Limitless zrok with Docker

Limitless zrok with Docker

Self-hosted zrok with a Caddy TLS Option

You can conveniently run a zrok instance on a Linux server. The Caddy option makes it easy to auto-renew a wildcard certificate to protect the zrok API and your public shares with TLS.

What's This Good For?

  • You can publicly share websites, files, etc., with auth from your computers without punching holes in their inbound firewalls. This is called reverse tunneling. Your Linux server is public and acts as a relay.

  • You can privately share TCP/UDP services or create a VPN. You must give the other party an account on your instance. This is excellent for multi-player games, etc.

  • No limits — Maximize the use of your available bandwidth and compute.

  • Data sovereignty — Assuming you control your server, no third parties can access your data.

  • Availability — You control upgrades and uptime...which can be a double-edged sword!

The Needful Things

  • Install Docker on your Linux server.

  • Create a wildcard record in the zrok DNS zone for your Linux server's public IP address.

  • to enable Caddy TLS, you'll need an API token from your DNS provider.

The Short Version

curl | bash

Then, configure your environment with an .env file


# if you don't plan to enable Caddy TLS,
#  set this to publish insecure ports

...and start the containers.

docker compose up --build

Enable Caddy TLS

If you have an API token from your DNS provider, you can add these values to your .env file to configure Caddy to auto-renew a wildcard certificate for your zrok DNS zone.


Enable Caddy by renaming the extra compose file.

mv caddy.compose.override.yml compose.override.yml

Restart the containers.

docker compose up --build --force-recreate

The Longer Version

Here's a link to the full guide used in the video.

Get in Touch

Visit us in our Discourse community if you have any ideas or questions.