diff --git a/cmd/start/start.go b/cmd/start/start.go index 7d9c87d7c0..b3d24cd2f1 100644 --- a/cmd/start/start.go +++ b/cmd/start/start.go @@ -13,6 +13,8 @@ import ( "time" clockpkg "github.com/benbjohnson/clock" + "github.com/common-nighthawk/go-figure" + "github.com/fatih/color" "github.com/gorilla/mux" "github.com/spf13/cobra" "github.com/spf13/viper" @@ -22,6 +24,7 @@ import ( "golang.org/x/net/http2" "golang.org/x/net/http2/h2c" + "github.com/zitadel/zitadel/cmd/build" "github.com/zitadel/zitadel/cmd/key" cmd_tls "github.com/zitadel/zitadel/cmd/tls" "github.com/zitadel/zitadel/internal/actions" @@ -111,6 +114,8 @@ type Server struct { } func startZitadel(config *Config, masterKey string, server chan<- *Server) error { + showBasicInformation(config) + ctx := context.Background() dbClient, err := database.Connect(config.Database, false) @@ -454,3 +459,29 @@ func shutdownServer(ctx context.Context, server *http.Server) error { logging.New().Info("server shutdown gracefully") return nil } + +func showBasicInformation(startConfig *Config) { + fmt.Println(color.MagentaString(figure.NewFigure("Zitadel", "", true).String())) + http := "http" + if startConfig.TLS.Enabled || startConfig.ExternalSecure { + http = "https" + } + + consoleURL := fmt.Sprintf("%s://%s:%v/ui/console\n", http, startConfig.ExternalDomain, startConfig.ExternalPort) + healthCheckURL := fmt.Sprintf("%s://%s:%v/debug/healthz\n", http, startConfig.ExternalDomain, startConfig.ExternalPort) + + insecure := !startConfig.TLS.Enabled && !startConfig.ExternalSecure + + fmt.Printf(" ===============================================================\n\n") + fmt.Printf(" Version : %s\n", build.Version()) + fmt.Printf(" TLS enabled : %v\n", startConfig.TLS.Enabled) + fmt.Printf(" External Secure : %v\n", startConfig.ExternalSecure) + fmt.Printf(" Console URL : %s", color.BlueString(consoleURL)) + fmt.Printf(" Health Check URL : %s", color.BlueString(healthCheckURL)) + if insecure { + fmt.Printf("\n %s: you're using plain http without TLS. Be aware this is \n", color.RedString("Warning")) + fmt.Printf(" not a secure setup and should only be used for test systems. \n") + fmt.Printf(" Visit: %s \n", color.CyanString("https://zitadel.com/docs/self-hosting/manage/tls_modes")) + } + fmt.Printf("\n ===============================================================\n\n") +} diff --git a/docs/docs/self-hosting/manage/tls_modes.mdx b/docs/docs/self-hosting/manage/tls_modes.mdx index bb67ee90fe..dc34dca07e 100644 --- a/docs/docs/self-hosting/manage/tls_modes.mdx +++ b/docs/docs/self-hosting/manage/tls_modes.mdx @@ -2,8 +2,8 @@ title: TLS Modes --- -To allow ZITADEL to be run on any kind of infrastrucute it allows to configure on how tho handle TLS connections. -There are three mode of operation: `external`, `enabled`, `disabled`. +To allow ZITADEL to be run on any kind of infrastructure it allows to configure on how tho handle TLS connections. +There are three mode of operation: `external`, `enabled`, `disabled`. Generally this command is set as argument while starting ZITADEL. For example like this: @@ -11,18 +11,18 @@ Generally this command is set as argument while starting ZITADEL. For example li zitadel start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled ``` -## External +## External The mode `external` allows you to configure ZITADEL in such a way that it will instruct its clients to use https. However ZITADEL delegates the management of TLS connections to a reverseproxy, web application firewall or a service mesh. ## Enabled -When using the mode `enabled` ZITADEL is setup to await incoming connections in an encrypted fashion. +When using the mode `enabled` ZITADEL is setup to await incoming connections in an encrypted fashion. Wether it is from a client directly, a reverseproxy or web application firewall. This allows http connections to be secured at the transport level the whole way. -If you use the mode `enabled` you need to configure ZITADEL with the nessecary TLS settings. +If you use the mode `enabled` you need to configure ZITADEL with the necessary TLS settings. ```yaml TLS: @@ -31,17 +31,17 @@ TLS: # either directly or by a path to the corresponding file Enabled: true # Path to the private key of the TLS certificate, it will be loaded into the Key - # and overwrite any exising value + # and overwrite any existing value KeyPath: #/path/to/key/file.pem # Private key of the TLS certificate (KeyPath will this overwrite, if specified) Key: # # Path to the certificate for the TLS connection, it will be loaded into the Cert - # and overwrite any exising value + # and overwrite any existing value CertPath: #/path/to/cert/file.pem # Certificate for the TLS connection (CertPath will this overwrite, if specified) Cert: # ``` - + ## Disabled With the mode `disabled` ZITADEL is instructed to await all connections with plain http without TLS. @@ -55,4 +55,4 @@ Be aware this is not a secure setup and should only be used for test systems! ## HTTP/2 To allow ZITADEL to function properly please make sure that HTTP/2 is enabled. If you are using the mode `external` or `disabled` make sure to verify h2c compatibilty. -You can read more about how ZITADEL utilizes in our [HTTP/2 docs](/self-hosting/manage/http2). \ No newline at end of file +You can read more about how ZITADEL utilizes in our [HTTP/2 docs](/self-hosting/manage/http2). diff --git a/go.mod b/go.mod index 74ff7c774a..962e107dd3 100644 --- a/go.mod +++ b/go.mod @@ -15,11 +15,13 @@ require ( github.com/benbjohnson/clock v1.3.0 github.com/boombuler/barcode v1.0.1 github.com/cockroachdb/cockroach-go/v2 v2.3.3 + github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be github.com/descope/virtualwebauthn v1.0.2 github.com/dop251/goja v0.0.0-20230402114112-623f9dda9079 github.com/dop251/goja_nodejs v0.0.0-20230322100729-2550c7b6c124 github.com/drone/envsubst v1.0.3 github.com/envoyproxy/protoc-gen-validate v0.10.1 + github.com/fatih/color v1.13.0 github.com/go-ldap/ldap/v3 v3.4.4 github.com/go-webauthn/webauthn v0.8.2 github.com/golang/glog v1.1.1 @@ -95,6 +97,8 @@ require ( github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect github.com/gorilla/websocket v1.4.2 // indirect github.com/klauspost/cpuid/v2 v2.2.4 // indirect + github.com/mattn/go-colorable v0.1.12 // indirect + github.com/mattn/go-isatty v0.0.17 // indirect github.com/pelletier/go-toml/v2 v2.0.7 // indirect github.com/smartystreets/assertions v1.0.0 // indirect go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0 // indirect diff --git a/go.sum b/go.sum index 162c573e2b..0c5921a608 100644 --- a/go.sum +++ b/go.sum @@ -156,6 +156,8 @@ github.com/cockroachdb/cockroach-go/v2 v2.3.3 h1:fNmtG6XhoA1DhdDCIu66YyGSsNb1szj github.com/cockroachdb/cockroach-go/v2 v2.3.3/go.mod h1:1wNJ45eSXW9AnOc3skntW9ZUZz6gxrQK3cOj3rK+BC8= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= +github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ= +github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= @@ -247,6 +249,8 @@ github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6Ni github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y= github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= +github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= @@ -639,12 +643,17 @@ github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3v github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= +github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= +github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus= github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U= @@ -1160,7 +1169,9 @@ golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210629170331-7dc0b73dc9fb/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220207234003-57398862261d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1168,6 +1179,7 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=