zrok - Secure Sharing
Share local services via secure tunnels using a self-hosted zrok instance.
Quick Reference
| Command | Description |
|---|---|
zrok share public http://localhost:PORT | Share publicly, get https URL |
zrok share private http://localhost:PORT | Share privately, get token |
zrok access private TOKEN | Connect to private share |
zrok status | Check current configuration |
zrok reserve public --unique-name NAME | Reserve persistent subdomain |
Public Sharing
Expose a local service with a public HTTPS URL:
# Share a web server
zrok share public http://localhost:3000
# Returns: https://xyz123.z.spamt.net
# Share a directory as file server
zrok share public --backend-mode web /path/to/files
# Share with reserved name (persistent URL)
zrok reserve public http://localhost:3000 --unique-name myapp
zrok share reserved myapp
# Always: https://myapp.z.spamt.net
Private Sharing
Share only with other zrok users (end-to-end encrypted):
# Machine A - share
zrok share private http://localhost:3000
# Returns token: abc123xyz
# Machine B - access
zrok access private abc123xyz
# Creates: http://127.0.0.1:9191 -> Machine A's localhost:3000
Setup New Machine
# Install (macOS)
brew install zrok
# Install (Linux)
curl -sSLf https://get.openziti.io/install.bash | sudo bash -s zrok
# Configure endpoint (one-time)
zrok config set apiEndpoint https://z.spamt.net
# Enable with account token (one-time per machine)
# Get token from admin or web console
zrok enable <token>
Web Console
https://z.spamt.net - View active shares, manage account, get enable tokens
Troubleshooting
# Check if enabled
zrok status
# Re-enable if issues
zrok disable
zrok enable <token>
# Verify connectivity
curl https://z.spamt.net/api/v1/version