update linux example

2025-08-11 10:47:37 +00:00 · 2025-08-07 22:21:39 +02:00
parent 4930870504
commit f61f8299fc
5 changed files with 96 additions and 69 deletions
--- a/docs/docs/self-hosting/deploy/_switch-to-login-v2.mdx
+++ b/docs/docs/self-hosting/deploy/_switch-to-login-v2.mdx
@@ -0,0 +1,5 @@
+:::info
+If you ran these commands for an existing instance that still uses the login v1, [create a login client for it to the now running v2 login](/self-hosting/manage/login-client#create-login-client).
+Move the login client PAT to `./login-client.pat` and restart the login.
+Now, [enable the Login UI for all users](/self-hosting/manage/login-client#require-login-v2)
+:::
--- a/docs/docs/self-hosting/deploy/compose.mdx
+++ b/docs/docs/self-hosting/deploy/compose.mdx
@@ -9,7 +9,7 @@ import Disclaimer from './_disclaimer.mdx'
 import DefaultUser from './_defaultuser.mdx'
 import Next from './_next.mdx'
 import NoteInstanceNotFound from './troubleshooting/_note_instance_not_found.mdx';
-
+import SwitchToLoginV2 from './_switch-to-login-v2.mdx';

 The setup is tested against Docker version 28.3.2 and Docker Compose version v2.38.2

@@ -26,6 +26,9 @@ By executing the commands below, you will download the following file:
 # Download the docker compose example configuration.
 wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/docker-compose.yaml

+# Download the basic Zitadel configuration.
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/zitadel.yaml
+
 # Make sure you have the latest image versions
 docker compose pull

@@ -34,16 +37,7 @@ docker compose up
 ```

 <DefaultUser components={props.components} />
-
-:::info
-If you ran these commands for an existing instance that still uses the login v1, [create a login client for it to the now running v2 login](/self-hosting/manage/login-client#create-login-client).
-Move the login client PAT to `./login-client.pat` and restart the login container.
-```bash
-docker compose restart login
-```
-Now, [enable the Login UI for all users](/self-hosting/manage/login-client#require-login-v2)
-:::
-
+<SwitchToLoginV2/>
 <NoteInstanceNotFound/>
 <Next components={props.components} />
 <Disclaimer components={props.components} />
--- a/docs/docs/self-hosting/deploy/docker-compose.yaml
+++ b/docs/docs/self-hosting/deploy/docker-compose.yaml
@@ -2,40 +2,11 @@ services:
  zitadel:
    restart: unless-stopped
    image: ghcr.io/zitadel/zitadel:latest
-    command: start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled
+    command: start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled --config /current-dir/zitadel.yaml --steps /current-dir/zitadel.yaml
    environment:
-      ZITADEL_EXTERNALSECURE: false
-      ZITADEL_TLS_ENABLED: false
      ZITADEL_DATABASE_POSTGRES_HOST: db
-      ZITADEL_DATABASE_POSTGRES_PORT: 5432
-      ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
-      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel
-      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: zitadel
-      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
-      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
-      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: postgres
-      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
-      # By configuring a login client, the setup job creates a user of type machine with the role IAM_LOGIN_CLIENT.
-      # It writes a PAT to the path specified in ZITADEL_FIRSTINSTANCE_LOGINCLIENTPATPATH.
-      # The PAT is passed to the login container via the environment variable ZITADEL_SERVICE_USER_TOKEN_FILE.
      ZITADEL_FIRSTINSTANCE_LOGINCLIENTPATPATH: /current-dir/login-client.pat
-      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED: false
-      ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_MACHINE_USERNAME: login-client
-      ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_MACHINE_NAME: Automatically Initialized IAM_LOGIN_CLIENT
-      ZITADEL_FIRSTINSTANCE_ORG_LOGINCLIENT_PAT_EXPIRATIONDATE: '2029-01-01T00:00:00Z'
-      ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED: true
-      ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_BASEURI: http://localhost:3000/ui/v2/login
-      ZITADEL_OIDC_DEFAULTLOGINURLV2: http://localhost:3000/ui/v2/login/login?authRequest=
-      ZITADEL_OIDC_DEFAULTLOGOUTURLV2: http://localhost:3000/ui/v2/login/logout?post_logout_redirect=
-      ZITADEL_SAML_DEFAULTLOGINURLV2: http://localhost:3000/ui/v2/login/login?samlRequest=
-      # By configuring a machine, the setup job creates a user of type machine with the role IAM_OWNER.
-      # It writes a personal access token (PAT) to the path specified in ZITADEL_FIRSTINSTANCE_PATPATH.
-      # The PAT can be used to provision resources with [Terraform](/docs/guides/manage/terraform-provider), for example.
      ZITADEL_FIRSTINSTANCE_PATPATH: /current-dir/admin.pat
-      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME: admin
-      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME: Automatically Initialized IAM_OWNER
-      ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE: 1
-
    healthcheck:
      test:
      - CMD
--- a/docs/docs/self-hosting/deploy/linux.mdx
+++ b/docs/docs/self-hosting/deploy/linux.mdx
@@ -7,6 +7,7 @@ import Disclaimer from "./_disclaimer.mdx";
 import DefaultUser from "./_defaultuser.mdx";
 import Next from "./_next.mdx";
 import NoteInstanceNotFound from "./troubleshooting/_note_instance_not_found.mdx";
+import SwitchToLoginV2 from "./_switch-to-login-v2.mdx";

 ## Install PostgreSQL

@@ -20,46 +21,59 @@ sudo systemctl start postgresql
 sudo systemctl enable postgresql
 ```

-## Install Zitadel
+## Download the Zitadel API binary and the login assets

 Download the Zitadel release according to your architecture from [Github](https://github.com/zitadel/zitadel/releases/latest), unpack the archive and copy zitadel binary to /usr/local/bin

 ```bash
-LATEST=$(curl -i https://github.com/zitadel/zitadel/releases/latest | grep location: | cut -d '/' -f 8 | tr -d '\r'); ARCH=$(uname -m); case $ARCH in armv5*) ARCH="armv5";; armv6*) ARCH="armv6";; armv7*) ARCH="arm";; aarch64) ARCH="arm64";; x86) ARCH="386";; x86_64) ARCH="amd64";;  i686) ARCH="386";; i386) ARCH="386";; esac; wget -c https://github.com/zitadel/zitadel/releases/download/$LATEST/zitadel-linux-$ARCH.tar.gz -O - | tar -xz && sudo mv zitadel-linux-$ARCH/zitadel /usr/local/bin
+LATEST=$( \
+  curl -i https://github.com/zitadel/zitadel/releases/latest | \
+  grep location: | \
+  cut -d '/' -f 8 | \
+  tr -d '\r')
+ARCH=$(uname -m)
+case $ARCH in armv5*)ARCH="armv5";;
+              armv6*) ARCH="armv6";;
+              armv7*) ARCH="arm";;
+              aarch64) ARCH="arm64";;
+              x86) ARCH="386";;
+              x86_64) ARCH="amd64";;
+              i686) ARCH="386";;
+              i386) ARCH="386";;
+esac
+# Download and extract the API binary
+wget -c https://github.com/zitadel/zitadel/releases/download/$LATEST/zitadel-linux-$ARCH.tar.gz -O - | \
+tar -xz && sudo mv zitadel-linux-$ARCH/zitadel /usr/local/bin
+
+# Download and extract the login assets
+wget -c https://github.com/zitadel/zitadel/releases/download/$LATEST/zitadel-login-$ARCH.tar.gz -O - | \
+tar -xz && sudo mv zitadel-login-linux-$ARCH/zitadel-login ./zitadel-login
 ```

 ## Run Zitadel

 ```bash
-ZITADEL_DATABASE_POSTGRES_HOST=localhost ZITADEL_DATABASE_POSTGRES_PORT=5432 ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=zitadel ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=root ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=postgres ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable ZITADEL_EXTERNALSECURE=false zitadel start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled
+# Download the basic configuration
+wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/zitadel.yaml
+
+# Run the API binary
+zitadel start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --config ./zitadel.yaml --steps ./zitadel.yaml
+```
+
+## Run the login
+
+Make sure you have [Node.js installed](https://nodejs.org/en/download).
+
+```bash
+# Run the login standalone server
+export ZITADEL_API_URL=http://localhost:8080
+export NEXT_PUBLIC_BASE_PATH=/ui/v2/login
+export ZITADEL_SERVICE_USER_TOKEN=$(cat ./login-client.pat)
+node ./zitadel-login/server.js
 ```

 <DefaultUser components={props.components} />
-
+<SwitchToLoginV2/>
 <NoteInstanceNotFound />
-
-## VideoGuide
-
-<iframe
-  width="100%"
-  height="315"
-  src="https://www.youtube.com/embed/YVLua-q7dbs"
-  title="YouTube video player"
-  frameborder="0"
-  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
-  allowfullscreen
-></iframe>
-
-### Setup Zitadel with a service account
-
-```bash
-ZITADEL_DATABASE_POSTGRES_HOST=localhost ZITADEL_DATABASE_POSTGRES_PORT=5432 ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=zitadel ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=root ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable ZITADEL_EXTERNALSECURE=false ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH=/tmp/zitadel-admin-sa.json ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME=zitadel-admin-sa ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME=Admin ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE=1 zitadel start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled
-
-# then you can move your machine key
-mv /tmp/zitadel-admin-sa.json $HOME/zitadel-admin-sa.json
-```
-
-This key can be used to provision resources with for example [Terraform](/docs/guides/manage/terraform-provider).
-
 <Next components={props.components} />
 <Disclaimer components={props.components} />
--- a/docs/docs/self-hosting/deploy/zitadel.yaml
+++ b/docs/docs/self-hosting/deploy/zitadel.yaml
@@ -0,0 +1,43 @@
+ExternalSecure: false
+TLS:
+  Enabled: false
+Database:
+  Postgres:
+    Admin:
+      Username: postgres
+      Password: postgres
+      SSL:
+        Mode: disable
+FirstInstance:
+  LoginClientPATPath: ./login-client.pat
+  PATPath: ./admin.pat
+  Org:
+    Human:
+      PasswordChangeRequired: false
+    LoginClient:
+      # By configuring a login client, the setup job creates a user of type machine with the role IAM_LOGIN_CLIENT.
+      # It writes a PAT to the path specified in ZITADEL_FIRSTINSTANCE_LOGINCLIENTPATPATH.
+      # The PAT is passed to the login container via the environment variable ZITADEL_SERVICE_USER_TOKEN_FILE.
+      Machine:
+        Username: login-client
+        Name: Automatically Initialized IAM_LOGIN_CLIENT
+      PATExpirationDate: 2029-01-01T00:00:00Z
+    Machine:
+      # By configuring a machine, the setup job creates a user of type machine with the role IAM_OWNER.
+      # It writes a personal access token (PAT) to the path specified in ZITADEL_FIRSTINSTANCE_PATPATH.
+      # The PAT can be used to provision resources with [Terraform](/docs/guides/manage/terraform-provider), for example.    
+      Machine:
+        Username: admin
+        Name: Automatically Initialized IAM_OWNER
+      MachineKey:
+        Type: 1
+DefaultInstance:
+  Features:
+    LoginV2:
+      Required: true
+      BaseUri: http://localhost:3000/ui/v2/login
+OIDC:
+  DefaultLoginURLV2: http://localhost:3000/ui/v2/login/login?authRequest=
+  DefaultLogoutURLV2: http://localhost:3000/ui/v2/login/logout?post_logout_redirect=
+SAML:
+  DefaultLoginURLV2: http://localhost:3000/ui/v2/login/login?samlRequest=