compose.yml

# downloaded from https://docs.zrok.io/zrok-public-reserved/compose.yml

services:
  # set file ownership
  zrok-init:
    image: busybox
    # matches uid:gid of "nobody" in zrok container image
    command: chown -Rc 2171:2171 /mnt/
    user: root
    volumes:
      - zrok_env:/mnt

  # enable zrok environment
  zrok-enable:
    image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
    depends_on:
      zrok-init:
        condition: service_completed_successfully
    entrypoint: zrok-enable.bash
    volumes:
      - zrok_env:/mnt
    environment:
      STATE_DIRECTORY: /mnt
      ZROK_ENABLE_TOKEN:
      ZROK_API_ENDPOINT:
      ZROK_ENVIRONMENT_NAME:

  # reserve zrok frontend subdomain and start sharing the target
  zrok-share:
    image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
    restart: unless-stopped
    entrypoint: zrok-share.bash
    depends_on:
      zrok-enable:
        condition: service_completed_successfully
    volumes:
      - zrok_env:/mnt
    environment:
      # internal configuration
      STATE_DIRECTORY: /mnt  # zrok homedir in container

      # most relevant options
      ZROK_BACKEND_MODE:    # web, caddy, drive, proxy
      ZROK_TARGET:          # backend target, is a path in container filesystem unless proxy mode
      ZROK_INSECURE:        # "--insecure" if proxy target has unverifiable TLS server certificate
      ZROK_OAUTH_PROVIDER:  # google, github
      ZROK_OATH_EMAILS:     # allow space-separated list of OAuth email addresses or @domain.tld
      ZROK_BASIC_AUTH:      # username:password, mutually-exclusive with ZROK_OAUTH_PROVIDER

      # least relevant options
      ZROK_VERBOSE:           # "--verbose"
      ZROK_SHARE_OPTS:        # additional arguments to "zrok reserve public" command
      ZROK_FRONTENDS:         # "public"
      PFXLOG_NO_JSON: "true"  # suppress JSON logging format

  # demo server
  zrok-test:
    image: ${ZROK_CONTAINER_IMAGE:-docker.io/openziti/zrok}
    command: test endpoint --address 0.0.0.0  # 9090

volumes:
  zrok_env: