Connect Desktop Tunneler to Docker Quickstart on seperate host

Ziti Overlay
3

Hi @jrdnr,

I’ve spent time tonight getting this to a state that I think makes sense and works and I think represents what you’re looking for. You should be able to take this exact docker-compose.yml file and save it, then make a .env file and put it into the same directory as docker-compose.yml.

.env file

EDIT: Hopefully, it’s clear, but to make it explicit, you would want to change any ports you desire, but you must change the EXTERNAL_DNS.

ZITI_IMAGE=openziti/quickstart
ZITI_VERSION=latest
ZITI_CONTROLLER_RAWNAME=ziti-controller

ZITI_CTRL_PORT=8440
ZITI_EDGE_CONTROLLER_PORT=8441
ZITI_EDGE_ROUTER_PORT=8442
ZITI_EDGE_ROUTER_LISTENER_BIND_PORT=10080
ZITI_ZAC_PORTTLS=8448

EXTERNAL_DNS=ec2-3-134-108-218.us-east-2.compute.amazonaws.com
ZITI_NETWORK_NAME=${EXTERNAL_DNS}
ZITI_CONTROLLER_HOSTNAME=${EXTERNAL_DNS}

ZITI_EDGE_ROUTER_RAWNAME=${EXTERNAL_DNS}
ZITI_EDGE_ROUTER_DESIRED_RAWNAME=${EXTERNAL_DNS}
ZITI_EDGE_ROUTER_HOSTNAME=${EXTERNAL_DNS}

ZITI_EDGE_ROUTER_ROLES=public

docker-compose.yml

version: '2.4'
services:
  ziti-controller:
    image: "${ZITI_IMAGE}:${ZITI_VERSION}"
    env_file:
      - ./.env
    restart: always
    ports:
      - "${ZITI_EDGE_CONTROLLER_PORT}:${ZITI_EDGE_CONTROLLER_PORT}"
      - "${ZITI_CTRL_PORT}:${ZITI_CTRL_PORT}"
    networks:
      ziti:
        aliases:
          - ziti-edge-controller
    volumes:
      - ziti-fs:/persistent
    entrypoint:
      - "/var/openziti/scripts/run-controller.sh"

  ziti-controller-init-container:
    image: "${ZITI_IMAGE}:${ZITI_VERSION}"
    depends_on:
      - ziti-controller
    environment:
      - ZITI_CONTROLLER_RAWNAME="${ZITI_CONTROLLER_RAWNAME}"
      - ZITI_EDGE_CONTROLLER_RAWNAME="${EXTERNAL_DNS}"
    env_file:
      - ./.env
    networks:
      ziti:
        aliases:
          - ziti-edge-controller-init-container
    volumes:
      - ziti-fs:/persistent
    entrypoint:
      - "/var/openziti/scripts/run-with-ziti-cli.sh"
    command:
      - "/var/openziti/scripts/access-control.sh"

  ziti-edge-router:
    image: "${ZITI_IMAGE}:${ZITI_VERSION}"
    environment:
      - ZITI_EDGE_ROUTER_RAWNAME=${ZITI_EDGE_ROUTER_RAWNAME}
    depends_on:
      - ziti-controller
    ports:
      - "${ZITI_EDGE_ROUTER_PORT}:${ZITI_EDGE_ROUTER_PORT}"
      - "${ZITI_EDGE_ROUTER_LISTENER_BIND_PORT}:${ZITI_EDGE_ROUTER_LISTENER_BIND_PORT}"
    restart: always
    networks:
      - ziti
    volumes:
       - ziti-fs:/persistent
    entrypoint: /bin/bash
    command: "/var/openziti/scripts/run-router.sh edge"

  ziti-console:
    image: openziti/zac
    environment:
      - ZAC_SERVER_CERT_CHAIN=/persistent/pki/${EXTERNAL_DNS}-intermediate/certs/${EXTERNAL_DNS}-server.cert
      - ZAC_SERVER_KEY=/persistent/pki/${EXTERNAL_DNS}-intermediate/keys/${EXTERNAL_DNS}-server.key
      - PORTTLS=${ZITI_ZAC_PORTTLS}
    depends_on:
      - ziti-controller
    restart: always
    ports:
      - "1408:1408"
      - "${ZITI_ZAC_PORTTLS}:${ZITI_ZAC_PORTTLS}"
    volumes:
      - ziti-fs:/persistent
    networks:
      - ziti

  web-test-blue:
    image: crccheck/hello-world
    #ports:
    #  - 80:8000
    networks:
      ziti:
        aliases:
          - web-test-ziti
          - web-test.ziti
          - web.test.ziti

networks:
  ziti:

volumes:
  ziti-fs:

Seeing it in action - walkthrough video

Here’s a video of me demonstrating starting everything from docker. I’ve already setup the security group to allow the ports through the web ACL (obviously)

2 Likes