mirror of
https://github.com/zitadel/zitadel.git
synced 2025-10-29 13:06:44 +00:00
86c124955d
# Which Problems Are Solved - `<details>` tag is rendered in some cases in the docs, instead of rendering a detail section which can be expanded - New API V2 and V3 services where not rendered correctly - The plugin which made it possible to integrate external code files and show them on the docs didn't work anymore # How the Problems Are Solved - remove / from details tag, so it is properly rendered - changing link source from tag to auto - Someone already forked the repository and made it available for docusaurus v3, we integrated the forked version --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
86 lines
4.4 KiB
Plaintext
86 lines
4.4 KiB
Plaintext
---
|
|
title: A ZITADEL Load Balancing Example
|
|
---
|
|
|
|
import CodeBlock from '@theme/CodeBlock';
|
|
import DockerComposeSource from '!!raw-loader!./docker-compose.yaml'
|
|
import ExampleTraefikSource from '!!raw-loader!./example-traefik.yaml'
|
|
import ExampleZITADELConfigSource from '!!raw-loader!./example-zitadel-config.yaml'
|
|
import ExampleZITADELSecretsSource from '!!raw-loader!./example-zitadel-secrets.yaml'
|
|
import ExampleZITADELInitStepsSource from '!!raw-loader!./example-zitadel-init-steps.yaml'
|
|
import NoteInstanceNotFound from '../troubleshooting/_note_instance_not_found.mdx';
|
|
|
|
With this example configuration, you create a near production environment for ZITADEL with [Docker Compose](https://docs.docker.com/compose/).
|
|
|
|
The stack consists of three long-running containers:
|
|
- A [Traefik](https://doc.traefik.io/traefik/) reverse proxy with upstream HTTP/2 enabled, issuing a self-signed TLS certificate.
|
|
- A secure ZITADEL container configured for a custom domain. As we terminate TLS with Traefik, we configure ZITADEL for `--tlsMode external`.
|
|
- An insecure [PostgreSQL](https://www.postgresql.org/docs/current/index.html).
|
|
|
|
The setup is tested against Docker version 20.10.17 and Docker Compose version v2.2.3
|
|
|
|
By executing the commands below, you will download the following files:
|
|
|
|
<details>
|
|
<summary>docker-compose.yaml</summary>
|
|
<CodeBlock language="yaml">{DockerComposeSource}</CodeBlock>
|
|
</details>
|
|
<details>
|
|
<summary>example-traefik.yaml</summary>
|
|
<CodeBlock language="yaml">{ExampleTraefikSource}</CodeBlock>
|
|
</details>
|
|
<details>
|
|
<summary>example-zitadel-config.yaml</summary>
|
|
<CodeBlock language="yaml">{ExampleZITADELConfigSource}</CodeBlock>
|
|
</details>
|
|
<details>
|
|
<summary>example-zitadel-secrets.yaml</summary>
|
|
<CodeBlock language="yaml">{ExampleZITADELSecretsSource}</CodeBlock>
|
|
</details>
|
|
<details>
|
|
<summary>example-zitadel-init-steps.yaml</summary>
|
|
<CodeBlock language="yaml">{ExampleZITADELInitStepsSource}</CodeBlock>
|
|
</details>
|
|
|
|
```bash
|
|
# Download the docker compose example configuration.
|
|
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/loadbalancing-example/docker-compose.yaml
|
|
|
|
# Download the Traefik example configuration.
|
|
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/loadbalancing-example/example-traefik.yaml
|
|
|
|
# Download and adjust the example configuration file containing standard configuration.
|
|
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-config.yaml
|
|
|
|
# Download and adjust the example configuration file containing secret configuration.
|
|
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-secrets.yaml
|
|
|
|
# Download and adjust the example configuration file containing database initialization configuration.
|
|
wget https://raw.githubusercontent.com/zitadel/zitadel/main/docs/docs/self-hosting/deploy/loadbalancing-example/example-zitadel-init-steps.yaml
|
|
|
|
# A single ZITADEL instance always needs the same 32 bytes long masterkey
|
|
# Generate one to a file if you haven't done so already and pass it as environment variable
|
|
tr -dc A-Za-z0-9 </dev/urandom | head -c 32 > ./zitadel-masterkey
|
|
export ZITADEL_MASTERKEY="$(cat ./zitadel-masterkey)"
|
|
|
|
# Run the database and application containers
|
|
docker compose up --detach
|
|
```
|
|
|
|
Make `127.0.0.1` available at `my.domain`. For example, this can be achieved with an entry `127.0.0.1 my.domain` in the `/etc/hosts` file.
|
|
|
|
Open your favorite internet browser at [https://my.domain/ui/console/](https://my.domain/ui/console/).
|
|
You can safely proceed, if your browser warns you about the insecure self-signed TLS certificate.
|
|
This is the IAM admin users login according to your configuration in the [example-zitadel-init-steps.yaml](./example-zitadel-init-steps.yaml):
|
|
- **username**: *root@<span></span>my-org.my.domain*
|
|
- **password**: *RootPassword1!*
|
|
|
|
Read more about [the login process](/guides/integrate/login/oidc/login-users).
|
|
|
|
<NoteInstanceNotFound/>
|
|
|
|
## Troubleshooting
|
|
|
|
You can connect to cockroach like this: `docker exec -it loadbalancing-example-my-cockroach-db-1 cockroach sql --host my-cockroach-db --certs-dir /cockroach/certs/`
|
|
For example, to show all login names: `docker exec -it loadbalancing-example-my-cockroach-db-1 cockroach sql --database zitadel --host my-cockroach-db --certs-dir /cockroach/certs/ --execute "select * from projections.login_names3"`
|