update linux example

2025-08-11 13:07:46 +00:00 · 2025-08-07 22:21:39 +02:00
parent 4930870504
commit f61f8299fc
5 changed files with 96 additions and 69 deletions
--- a/docs/docs/self-hosting/deploy/_switch-to-login-v2.mdx
+++ b/docs/docs/self-hosting/deploy/_switch-to-login-v2.mdx
@@ -0,0 +1,5 @@
 :::info
 If you ran these commands for an existing instance that still uses the login v1, [create a login client for it to the now running v2 login](/self-hosting/manage/login-client#create-login-client).
 Move the login client PAT to `./login-client.pat` and restart the login.
 Now, [enable the Login UI for all users](/self-hosting/manage/login-client#require-login-v2)
 :::
--- a/docs/docs/self-hosting/deploy/compose.mdx
+++ b/docs/docs/self-hosting/deploy/compose.mdx
@@ -9,7 +9,7 @@ import Disclaimer from './_disclaimer.mdx'
 import DefaultUser from './_defaultuser.mdx'
 import Next from './_next.mdx'
 import NoteInstanceNotFound from './troubleshooting/_note_instance_not_found.mdx';
-
+import SwitchToLoginV2 from './_switch-to-login-v2.mdx';
 The setup is tested against Docker version 28.3.2 and Docker Compose version v2.38.2
@@ -26,6 +26,9 @@ By executing the commands below, you will download the following file:
 # Download the docker compose example configuration.
 wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/docker-compose.yaml
 # Download the basic Zitadel configuration.
 wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/zitadel.yaml
 # Make sure you have the latest image versions
 docker compose pull
@@ -34,16 +37,7 @@ docker compose up
 ```
 <DefaultUser components={props.components} />
-
+<SwitchToLoginV2/>
 :::info
 If you ran these commands for an existing instance that still uses the login v1, [create a login client for it to the now running v2 login](/self-hosting/manage/login-client#create-login-client).
 Move the login client PAT to `./login-client.pat` and restart the login container.
 ```bash
 docker compose restart login
 ```
 Now, [enable the Login UI for all users](/self-hosting/manage/login-client#require-login-v2)
 :::
 <NoteInstanceNotFound/>
 <Next components={props.components} />
 <Disclaimer components={props.components} />
--- a/docs/docs/self-hosting/deploy/docker-compose.yaml
+++ b/docs/docs/self-hosting/deploy/docker-compose.yaml
@@ -2,40 +2,11 @@ services:
  zitadel:
    restart: unless-stopped
    image: ghcr.io/zitadel/zitadel:latest
-    command: start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled
+    command: start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled --config /current-dir/zitadel.yaml --steps /current-dir/zitadel.yaml
    environment:
      ZITADEL_EXTERNALSECURE: false
      ZITADEL_TLS_ENABLED: false
      ZITADEL_DATABASE_POSTGRES_HOST: db
      ZITADEL_DATABASE_POSTGRES_PORT: 5432
      ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: zitadel
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
      # By configuring a login client, the setup job creates a user of type machine with the role IAM_LOGIN_CLIENT.
      # It writes a PAT to the path specified in ZITADEL_FIRSTINSTANCE_LOGINCLIENTPATPATH.
      # The PAT is passed to the login container via the environment variable ZITADEL_SERVICE_USER_TOKEN_FILE.
      ZITADEL_FIRSTINSTANCE_LOGINCLIENTPATPATH: /current-dir/login-client.pat
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED: false
      ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_MACHINE_USERNAME: login-client
      ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_MACHINE_NAME: Automatically Initialized IAM_LOGIN_CLIENT
      ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_PAT_EXPIRATIONDATE: '2029-01-01T00:00:00Z'
      ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED: true
      ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_BASEURI: http://localhost:3000/ui/v2/login
      ZITADEL_OIDC_DEFAULTLOGINURLV2: http://localhost:3000/ui/v2/login/login?authRequest=
      ZITADEL_OIDC_DEFAULTLOGOUTURLV2: http://localhost:3000/ui/v2/login/logout?post_logout_redirect=
      ZITADEL_SAML_DEFAULTLOGINURLV2: http://localhost:3000/ui/v2/login/login?samlRequest=
      # By configuring a machine, the setup job creates a user of type machine with the role IAM_OWNER.
      # It writes a personal access token (PAT) to the path specified in ZITADEL_FIRSTINSTANCE_PATPATH.
      # The PAT can be used to provision resources with [Terraform](/docs/guides/manage/terraform-provider), for example.
      ZITADEL_FIRSTINSTANCE_PATPATH: /current-dir/admin.pat
      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME: admin
      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME: Automatically Initialized IAM_OWNER
      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE: 1
    healthcheck:
      test:
      - CMD
--- a/docs/docs/self-hosting/deploy/linux.mdx
+++ b/docs/docs/self-hosting/deploy/linux.mdx
@@ -7,6 +7,7 @@ import Disclaimer from "./_disclaimer.mdx";
 import DefaultUser from "./_defaultuser.mdx";
 import Next from "./_next.mdx";
 import NoteInstanceNotFound from "./troubleshooting/_note_instance_not_found.mdx";
 import SwitchToLoginV2 from "./_switch-to-login-v2.mdx";
 ## Install PostgreSQL
@@ -20,46 +21,59 @@ sudo systemctl start postgresql
 sudo systemctl enable postgresql
 ```
-## Install Zitadel
+## Download the Zitadel API binary and the login assets
 Download the Zitadel release according to your architecture from [Github](https://github.com/zitadel/zitadel/releases/latest), unpack the archive and copy zitadel binary to /usr/local/bin
 ```bash
-LATEST=$(curl -i https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r'); ARCH=$(uname -m); case $ARCH in armv5*) ARCH="armv5";; armv6*) ARCH="armv6";; armv7*) ARCH="arm";; aarch64) ARCH="arm64";; x86) ARCH="386";; x86_64) ARCH="amd64";;  i686) ARCH="386";; i386) ARCH="386";; esac; wget -c https://github.com/zitadel/zitadel/releases/download/$LATEST/zitadel-linux-$ARCH.tar.gz -O - | tar -xz && sudo mv zitadel-linux-$ARCH/zitadel /usr/local/bin
+LATEST=$( \
  curl -i https://github.com/zitadel/zitadel/releases/latest | \
  grep location: | \
  cut -d '/' -f 8 | \
  tr -d '\r')
 ARCH=$(uname -m)
 case $ARCH in armv5*)ARCH="armv5";;
              armv6*) ARCH="armv6";;
              armv7*) ARCH="arm";;
              aarch64) ARCH="arm64";;
              x86) ARCH="386";;
              x86_64) ARCH="amd64";;
              i686) ARCH="386";;
              i386) ARCH="386";;
 esac
 # Download and extract the API binary
 wget -c https://github.com/zitadel/zitadel/releases/download/$LATEST/zitadel-linux-$ARCH.tar.gz -O - | \
 tar -xz && sudo mv zitadel-linux-$ARCH/zitadel /usr/local/bin
 # Download and extract the login assets
 wget -c https://github.com/zitadel/zitadel/releases/download/$LATEST/zitadel-login-$ARCH.tar.gz -O - | \
 tar -xz && sudo mv zitadel-login-linux-$ARCH/zitadel-login ./zitadel-login
 ```
 ## Run Zitadel
 ```bash
-ZITADEL_DATABASE_POSTGRES_HOST=localhost ZITADEL_DATABASE_POSTGRES_PORT=5432 ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=zitadel ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=root ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=postgres ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable ZITADEL_EXTERNALSECURE=false zitadel start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled
+# Download the basic configuration
 wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/zitadel.yaml
 # Run the API binary
 zitadel start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --config ./zitadel.yaml --steps ./zitadel.yaml
 ```
 ## Run the login
 Make sure you have [Node.js installed](https://nodejs.org/en/download).
 ```bash
 # Run the login standalone server
 export ZITADEL_API_URL=http://localhost:8080
 export NEXT_PUBLIC_BASE_PATH=/ui/v2/login
 export ZITADEL_SERVICE_USER_TOKEN=$(cat ./login-client.pat)
 node ./zitadel-login/server.js
 ```
 <DefaultUser components={props.components} />
-
+<SwitchToLoginV2/>
 <NoteInstanceNotFound />
 ## VideoGuide
 <iframe
  width="100%"
  height="315"
  src="https://www.youtube.com/embed/YVLua-q7dbs"
  title="YouTube video player"
  frameborder="0"
  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
  allowfullscreen
 ></iframe>
 ### Setup Zitadel with a service account
 ```bash
 ZITADEL_DATABASE_POSTGRES_HOST=localhost ZITADEL_DATABASE_POSTGRES_PORT=5432 ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=zitadel ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=root ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable ZITADEL_EXTERNALSECURE=false ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH=/tmp/zitadel-admin-sa.json ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME=zitadel-admin-sa ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME=Admin ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE=1 zitadel start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled
 # then you can move your machine key
 mv /tmp/zitadel-admin-sa.json $HOME/zitadel-admin-sa.json
 ```
 This key can be used to provision resources with for example [Terraform](/docs/guides/manage/terraform-provider).
 <Next components={props.components} />
 <Disclaimer components={props.components} />
--- a/docs/docs/self-hosting/deploy/zitadel.yaml
+++ b/docs/docs/self-hosting/deploy/zitadel.yaml
@@ -0,0 +1,43 @@
 ExternalSecure: false
 TLS:
  Enabled: false
 Database:
  Postgres:
    Admin:
      Username: postgres
      Password: postgres
      SSL:
        Mode: disable
 FirstInstance:
  LoginClientPATPath: ./login-client.pat
  PATPath: ./admin.pat
  Org:
    Human:
      PasswordChangeRequired: false
    LoginClient:
      # By configuring a login client, the setup job creates a user of type machine with the role IAM_LOGIN_CLIENT.
      # It writes a PAT to the path specified in ZITADEL_FIRSTINSTANCE_LOGINCLIENTPATPATH.
      # The PAT is passed to the login container via the environment variable ZITADEL_SERVICE_USER_TOKEN_FILE.
      Machine:
        Username: login-client
        Name: Automatically Initialized IAM_LOGIN_CLIENT
      PATExpirationDate: 2029-01-01T00:00:00Z
    Machine:
      # By configuring a machine, the setup job creates a user of type machine with the role IAM_OWNER.
      # It writes a personal access token (PAT) to the path specified in ZITADEL_FIRSTINSTANCE_PATPATH.
      # The PAT can be used to provision resources with [Terraform](/docs/guides/manage/terraform-provider), for example.    
      Machine:
        Username: admin
        Name: Automatically Initialized IAM_OWNER
      MachineKey:
        Type: 1
 DefaultInstance:
  Features:
    LoginV2:
      Required: true
      BaseUri: http://localhost:3000/ui/v2/login
 OIDC:
  DefaultLoginURLV2: http://localhost:3000/ui/v2/login/login?authRequest=
  DefaultLogoutURLV2: http://localhost:3000/ui/v2/login/logout?post_logout_redirect=
 SAML:
  DefaultLoginURLV2: http://localhost:3000/ui/v2/login/login?samlRequest=