Hi @jrdnr,
I’ve spent time tonight getting this to a state that I think makes sense and works and I think represents what you’re looking for. You should be able to take this exact docker-compose.yml
file and save it, then make a .env
file and put it into the same directory as docker-compose.yml
.
.env file
EDIT: Hopefully, it’s clear, but to make it explicit, you would want to change any ports you desire, but you must change the EXTERNAL_DNS
.
ZITI_IMAGE=openziti/quickstart
ZITI_VERSION=latest
ZITI_CONTROLLER_RAWNAME=ziti-controller
ZITI_CTRL_PORT=8440
ZITI_EDGE_CONTROLLER_PORT=8441
ZITI_EDGE_ROUTER_PORT=8442
ZITI_EDGE_ROUTER_LISTENER_BIND_PORT=10080
ZITI_ZAC_PORTTLS=8448
EXTERNAL_DNS=ec2-3-134-108-218.us-east-2.compute.amazonaws.com
ZITI_NETWORK_NAME=${EXTERNAL_DNS}
ZITI_CONTROLLER_HOSTNAME=${EXTERNAL_DNS}
ZITI_EDGE_ROUTER_RAWNAME=${EXTERNAL_DNS}
ZITI_EDGE_ROUTER_DESIRED_RAWNAME=${EXTERNAL_DNS}
ZITI_EDGE_ROUTER_HOSTNAME=${EXTERNAL_DNS}
ZITI_EDGE_ROUTER_ROLES=public
docker-compose.yml
version: '2.4'
services:
ziti-controller:
image: "${ZITI_IMAGE}:${ZITI_VERSION}"
env_file:
- ./.env
restart: always
ports:
- "${ZITI_EDGE_CONTROLLER_PORT}:${ZITI_EDGE_CONTROLLER_PORT}"
- "${ZITI_CTRL_PORT}:${ZITI_CTRL_PORT}"
networks:
ziti:
aliases:
- ziti-edge-controller
volumes:
- ziti-fs:/persistent
entrypoint:
- "/var/openziti/scripts/run-controller.sh"
ziti-controller-init-container:
image: "${ZITI_IMAGE}:${ZITI_VERSION}"
depends_on:
- ziti-controller
environment:
- ZITI_CONTROLLER_RAWNAME="${ZITI_CONTROLLER_RAWNAME}"
- ZITI_EDGE_CONTROLLER_RAWNAME="${EXTERNAL_DNS}"
env_file:
- ./.env
networks:
ziti:
aliases:
- ziti-edge-controller-init-container
volumes:
- ziti-fs:/persistent
entrypoint:
- "/var/openziti/scripts/run-with-ziti-cli.sh"
command:
- "/var/openziti/scripts/access-control.sh"
ziti-edge-router:
image: "${ZITI_IMAGE}:${ZITI_VERSION}"
environment:
- ZITI_EDGE_ROUTER_RAWNAME=${ZITI_EDGE_ROUTER_RAWNAME}
depends_on:
- ziti-controller
ports:
- "${ZITI_EDGE_ROUTER_PORT}:${ZITI_EDGE_ROUTER_PORT}"
- "${ZITI_EDGE_ROUTER_LISTENER_BIND_PORT}:${ZITI_EDGE_ROUTER_LISTENER_BIND_PORT}"
restart: always
networks:
- ziti
volumes:
- ziti-fs:/persistent
entrypoint: /bin/bash
command: "/var/openziti/scripts/run-router.sh edge"
ziti-console:
image: openziti/zac
environment:
- ZAC_SERVER_CERT_CHAIN=/persistent/pki/${EXTERNAL_DNS}-intermediate/certs/${EXTERNAL_DNS}-server.cert
- ZAC_SERVER_KEY=/persistent/pki/${EXTERNAL_DNS}-intermediate/keys/${EXTERNAL_DNS}-server.key
- PORTTLS=${ZITI_ZAC_PORTTLS}
depends_on:
- ziti-controller
restart: always
ports:
- "1408:1408"
- "${ZITI_ZAC_PORTTLS}:${ZITI_ZAC_PORTTLS}"
volumes:
- ziti-fs:/persistent
networks:
- ziti
web-test-blue:
image: crccheck/hello-world
#ports:
# - 80:8000
networks:
ziti:
aliases:
- web-test-ziti
- web-test.ziti
- web.test.ziti
networks:
ziti:
volumes:
ziti-fs:
Seeing it in action - walkthrough video
Here’s a video of me demonstrating starting everything from docker. I’ve already setup the security group to allow the ports through the web ACL (obviously)