Skip to content

Commit

Permalink
fix and dry docker share
Browse files Browse the repository at this point in the history
  • Loading branch information
@qrkourier
qrkourier committed Nov 28, 2023
1 parent e2e303c commit 9da5b7c
Show file tree
Hide file tree
Showing 6 changed files with 185 additions and 203 deletions.
24 changes: 8 additions & 16 deletions docker/compose/zrok-private-access/compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,28 +7,20 @@ services:
volumes:
- zrok_env:/mnt/.zrok

# enable zrok environment
zrok-enable:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
depends_on:
zrok-init:
condition: service_completed_successfully
entrypoint:
- bash
- -euc
- |
if [[ -n "$(jq '.ziti_identity' ~/.zrok/environment.json 2>/dev/null)" ]]; then
echo "INFO: zrok environment is already enabled"
exit 0
else
zrok config set apiEndpoint ${ZROK_API_ENDPOINT:-https://api.zrok.io}
echo "INFO: running: zrok $$(sed -E "s/${ZROK_ENABLE_TOKEN}/************/" <<< $${@})"
exec zrok "$${@}"
fi
command: -- enable --headless --description "${ZROK_ENVIRONMENT_NAME:-docker private access}" ${ZROK_ENABLE_TOKEN}
entrypoint: zrok-enable.bash
volumes:
- zrok_env:/mnt/.zrok
- zrok_env:/mnt
environment:
HOME: /mnt
STATE_DIRECTORY: /mnt
ZROK_ENABLE_TOKEN:
ZROK_API_ENDPOINT:
ZROK_ENVIRONMENT_NAME: docker-private-access

zrok-access:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
Expand All @@ -39,7 +31,7 @@ services:
ports:
- 9191:9191 # expose the zrok private access proxy to the Docker host
volumes:
- zrok_env:/mnt/.zrok
- zrok_env:/mnt
environment:
HOME: /mnt
PFXLOG_NO_JSON: "true"
Expand Down
35 changes: 17 additions & 18 deletions docker/compose/zrok-private-share/compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,42 +7,41 @@ services:
volumes:
- zrok_env:/mnt/.zrok

# enable zrok environment
zrok-enable:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
depends_on:
zrok-init:
condition: service_completed_successfully
entrypoint:
- bash
- -euc
- |
if [[ -n "$(jq '.ziti_identity' ~/.zrok/environment.json 2>/dev/null)" ]]; then
echo "INFO: zrok environment is already enabled"
exit 0
else
zrok config set apiEndpoint ${ZROK_API_ENDPOINT:-https://api.zrok.io}
echo "INFO: running: zrok $$(sed -E "s/${ZROK_ENABLE_TOKEN}/************/" <<< $${@})"
exec zrok "$${@}"
fi
command: -- enable --headless --description "${ZROK_ENVIRONMENT_NAME:-docker private share}" ${ZROK_ENABLE_TOKEN}
entrypoint: zrok-enable.bash
volumes:
- zrok_env:/mnt/.zrok
- zrok_env:/mnt
environment:
HOME: /mnt
STATE_DIRECTORY: /mnt
ZROK_ENABLE_TOKEN:
ZROK_API_ENDPOINT:
ZROK_ENVIRONMENT_NAME: docker-private-share

zrok-share:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
command: share private --headless --backend-mode proxy ${ZROK_TARGET:-http://zrok-test:9090/}
entrypoint:
- bash
- -euxc
- |
echo "DEBUG: HOME=$${HOME}"
ls -lA /mnt/.zrok/
exec zrok $${@}
command: -- share private --headless --backend-mode proxy ${ZROK_TARGET:-http://zrok-test:9090/}
depends_on:
zrok-enable:
condition: service_completed_successfully
volumes:
- zrok_env:/mnt/.zrok
- zrok_env:/mnt
environment:
HOME: /mnt
PFXLOG_NO_JSON: "true"

# demo servers you can share with zrok
# demo server you can share with zrok
zrok-test:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
command: test endpoint --address 0.0.0.0 # 9090
Expand Down
68 changes: 18 additions & 50 deletions docker/compose/zrok-public-reserved/compose.yml
View file
Original file line number Diff line number Diff line change
@@ -1,46 +1,7 @@
services:
# create Caddyfile
zrok-caddyfile:
image: busybox
# create Caddyfile
entrypoint:
- sh
- -euc
- |
ZROK_UPSTREAM_URL="${ZROK_TARGET:-http://zrok-test:9090}"
ZROK_UPSTREAM_HOST="$(echo $${ZROK_UPSTREAM_URL}|sed -E 's#^https?://([^/:]+).*#\1#')"
mkdir -p /mnt/.zrok
cat <<CADDYFILE >| /mnt/.zrok/Caddyfile
{
# GET /config/ and POST /load on this API to reload Caddy config
admin 0.0.0.0:2019
}
http:// {
bind {{ .ZrokBindAddress }}
handle_path /zrok-test/* {
reverse_proxy http://zrok-test:9090 {
header_up Host zrok-test
}
}
handle_path /zrok-static/* {
root * /mnt/.zrok/html
file_server browse
}
reverse_proxy /* $${ZROK_UPSTREAM_URL} {
header_up Host $${ZROK_UPSTREAM_HOST}
}
}
CADDYFILE
user: root
volumes:
- zrok_env:/mnt

# set file ownership
zrok-init:
image: busybox
depends_on:
zrok-caddyfile:
condition: service_completed_successfully
# matches uid:gid of "nobody" in zrok container image
command: chown -Rc 65534:65534 /mnt/
user: root
Expand All @@ -60,27 +21,34 @@ services:
STATE_DIRECTORY: /mnt
ZROK_ENABLE_TOKEN:
ZROK_API_ENDPOINT:
ZROK_ENVIRONMENT_NAME:
ZROK_ENVIRONMENT_NAME: docker-public-reserved

# reserve zrok frontend subdomain and start sharing the target
zrok-share:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
entrypoint: zrok-share.bash
entrypoint: bash -x zrok-share.bash
depends_on:
zrok-enable:
condition: service_completed_successfully
volumes:
- zrok_env:/mnt
ports: []
# - 127.0.0.1:2019:2019 # Caddy admin API
environment:
STATE_DIRECTORY: /mnt
PFXLOG_NO_JSON: "true"
ZROK_BACKEND_MODE:
ZROK_TARGET:
ZROK_OAUTH_PROVIDER:
ZROK_OATH_EMAILS:
ZROK_BASIC_AUTH:
# internal configuration
STATE_DIRECTORY: /mnt # zrok homedir in container

# most relevant options
ZROK_BACKEND_MODE: proxy # web, caddy, drive, proxy
ZROK_TARGET: http://zrok-test:9090 # backend target, is a path in container filesystem unless proxy mode
ZROK_INSECURE: # "--insecure" if proxy target has unverifiable TLS server certificate
ZROK_OAUTH_PROVIDER: # google, github
ZROK_OATH_EMAILS: # allow space-separated list of OAuth email addresses or @domain.tld
ZROK_BASIC_AUTH: # username:password, mutually-exclusive with ZROK_OAUTH_PROVIDER

# least relevant options
ZROK_VERBOSE: # "--verbose"
ZROK_SHARE_OPTS: # additional arguments to "zrok reserve public" command
ZROK_FRONTENDS: # "public"
PFXLOG_NO_JSON: "true" # suppress JSON logging format

# demo server
zrok-test:
Expand Down
64 changes: 29 additions & 35 deletions docker/compose/zrok-public-share/compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,52 +15,46 @@ services:
depends_on:
zrok-init:
condition: service_completed_successfully
entrypoint:
- bash
- -euc
- |
if [[ -n "$(jq '.ziti_identity' ~/.zrok/environment.json 2>/dev/null)" ]]; then
echo "INFO: zrok environment is already enabled"
exit 0
else
zrok config set apiEndpoint ${ZROK_API_ENDPOINT:-https://api.zrok.io}
echo "INFO: running: zrok $$(sed -E "s/${ZROK_ENABLE_TOKEN}/************/" <<< $${@})"
exec zrok "$${@}"
fi
command: -- enable --headless --description "${ZROK_ENVIRONMENT_NAME:-docker temp public share}" ${ZROK_ENABLE_TOKEN}
entrypoint: zrok-enable.bash
volumes:
- zrok_env:/mnt/.zrok
- zrok_env:/mnt
environment:
HOME: /mnt
STATE_DIRECTORY: /mnt
ZROK_ENABLE_TOKEN:
ZROK_API_ENDPOINT:
ZROK_ENVIRONMENT_NAME: docker-public-share

# start share on temporary public frontend url
# provision a temporary zrok frontend subdomain and start sharing the backend target
zrok-share:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
entrypoint:
- bash
- -euc
- |
set -o pipefail
ZROK_CMD="share public --headless"
if [[ -n "${ZROK_SHARE_OPTS:-}" ]]; then
ZROK_CMD+=" ${ZROK_SHARE_OPTS}"
fi
if [[ -n "${ZROK_OAUTH_PROVIDER:-}" ]]; then
ZROK_CMD+=" --oauth-provider ${ZROK_OAUTH_PROVIDER}"
fi
ZROK_CMD+=" --backend-mode proxy ${ZROK_TARGET:-http://zrok-test:9090/}"
echo "INFO: running: zrok $${ZROK_CMD}"
exec zrok $${ZROK_CMD}
entrypoint: zrok-share.bash
depends_on:
zrok-enable:
condition: service_completed_successfully
volumes:
- zrok_env:/mnt/.zrok
- zrok_env:/mnt
ports: []
# - 127.0.0.1:2019:2019 # Caddy admin API
environment:
HOME: /mnt
PFXLOG_NO_JSON: "true"
# internal configuration
STATE_DIRECTORY: /mnt # zrok homedir in container
ZROK_FRONTEND_MODE: temp-public # tells zrok-share.bash to create a temporary subdomain and share until exit

# most relevant options
ZROK_BACKEND_MODE: proxy # web, caddy, drive, proxy
ZROK_TARGET: http://zrok-test:9090 # backend target, is a path in container filesystem unless proxy mode
ZROK_INSECURE: # "--insecure" if proxy target has unverifiable TLS server certificate
ZROK_OAUTH_PROVIDER: # google, github
ZROK_OATH_EMAILS: # space-separated list of OAuth email addresses or @domain.tld to allow
ZROK_BASIC_AUTH: # username:password, mutually-exclusive with ZROK_OAUTH_PROVIDER

# least relevant options
ZROK_VERBOSE: # "--verbose"
ZROK_SHARE_OPTS: # additional arguments to "zrok share public" command
ZROK_FRONTENDS: # "public"
PFXLOG_NO_JSON: "true" # suppress JSON logging format

# demo servers you can share with zrok
# demo server you can share with zrok
zrok-test:
image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
command: test endpoint --address 0.0.0.0 # 9090
Expand Down
3 changes: 2 additions & 1 deletion nfpm/zrok-enable.bash
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,14 @@ fi

if (( $# )); then
if [[ -s "$1" ]]; then
echo "INFO: reading enable parameters from $1"
source "$1"
else
echo "ERROR: \$1="$1" is empty or not a readable file" >&2
exit 1
fi
else
echo "WARNING: no env filename argument, trying to read configuration from environment variables" >&2
echo "INFO: reading enable parameters from environment variables"
fi

if [[ -z "${ZROK_ENABLE_TOKEN}" ]]; then
Expand Down
Loading

0 comments on commit 9da5b7c

Please sign in to comment.