You can conveniently run a zrok instance on a Linux server. The Caddy option makes it easy to auto-renew a wildcard certificate to protect the zrok API and your public shares with TLS.
What's This Good For?
You can publicly share websites, files, etc., with auth from your computers without punching holes in their inbound firewalls. This is called reverse tunneling. Your Linux server is public and acts as a relay.
You can privately share TCP/UDP services or create a VPN. You must give the other party an account on your instance. This is excellent for multi-player games, etc.
No limits — Maximize the use of your available bandwidth and compute.
Data sovereignty — Assuming you control your server, no third parties can access your data.
Availability — You control upgrades and uptime...which can be a double-edged sword!
The Needful Things
Install Docker on your Linux server.
Create a wildcard record in the zrok DNS zone for your Linux server's public IP address.
to enable Caddy TLS, you'll need an API token from your DNS provider.
The Short Version
curl https://get.openziti.io/zrok-instance/fetch.bash | bash
Then, configure your environment with an .env
file
ZROK_DNS_ZONE=share.example.com
ZROK_USER_EMAIL=me@example.com
ZROK_USER_PWD=zrokuserpw
ZITI_PWD=zitiadminpw
ZROK_ADMIN_TOKEN=zroktoken
# if you don't plan to enable Caddy TLS,
# set this to publish insecure ports
ZROK_INSECURE_INTERFACE=0.0.0.0
...and start the containers.
docker compose up --build
Enable Caddy TLS
If you have an API token from your DNS provider, you can add these values to your .env
file to configure Caddy to auto-renew a wildcard certificate for your zrok DNS zone.
CADDY_DNS_PLUGIN=cloudflare
CADDY_DNS_PLUGIN_TOKEN=abcd1234
Enable Caddy by renaming the extra compose file.
mv caddy.compose.override.yml compose.override.yml
Restart the containers.
docker compose up --build --force-recreate
The Longer Version
Here's a link to the full guide used in the video.
Get in Touch
Visit us in our Discourse community if you have any ideas or questions.