docker/openziti/router.docker-compose.yml

# Adapted from https://get.openziti.io/dist/docker-images/ziti-router/compose.yml

services:
  chown-router:
    image: busybox
    command: chown -R ${ZIGGY_UID:-2171} /ziti-router
    volumes:
      - ./router:/ziti-router

  ziti-router:
    image: ${ZITI_ROUTER_IMAGE:-openziti/ziti-router}
    depends_on:
      chown-router:
        condition: service_completed_successfully
    user: ${ZIGGY_UID:-2171}
    volumes:
      - ./router:/ziti-router
    # these declared vars pass through to container and should be assigned in an .env file or exported from parent env
    # to ensure consistency throughout the compose project
    environment:
      # *** these are the important vars to set ***
      ZITI_CTRL_ADVERTISED_ADDRESS: ${ZITI_CTRL_ADVERTISED_ADDRESS:-ziti-controller}  # domain name of the controller (required)
      ZITI_CTRL_ADVERTISED_PORT: ${ZITI_CTRL_ADVERTISED_PORT:-1280}                   # exposed port of the controller
      ZITI_ENROLL_TOKEN: ${ZITI_ENROLL_TOKEN:-}                                       # enrollment token for this router (required)
      ZITI_ROUTER_ADVERTISED_ADDRESS: ${ZITI_ROUTER_ADVERTISED_ADDRESS:-ziti-router}  # domain name for this router (default: the container ID [hostname -f])
      ZITI_ROUTER_PORT: ${ZITI_ROUTER_PORT:-3022}                                     # exposed port for this router
      ZITI_ROUTER_MODE: ${ZITI_ROUTER_MODE:-host}                                     # none, host, tproxy, tproxy (default: host, tproxy requires additional config below)

      # *** less relevant vars below ***
      ZITI_BOOTSTRAP: true             # bootstrap the router if "true"
      ZITI_BOOTSTRAP_CONFIG: true      # make config file from env vars and defaults if "true," overwrite if "force"; requires ZITI_BOOTSTRAP=true
      ZITI_BOOTSTRAP_ENROLLMENT: true  # enroll with controller if "true," overwrite if "force"; requires ZITI_BOOTSTRAP=true
      ZITI_AUTO_RENEW_CERTS: true      # renew certs every startup
      ZITI_ROUTER_TYPE: ${ZITI_ROUTER_TYPE:-edge}  # edge or fabric
      ZITI_BOOTSTRAP_CONFIG_ARGS:      # additional arguments to "ziti create config ${ZITI_ROUTER_TYPE:-edge} --tunnelerMode ${ZITI_ROUTER_MODE:-host}"

    command: run config.yml
    ports:
      - ${ZITI_INTERFACE:-0.0.0.0}:${ZITI_ROUTER_PORT:-3022}:${ZITI_ROUTER_PORT:-3022}
    restart: unless-stopped
    healthcheck:
      test:
        - CMD
        - ziti
        - agent
        - stats
      interval: 3s
      timeout: 3s
      retries: 5
      start_period: 15s