docs: fix reverse proxy guides (#9118)

# Which Problems Are Solved Commands for installing compose stacks with reverse proxies don't work. # How the Problems Are Solved - The `docker compose up` commands are fixed by specifying all necessary services to spin up. This is obviously not (or not with all docker compose versions) resolved by the dependencies declarations. - The initial postgres admin username is postgres. - Fix postgres health check to succeed before the init job created the DB. - A hint tells the user to install the grpcurl binary. # Additional Changes - Passing `--wait` to `docker compose up` doesn't require us to sleep for exactly three seconds. - It looks to me like the order of the depends_on declaration for zitadel matters, but I don't understand why. I changed it so that it's for sure correct. - Silenced some command outputs - Removed the version property from all compose files to avoid the following warning ``` WARN[0000] /tmp/caddy-example/docker-compose-base.yaml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion ``` # Additional Context - Closes https://github.com/zitadel/zitadel/issues/9115 This is the easiest way to test the updated docs: ```bash # Use this PR branches files: export ZITADEL_CONFIG_FILES=https://raw.githubusercontent.com/zitadel/zitadel/refs/heads/fix-reverse-proxy-guides/docs/docs/self-hosting/manage/reverseproxy ``` The rest of the commands as described in https://docs-git-fix-reverse-proxy-guides-zitadel.vercel.app/docs/self-hosting/manage/reverseproxy/caddy ![image](https://github.com/user-attachments/assets/949d2c2a-246a-49a2-916a-e77250771074)
2025-02-28 23:07:22 +00:00 · 2025-01-03 15:00:27 +01:00 · 2025-01-03 15:00:27 +01:00 · 2bfdb72bf3
commit 2bfdb72bf3
parent a3d80f93ff
11 changed files with 13 additions and 33 deletions
--- a/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
+++ b/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
@ -1,4 +1,3 @@
 version: '3.8'
 services:
  traefik:
--- a/docs/docs/self-hosting/manage/configure/docker-compose.yaml
+++ b/docs/docs/self-hosting/manage/configure/docker-compose.yaml
@ -1,5 +1,3 @@
 version: "3.8"
 services:
  zitadel:
    restart: "always"
--- a/docs/docs/self-hosting/manage/reverseproxy/_proxy_guide_tls_mode.mdx
+++ b/docs/docs/self-hosting/manage/reverseproxy/_proxy_guide_tls_mode.mdx
@ -24,7 +24,7 @@ export const Description = ({mode, link}) => {
 }
 export const Commands = ({mode, name, lower, configfilename}) => {
-    let genCert = '# Generate a self signed certificate and key.\nopenssl req -x509 -batch -subj "/CN=127.0.0.1.sslip.io/O=ZITADEL Demo" -nodes -newkey rsa:2048 -keyout ./selfsigned.key -out ./selfsigned.crt\n\n';
+    let genCert = '# Generate a self signed certificate and key.\nopenssl req -x509 -batch -subj "/CN=127.0.0.1.sslip.io/O=ZITADEL Demo" -nodes -newkey rsa:2048 -keyout ./selfsigned.key -out ./selfsigned.crt 2>/dev/null\n\n';
    let connPort = "443"
    let connInsecureFlag = "--insecure "
    let connScheme = "https"
@ -42,16 +42,16 @@ export const Commands = ({mode, name, lower, configfilename}) => {
            <CodeBlock language="bash">
                {'# Download the configuration files.'}{'\n'}
                {'export ZITADEL_CONFIG_FILES=https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/manage/reverseproxy\n'}
-                {`wget $\{ZITADEL_CONFIG_FILES\}/docker-compose.yaml -O docker-compose-base.yaml`}{'\n'}
+                {'wget $\{ZITADEL_CONFIG_FILES\}/docker-compose.yaml -O docker-compose-base.yaml --quiet \n'}
-                {'wget $\{ZITADEL_CONFIG_FILES\}/'}{lower}{'/docker-compose.yaml -O docker-compose-'}{lower}{'.yaml'}{'\n'}
+                {'wget $\{ZITADEL_CONFIG_FILES\}/'}{lower}{'/docker-compose.yaml -O docker-compose-'}{lower}{'.yaml --quiet \n'}
-                {'wget $\{ZITADEL_CONFIG_FILES\}/'}{lower}{'/'}{configfilename}{' -O '}{configfilename}{'\n'}
+                {'wget $\{ZITADEL_CONFIG_FILES\}/'}{lower}{'/'}{configfilename}{' -O '}{configfilename}{' --quiet \n'}
                {'\n'}
                {genCert}
                {'# Run the database, ZITADEL and '}{name}{'.'}{'\n'}
-                {'docker compose --file docker-compose-base.yaml --file docker-compose-'}{lower}{'.yaml up --detach proxy-'}{mode}{'-tls'}{'\n'}
+                {'docker compose --file docker-compose-base.yaml --file docker-compose-'}{lower}{'.yaml up --detach --wait db zitadel-init zitadel-'}{mode}{'-tls proxy-'}{mode}{'-tls'}{'\n'}
                {'\n'}
                {'# Test that gRPC and HTTP APIs work. Empty brackets like {} means success.\n'}
-                {'sleep 3\n'}
+                {'# Make sure you have the grpcurl cli installed on your machine https://github.com/fullstorydev/grpcurl?tab=readme-ov-file#installation\n'}
                {'grpcurl '}{connInsecureFlag}{grpcPlainTextFlag}{'127.0.0.1.sslip.io:'}{connPort}{' zitadel.admin.v1.AdminService/Healthz\n'}
                {'curl '}{connInsecureFlag}{connScheme}{'://127.0.0.1.sslip.io:'}{connPort}{'/admin/v1/healthz\n'}
            </CodeBlock>
--- a/docs/docs/self-hosting/manage/reverseproxy/caddy/docker-compose.yaml
+++ b/docs/docs/self-hosting/manage/reverseproxy/caddy/docker-compose.yaml
@ -1,5 +1,3 @@
 version: '3.8'
 services:
  proxy-disabled-tls:
--- a/docs/docs/self-hosting/manage/reverseproxy/docker-compose.yaml
+++ b/docs/docs/self-hosting/manage/reverseproxy/docker-compose.yaml
@ -1,5 +1,3 @@
 version: '3.8'
 services:
  zitadel-disabled-tls:
@ -17,7 +15,7 @@ services:
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel_user
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: zitadel_pw
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
-      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: root
+      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
    networks:
@ -43,16 +41,16 @@ services:
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel_user
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: zitadel_pw
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
-      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: root
+      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
    networks:
      - 'zitadel'
    depends_on:
      zitadel-init:
        condition: 'service_completed_successfully'
      db:
        condition: 'service_healthy'
      zitadel-init:
        condition: 'service_completed_successfully'
  zitadel-enabled-tls:
    extends:
@ -71,7 +69,7 @@ services:
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel_user
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: zitadel_pw
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
-      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: root
+      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
    volumes:
@ -109,7 +107,7 @@ services:
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel_user
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: zitadel_pw
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
-      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: root
+      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
    networks:
@ -125,10 +123,9 @@ services:
    restart: 'always'
    image: postgres:16-alpine
    environment:
      PGUSER: root
      POSTGRES_PASSWORD: postgres
    healthcheck:
-      test: ["CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "postgres"]
+      test: ["CMD-SHELL", "pg_isready"]
      interval: 5s
      timeout: 60s
      retries: 10
--- a/docs/docs/self-hosting/manage/reverseproxy/httpd/docker-compose.yaml
+++ b/docs/docs/self-hosting/manage/reverseproxy/httpd/docker-compose.yaml
@ -1,5 +1,3 @@
 version: '3.8'
 services:
  proxy-disabled-tls:
--- a/docs/docs/self-hosting/manage/reverseproxy/nginx/docker-compose.yaml
+++ b/docs/docs/self-hosting/manage/reverseproxy/nginx/docker-compose.yaml
@ -1,5 +1,3 @@
 version: '3.8'
 services:
  proxy-disabled-tls:
--- a/docs/docs/self-hosting/manage/reverseproxy/traefik/docker-compose.yaml
+++ b/docs/docs/self-hosting/manage/reverseproxy/traefik/docker-compose.yaml
@ -1,5 +1,3 @@
 version: '3.8'
 services:
  proxy-disabled-tls:
--- a/e2e/config/host.docker.internal/docker-compose.yaml
+++ b/e2e/config/host.docker.internal/docker-compose.yaml
@ -1,5 +1,3 @@
 version: '3.8'
 services:
  db:
--- a/e2e/config/localhost/docker-compose.yaml
+++ b/e2e/config/localhost/docker-compose.yaml
@ -1,5 +1,3 @@
 version: '3.8'
 services:
  zitadel:
    user: '$UID'
--- a/e2e/docker-compose.yaml
+++ b/e2e/docker-compose.yaml
@ -1,5 +1,3 @@
 version: '3.8'
 services:
  zitadel:
    extends: