feat: run on a single port (#3163)

* start v2 * start * run * some cleanup * remove v2 pkg again * simplify * webauthn * remove unused config * fix login path in Dockerfile * fix asset_generator.go * health handler * fix grpc web * refactor * merge * build new main.go * run new main.go * update logging pkg * fix error msg * update logging * cleanup * cleanup * go mod tidy * change localDevMode * fix customEndpoints * update logging * comments * change local flag to external configs * fix location generated go code * fix Co-authored-by: fforootd <florian@caos.ch>
2025-08-12 05:17:33 +00:00 · 2022-02-14 17:22:30 +01:00
parent 2f3a482ade
commit 389eb4a27a
306 changed files with 1708 additions and 1567 deletions
--- a/cmd/defaults.yaml
+++ b/cmd/defaults.yaml
@@ -3,18 +3,278 @@ Log:
  Formatter:
    Format: text

-database:
-  host: localhost
-  port: 26257
-  user: zitadel
-  database: zitadel
-  password: 
-  maxOpenConns: 3
-  ssl:
-    mode: disable
-    rootCert: 
-    cert:
-    key:
-  options: 
-  # MaxConnLifetime: 30m
-  # MaxConnIdleTime: 30m
+Port: 8080
+ExternalPort: 8080
+ExternalDomain: localhost
+ExternalSecure: true
+
+Database:
+  Host: localhost
+  Port: 26257
+  User: zitadel
+  Database: zitadel
+  Password: ""
+  MaxOpenConns: 20
+  MaxConnLifetime: 30m
+  MaxConnIdleTime: 30m
+  Options: ""
+  SSL:
+    Mode: diabled
+    RootCert: ""
+    Cert: ""
+    Key: ""
+
+Projections:
+  Config:
+    RequeueEvery: 10s
+    RetryFailedAfter: 1s
+    MaxFailureCount: 5
+    BulkLimit: 200
+    MaxIterators: 1
+    Customizations:
+      projects:
+        BulkLimit: 2000
+  KeyConfig:
+    # We don't need an EncryptionKey but DecryptionKeys (and load them via env)
+    DecryptionKeyIDs:
+    Path: ""
+
+AuthZ:
+  Repository:
+    Spooler:
+      ConcurrentWorkers: 1
+      BulkLimit: 10000
+      FailureCountUntilSkip: 5
+
+Auth:
+  SearchLimit: 1000
+  Spooler:
+    ConcurrentWorkers: 1
+    BulkLimit: 10000
+    FailureCountUntilSkip: 5
+
+Admin:
+  SearchLimit: 1000
+  Spooler:
+    ConcurrentWorkers: 1
+    BulkLimit: 10000
+    FailureCountUntilSkip: 5
+
+UserAgentCookie:
+  Name: zitadel.useragent
+  Key:
+    EncryptionKeyID:
+  MaxAge: 8760h #365*24h (1 year)
+
+OIDC:
+  CodeMethodS256: true
+  AuthMethodPost: true
+  AuthMethodPrivateKeyJWT: true
+  GrantTypeRefreshToken: true
+  RequestObjectSupported: true
+  SigningKeyAlgorithm: RS256
+  DefaultAccessTokenLifetime: 12h
+  DefaultIdTokenLifetime: 12h
+  DefaultRefreshTokenIdleExpiration: 720h #30d
+  DefaultRefreshTokenExpiration: 2160h #90d
+  Cache:
+    MaxAge: 12h
+    SharedMaxAge: 168h #7d
+  KeyConfig:
+    EncryptionKeyID: ""
+    DecryptionKeyIDs:
+    Path: ""
+  CustomEndpoints:
+
+Login:
+  LanguageCookieName: zitadel.login.lang
+  CSRF:
+    CookieName: zitadel.login.csrf
+    Development: true
+    Key:
+      EncryptionKeyID:
+  Cache:
+    MaxAge: 12h
+    SharedMaxAge: 168h #7d
+
+Console:
+  ConsoleOverwriteDir: ""
+  ShortCache:
+    MaxAge: 5m
+    SharedMaxAge: 15m
+  LongCache:
+    MaxAge: 12h
+    SharedMaxAge: 168h
+
+Notification:
+  Repository:
+    Spooler:
+      ConcurrentWorkers: 1
+      BulkLimit: 10000
+      FailureCountUntilSkip: 5
+      Handlers:
+
+#TODO: configure as soon as possible
+#AssetStorage:
+#  Type: $ZITADEL_ASSET_STORAGE_TYPE
+#  Config:
+#    Endpoint: $ZITADEL_ASSET_STORAGE_ENDPOINT
+#    AccessKeyID: $ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID
+#    SecretAccessKey: $ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY
+#    SSL: $ZITADEL_ASSET_STORAGE_SSL
+#    Location: $ZITADEL_ASSET_STORAGE_LOCATION
+#    BucketPrefix: $ZITADEL_ASSET_STORAGE_BUCKET_PREFIX
+#    MultiDelete: $ZITADEL_ASSET_STORAGE_MULTI_DELETE
+
+#TODO: remove as soon as possible
+SystemDefaults:
+  #  DefaultLanguage: 'en'
+  Domain: $ZITADEL_DEFAULT_DOMAIN
+  ZitadelDocs:
+    Issuer: $ZITADEL_ISSUER
+    DiscoveryEndpoint: '$ZITADEL_ISSUER/.well-known/openid-configuration'
+  UserVerificationKey:
+    EncryptionKeyID: $ZITADEL_USER_VERIFICATION_KEY
+  IDPConfigVerificationKey:
+    EncryptionKeyID: $ZITADEL_IDP_CONFIG_VERIFICATION_KEY
+  SecretGenerators:
+    PasswordSaltCost: 14
+    ClientSecretGenerator:
+      Length: 64
+      IncludeLowerLetters: true
+      IncludeUpperLetters: true
+      IncludeDigits: true
+      IncludeSymbols: false
+    InitializeUserCode:
+      Length: 6
+      Expiry: '72h'
+      IncludeLowerLetters: false
+      IncludeUpperLetters: true
+      IncludeDigits: true
+      IncludeSymbols: false
+    EmailVerificationCode:
+      Length: 6
+      Expiry: '1h'
+      IncludeLowerLetters: false
+      IncludeUpperLetters: true
+      IncludeDigits: true
+      IncludeSymbols: false
+    PhoneVerificationCode:
+      Length: 6
+      Expiry: '1h'
+      IncludeLowerLetters: false
+      IncludeUpperLetters: true
+      IncludeDigits: true
+      IncludeSymbols: false
+    PasswordVerificationCode:
+      Length: 6
+      Expiry: '1h'
+      IncludeLowerLetters: false
+      IncludeUpperLetters: true
+      IncludeDigits: true
+      IncludeSymbols: false
+    PasswordlessInitCode:
+      Length: 12
+      Expiry: '1h'
+      IncludeLowerLetters: true
+      IncludeUpperLetters: true
+      IncludeDigits: true
+      IncludeSymbols: false
+    MachineKeySize: 2048
+    ApplicationKeySize: 2048
+  Multifactors:
+    OTP:
+      Issuer: 'ZITADEL'
+      VerificationKey:
+        EncryptionKeyID: $ZITADEL_OTP_VERIFICATION_KEY
+  VerificationLifetimes:
+    PasswordCheck: 240h #10d
+    ExternalLoginCheck: 240h #10d
+    MFAInitSkip: 720h #30d
+    SecondFactorCheck: 18h
+    MultiFactorCheck: 12h
+  IamID: 'IAM'
+  DomainVerification:
+    VerificationKey:
+      EncryptionKeyID: $ZITADEL_DOMAIN_VERIFICATION_KEY
+    VerificationGenerator:
+      Length: 32
+      IncludeLowerLetters: true
+      IncludeUpperLetters: true
+      IncludeDigits: true
+      IncludeSymbols: false
+  Notifications:
+    #    DebugMode: $DEBUG_MODE
+    Endpoints:
+      InitCode: '$ZITADEL_ACCOUNTS/user/init?userID={{.UserID}}&code={{.Code}}&passwordset={{.PasswordSet}}'
+      PasswordReset: '$ZITADEL_ACCOUNTS/password/init?userID={{.UserID}}&code={{.Code}}'
+      VerifyEmail: '$ZITADEL_ACCOUNTS/mail/verification?userID={{.UserID}}&code={{.Code}}'
+      DomainClaimed: '$ZITADEL_ACCOUNTS/login'
+      PasswordlessRegistration: '$ZITADEL_ACCOUNTS/login/passwordless/init'
+    Providers:
+      Email:
+        SMTP:
+          Host: $SMTP_HOST
+          User: $SMTP_USER
+          Password: $SMTP_PASSWORD
+        From: $EMAIL_SENDER_ADDRESS
+        FromName: $EMAIL_SENDER_NAME
+      #        Tls: $SMTP_TLS
+      Twilio:
+        SID: $TWILIO_SERVICE_SID
+        Token: $TWILIO_TOKEN
+        From: $TWILIO_SENDER_NAME
+      FileSystem:
+        #        Enabled: $FS_NOTIFICATIONS_ENABLED
+        Path: $FS_NOTIFICATIONS_PATH
+      #        Compact: $FS_NOTIFICATIONS_COMPACT
+      Log:
+      #        Enabled: $LOG_NOTIFICATIONS_ENABLED
+      #        Compact: $LOG_NOTIFICATIONS_COMPACT
+      Chat:
+        #        Enabled: $CHAT_ENABLED
+        Url: $CHAT_URL
+        #        Compact: $CHAT_COMPACT
+        SplitCount: 4000
+    TemplateData:
+      InitCode:
+        Title: 'InitCode.Title'
+        PreHeader: 'InitCode.PreHeader'
+        Subject: 'InitCode.Subject'
+        Greeting: 'InitCode.Greeting'
+        Text: 'InitCode.Text'
+        ButtonText: 'InitCode.ButtonText'
+      PasswordReset:
+        Title: 'PasswordReset.Title'
+        PreHeader: 'PasswordReset.PreHeader'
+        Subject: 'PasswordReset.Subject'
+        Greeting: 'PasswordReset.Greeting'
+        Text: 'PasswordReset.Text'
+        ButtonText: 'PasswordReset.ButtonText'
+      VerifyEmail:
+        Title: 'VerifyEmail.Title'
+        PreHeader: 'VerifyEmail.PreHeader'
+        Subject: 'VerifyEmail.Subject'
+        Greeting: 'VerifyEmail.Greeting'
+        Text: 'VerifyEmail.Text'
+        ButtonText: 'VerifyEmail.ButtonText'
+      VerifyPhone:
+        Title: 'VerifyPhone.Title'
+        PreHeader: 'VerifyPhone.PreHeader'
+        Subject: 'VerifyPhone.Subject'
+        Greeting: 'VerifyPhone.Greeting'
+        Text: 'VerifyPhone.Text'
+        ButtonText: 'VerifyPhone.ButtonText'
+      DomainClaimed:
+        Title: 'DomainClaimed.Title'
+        PreHeader: 'DomainClaimed.PreHeader'
+        Subject: 'DomainClaimed.Subject'
+        Greeting: 'DomainClaimed.Greeting'
+        Text: 'DomainClaimed.Text'
+        ButtonText: 'DomainClaimed.ButtonText'
+  KeyConfig:
+    Size: 2048
+    PrivateKeyLifetime: 6h
+    PublicKeyLifetime: 30h
+    SigningKeyRotationCheck: 10s
+    SigningKeyGracefulPeriod: 10m