Limitless zrok with Docker

Kenneth BinghamKenneth Bingham
2 min read

Table of contents

You can conveniently run a zrok instance on a Linux server. The Caddy option makes it easy to auto-renew a wildcard certificate to protect the zrok API and your public shares with TLS.

What's This Good For?

  • You can publicly share websites, files, etc., with auth from your computers without punching holes in their inbound firewalls. This is called reverse tunneling. Your Linux server is public and acts as a relay.

  • You can privately share TCP/UDP services or create a VPN. You must give the other party an account on your instance. This is excellent for multi-player games, etc.

  • No limits — Maximize the use of your available bandwidth and compute.

  • Data sovereignty — Assuming you control your server, no third parties can access your data.

  • Availability — You control upgrades and uptime...which can be a double-edged sword!

The Needful Things

  • Install Docker on your Linux server.

  • Create a wildcard record in the zrok DNS zone for your Linux server's public IP address.

  • to enable Caddy TLS, you'll need an API token from your DNS provider.

The Short Version

curl https://get.openziti.io/zrok-instance/fetch.bash | bash

Then, configure your environment with an .env file

ZROK_DNS_ZONE=share.example.com

ZROK_USER_EMAIL=me@example.com
ZROK_USER_PWD=zrokuserpw

ZITI_PWD=zitiadminpw
ZROK_ADMIN_TOKEN=zroktoken

# if you don't plan to enable Caddy TLS,
#  set this to publish insecure ports
ZROK_INSECURE_INTERFACE=0.0.0.0

...and start the containers.

docker compose up --build

Enable Caddy TLS

If you have an API token from your DNS provider, you can add these values to your .env file to configure Caddy to auto-renew a wildcard certificate for your zrok DNS zone.

CADDY_DNS_PLUGIN=cloudflare
CADDY_DNS_PLUGIN_TOKEN=abcd1234

Enable Caddy by renaming the extra compose file.

mv caddy.compose.override.yml compose.override.yml

Restart the containers.

docker compose up --build --force-recreate

The Longer Version

Here's a link to the full guide used in the video.

Get in Touch

Visit us in our Discourse community if you have any ideas or questions.

0
Subscribe to my newsletter

Read articles from Kenneth Bingham directly inside your inbox. Subscribe to the newsletter, and don't miss out.

self-hostedDocker composetunnelingzrokopenziti

Written by

Kenneth Bingham
Kenneth Bingham

I'm crafting developer experiences with zrok and OpenZiti from NetFoundry