absolute noob here. self-hosted using docker. copied every line to line. now I want to enable TLS using nginx. I was able add TLS using nginx. now I want to change url template. but, I don't know how to get token. when I run zrok admin list frontends, it asks me to provide admin token. but even when I provide ZROK_ADMIN_TOKEN it says panic: [GET /frontends][401] listFrontendsUnauthorized. how do I get token?
Hey @sigoko7829!
Are you following this guide: Self-hosting guide for Docker | Zrok?
I understand you don't want to use the included Caddy container to automatically renew you wildcard TLS certificate, and you have set up Nginx with an external certificate renewal process instead.
If you change your mind and decide to follow that guide to enable Caddy by renaming caddy.compose.override.yml as compose.override.yml and providing the API token from your DNS provider, then the frontend will be automatically updated.
That extra Compose file enables Caddy and sets these environment variables on the frontend container so that it will configure the "public" frontend's template on startup. You can change the zrok-frontend container/service in your Compose file to override its entrypoint or change it in zrok-frontend.Dockerfile if you wish to disable env var auto-configuration.
zrok-frontend:
environment:
ZROK_FRONTEND_SCHEME: https
ZROK_FRONTEND_PORT: 443
Here's the manual process that's applicable to zrok generally. This is done automatically in the Docker project from the guide by the frontend container's entrypoint script.
Assuming you followed that guide, you can run zrok admin commands in the frontend container (not the controller container) like this, but changes to the frontend template will be reset the next time the frontend container starts. See the above env vars to persist the change, even if not using Caddy.
docker compose exec zrok-frontend zrok admin list frontends
TOKEN ZID PUBLIC NAME URL TEMPLATE CREATED AT UPDATED AT
GL5LZOJuv9Xi jCMfHELM4 public http://{token}.local.bingnet.cloud:8080 2024-05-16 10:52:48.293 +0000 UTC 2024-05-16 10:52:48.293 +0000 UTC
That reveals your current frontend template and the "public" frontend token, which is necessary for updating the template.
Now, we can update the template to use the Nginx or Caddy reverse proxy, which modifies the URL of new public shares.
docker compose exec zrok-frontend zrok admin update frontend "GL5LZOJuv9Xi" --url-template 'https://{token}.local.bingnet.cloud:443'
[ 0.016] INFO main.(*adminUpdateFrontendCommand).run: updated global frontend 'GL5LZOJuv9Xi'
docker compose exec zrok-frontend zrok admin list frontends
TOKEN ZID PUBLIC NAME URL TEMPLATE CREATED AT UPDATED AT
GL5LZOJuv9Xi jCMfHELM4 public https://{token}.local.bingnet.cloud:443 2024-05-16 10:52:48.293 +0000 UTC 2024-05-16 10:55:26 +0000 UTC
1 Like
thanks, it worked 
how do I mark your reply solved, btw?
Cool, thanks for letting me know! I don't know of a way to mark an answer in this forum. 
Did you decide to set the env vars like this so the frontend will auto-configure itself for TLS even without Caddy?
zrok-frontend:
environment:
ZROK_FRONTEND_SCHEME: https
ZROK_FRONTEND_PORT: 443
BTW, the same vars can go in the .env file or be set in the parent process environment of the Docker host.
no, i did not configure caddy at all. also i did not change env vars as you mentioned in your last reply. my zrok is running in non-tls mode and nginx handling the tls
Yeah you can use Nginx for sure. You might not have seen the info I added about how the vars will persist the frontend template, whereas setting it manually with zrok admin will not.
It's because the frontend container in this project uses env vars to auto-configure on startup, so it will go back to non-TLS next time you restart the frontend container.
If you just set these two vars in your .env or the compose file it will auto-configure for TLS.
ZROK_FRONTEND_SCHEME: https
ZROK_FRONTEND_PORT: 443
1 Like