-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker image and docker-compose.yml for self-hosting. #367
Comments
@qrkourier Is this something you could take a look at? |
Finishing this minimal compose project for self-hosted zrok is high on my list of things to do. The associated branch here is ~65% done. The main piece that needs to be added is a wrapper program to render the templates. I was thinking a shell script using envsubst, but now I'm leaning toward Python using Jinja because some of the sections need to be conditional, not only vars, like the OAuth client stuff for Google login must be absent unless defined. There's already a zrok Python SDK, and one option would be to include this piece as an executable. Another is to ship it as a separate PyPi module, e.g., There's another argument for making this part of zrok itself, like a |
It seems the compose file looks complicated for me, but it's ok if it's just up with one compose command. Regarding rendering templates, using Python and Jinja is more reliable, because of the popularity of Python and its simplicity of on other hand. And I think separating docker as itself from zrok is good. Almost everyone has a docker installation, and in my opinion, using the docker command inside zrok may be confusing. Sorry if I don't understand properly the message above. I just wanted to give some feedback. |
If we added a Docker admin command, it could work like this: Create a Docker Compose project for hosting a zrok instance fronted by Caddy
Usage:
zrok admin docker <dir> [flags]
Flags:
-z, --dns-zone DNS zone for this instance with a wildcard record resolving to the public IP, e.g., zrok.example.com (ZROK_DNS_ZONE)
-c, --caddy-dns-plugin DNS provider plugin for obtaining a wildcard certificate for the DNS zone, .e.g.,
"digitalocean" from alternatives in https://github.com/caddy-dns (ZROK_CADDY_DNS_PLUGIN)
-t, --dns-provider-token DNS provider API token used by Caddy to complete the DNS challenge (ZROK_CADDY_DNS_API_TOKEN)
-e, --acme-email Address to receive certificate expiration warnings in case they're not auto-renewed by Caddy (ZROK_CADDY_ACME_EMAIL)
-a, --zrok-admin-token generated if unset (ZROK_ADMIN_TOKEN)
-p, --ziti-admin-password generated if unset (ZITI_PWD)
--no-caddy Don't use Caddy to auto-renew the TLS certificate or reverse proxy zrok and ziti (manage TLS separately)
--no-ziti Don't run a ziti controller and router (provide Ziti separately)
You may override any flag's env var with a command-line arg.
Global Flags:
-p, --panic Panic instead of showing pretty errors
-v, --verbose Enable verbose logging |
No external dependencies on files or such, correct? Continues to be self-contained in the |
Correct |
It'd be a one-shot bootstrapper that renders its embedded templates in the specified dir. The user still needs Docker so they can enter that dir and say |
Seems reasonable to me. 👍 |
I'm approaching completeness for the zrok Docker self-hosting PoC. I'm calling it the "Docker quickstart" in the linked pull request. In this comment from the linked pull request, I elaborated on the two-step path to the more elegant and complete picture we sketched out here in this issue, i.e., a One of the differences you'll notice between the quickstart and the built-in command is that, with the built-in I'll use this Docker (self-hosted zrok) quickstart to gather feedback. Please react to your experience of the forthcoming quickstart with special attention to:
Your feedback is valuable and will inform how the next iteration will work: the built-in |
The Docker hosting guide is published in https://docs.zrok.io/docs/guides/self-hosting/docker/ |
Hello!
Any news about docker-compose for self-hosting options?
The text was updated successfully, but these errors were encountered: