to <code>public</code> (or some other representative name), allowing users to reference that <code>frontend</code> using a friendly label.</p><p>The other two "private" frontends are configured with no <code>name</code> label (the lack of a <code>name</code> label signifies that these are "private" frontends). The ephemeral environment is allocated when a <code>zrok</code> frontend request is made without an account on behalf of a private share.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/openziti/zrok/tree/main/../docs/v0.3_sharing_modes.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/v0.3_self_hosting_guide"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">v0.3 Self-Hosting Guide</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#share-modes" class="table-of-contents__link toc-highlight">Share Modes</a><ul><li><a href="#public-sharing" class="table-of-contents__link toc-highlight">Public Sharing</a></li><li><a href="#private-sharing" class="table-of-contents__link toc-highlight">Private Sharing</a></li></ul></li><li><a href="#backend-modes" class="table-of-contents__link toc-highlight">Backend Modes</a><ul><li><a href="#web-mode" class="table-of-contents__link toc-highlight">Web Mode</a></li><li><a href="#dav-mode" class="table-of-contents__link toc-highlight">DAV Mode</a></li><li><a href="#proxy-mode" class="table-of-contents__link toc-highlight">Proxy Mode</a></li></ul></li><li><a href="#entities-sql" class="table-of-contents__link toc-highlight">Entities (SQL)</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2023 NetFoundry Inc. Built with Docusaurus.</div></div></div></footer></div>
|
||
<script src="/assets/js/runtime~main.e144ca62.js"></script>
|
||
<script src="/assets/js/main.15b8ad08.js"></script>
|
||
</body>
|
||
</html> |