openziti-controller (#3880)

* 'Add new script'

* adjust date

* change curl to harmonize

---------

Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com>
Co-authored-by: CanbiZ <47820557+MickLesk@users.noreply.github.com>

ct/openziti-controller.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: emoscardini
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/openziti/ziti
+
+APP="openziti-controller"
+var_tags="network;openziti-controller"
+var_cpu="2"
+var_ram="1024"
+var_disk="8"
+var_os="debian"
+var_version="12"
+var_unprivileged="1"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+   header_info
+   check_container_storage
+   check_container_resources
+   if [[ ! -d /opt/openziti ]]; then
+      msg_error "No ${APP} Installation Found!"
+      exit
+   fi
+   msg_info "Updating $APP LXC"
+   $STD apt-get update
+   $STD apt-get -y upgrade
+   msg_ok "Updated $APP LXC"
+   exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}https://${IP}:<port>/zac${CL}"

frontend/public/json/openziti-controller.json

@@ -0,0 +1,39 @@
+{
+    "name": "openziti-controller",
+    "slug": "openziti-controller",
+    "categories": [
+        4
+    ],
+    "date_created": "2025-04-14",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": null,
+    "documentation": "https://openziti.io/docs/reference/tunnelers/docker/",
+    "website": "https://www.openziti.io/",
+    "logo": "https://raw.githubusercontent.com/openziti/ziti-doc/main/docusaurus/static/img/ziti-logo-dark.svg",
+    "description": "OpenZiti is an open-source, zero trust networking platform that enables secure connectivity between applications, services, and devices. It provides secure, encrypted connections between clients and services, and can be used to create secure, zero trust networks.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/openziti-controller.sh",
+            "resources": {
+                "cpu": 2,
+                "ram": 1024,
+                "hdd": 8,
+                "os": "debian",
+                "version": "12"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
+    },
+    "notes": [
+        {
+            "text": "The Openziti Controller installation will prompt for configuration settings during installation.",
+            "type": "info"
+        }
+    ]
+}

install/openziti-controller-install.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: emoscardini
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/openziti/ziti
+
+source /dev/stdin <<< "$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt-get install -y gpg
+msg_ok "Installed Dependencies"
+
+msg_info "Installing openziti"
+mkdir -p --mode=0755 /usr/share/keyrings
+curl -fsSL https://get.openziti.io/tun/package-repos.gpg | gpg --dearmor -o /usr/share/keyrings/openziti.gpg
+echo "deb [signed-by=/usr/share/keyrings/openziti.gpg] https://packages.openziti.org/zitipax-openziti-deb-stable debian main" >/etc/apt/sources.list.d/openziti.list
+$STD apt-get update 
+$STD apt-get install -y openziti-controller openziti-console
+msg_ok "Installed openziti"
+
+read -r -p "Would you like to go through the auto configuration now? <y/N>" prompt
+if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
+  IPADDRESS=$(hostname -I | awk '{print $1}')
+  GEN_FQDN="controller.${IPADDRESS}.sslip.io"
+  read -r -p "Please enter the controller FQDN [${GEN_FQDN}]: " ZITI_CTRL_ADVERTISED_ADDRESS
+  ZITI_CTRL_ADVERTISED_ADDRESS=${ZITI_CTRL_ADVERTISED_ADDRESS:-$GEN_FQDN}
+  read -r -p "Please enter the controller port [1280]: " ZITI_CTRL_ADVERTISED_PORT
+  ZITI_CTRL_ADVERTISED_PORT=${ZITI_CTRL_ADVERTISED_PORT:-1280}
+  read -r -p "Please enter the controller admin user [admin]: " ZITI_USER
+  ZITI_USER=${ZITI_USER:-admin}
+  GEN_PWD=$(head -c128 /dev/urandom | LC_ALL=C tr -dc 'A-Za-z0-9!@#$%^*_+~' | cut -c 1-12)
+  read -r -p "Please enter the controller admin password [${GEN_PWD}]:" ZITI_PWD
+  ZITI_PWD=${ZITI_PWD:-$GEN_PWD}
+  CONFIG_FILE="/opt/openziti/etc/controller/bootstrap.env"
+  sed -i "s|^ZITI_CTRL_ADVERTISED_ADDRESS=.*|ZITI_CTRL_ADVERTISED_ADDRESS='${ZITI_CTRL_ADVERTISED_ADDRESS}'|" "$CONFIG_FILE"
+  sed -i "s|^ZITI_CTRL_ADVERTISED_PORT=.*|ZITI_CTRL_ADVERTISED_PORT='${ZITI_CTRL_ADVERTISED_PORT}'|" "$CONFIG_FILE"
+  sed -i "s|^ZITI_USER=.*|ZITI_USER='${ZITI_USER}'|" "$CONFIG_FILE"
+  sed -i "s|^ZITI_PWD=.*|ZITI_PWD='${ZITI_PWD}'|" "$CONFIG_FILE"
+  env VERBOSE=0 bash /opt/openziti/etc/controller/bootstrap.bash
+  msg_ok "Configuration Completed"
+  systemctl enable -q --now ziti-controller
+else
+  systemctl enable -q ziti-controller
+  msg_error "Configration not provided; Please run /opt/openziti/etc/controller/bootstrap.bash to configure the controller and restart the container"
+fi
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"