mess with ports

env.template

@@ -1,5 +1,5 @@
 DOMAIN=localhost
 
-SMTP_USERNAME=admin
+SMTP_USER=admin
 SMTP_HOST=localhost
 SMTP_PORT=587

services/auth.yaml

@@ -20,11 +20,19 @@ services:
       ZITADEL_DATABASE_COCKROACH_HOST: crdb
       ZITADEL_EXTERNALSECURE: true
       ZITADEL_EXTERNALDOMAIN: auth.${DOMAIN}
-      ZITADEL_EXTERNALPORT: 8321
+      ZITADEL_EXTERNALPORT: 443
       ZITADEL_WEBAUTHN_NAME: ${DOMAIN}
+      ZITADEL_FIRSTINSTANCE_ORG_NAME: basement
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME: ${ADMIN_USER}
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD: ${ADMIN_PASS}
+      ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROM: basement
+      ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROMNAME: ${DOMAIN}
+      ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_HOST: "${SMTP_HOST}:${SMTP_PORT}"
+      ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_USER: ${SMTP_USER}
+      ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_PASSWORD: ${SMTP_PASS}
     secrets:
       - MASTER_KEY
-    command: "start-from-init --masterkeyFile /run/secrets/MASTER_KEY --tlsMode disabled"
+    command: "start-from-init --masterkeyFile /run/secrets/MASTER_KEY --tlsMode external"
     depends_on:
       generate-secrets:
         condition: 'service_completed_successfully'
@@ -33,7 +41,7 @@ services:
       crdb:
         condition: 'service_healthy'
     ports:
-      - '8321:8080'
+      - '8080:8080'
 
   crdb:
     restart: unless-stopped

services/auth/Proxyfile

@@ -1,3 +1,4 @@
-auth.{$DOMAIN} {
-	reverse_proxy zitadel:8321
+auth.{$DOMAIN}:443 {
+    reverse_proxy zitadel:8080
+    tls internal
 }

services/web/Containerfile

@@ -1,8 +1,8 @@
-FROM caddy:2.7.5-builder-alpine AS builder
+FROM caddy:builder-alpine AS builder
 
 RUN xcaddy build \
     --with github.com/mholt/caddy-webdav
 
-FROM caddy:latest
+FROM caddy:alpine
 
 COPY --from=builder /usr/bin/caddy /usr/bin/caddy