Trouble Getting Zrok Connected to Docker Container

zrok
1

Preliminaries:

  • Ubuntu 24.04 LTS (fresh install)

  • Docker - installed per instructions & running

  • Zrok - installed per instructions & running

What Works

blaze@base:$ zrok enable F##########M
⣯  the zrok environment was successfully enabled...
blaze@base:$ zrok reserve public http://localhost:9000
... your reserved share token is 'y##########d'
... reserved frontend endpoint: https://y##########d.share.zrok.io
blaze@base:$ zrok share reserved y##########d
... sharing target: 'http://localhost:9000'
... using existing backend target: http://localhost:9000

That URL successfully tunnels into the running docker container (which happens to be running portainer - but it could very well be anything.)

It is my goal/preference/desire to use the zrok installed on the system. I'm trying to keep this as simple as possible. So at this point I am NOT interested in running zrok inside a container.

What Doesn't Work

Now I want the link to be semi-permanent. So I attempt to follow the instructions found at Docker Share. My complete docker compose file looks like this:

services:
  portainer:
    container_name: portainer
    image: portainer/portainer-ce:lts
    command: -H unix:///var/run/docker.sock
    restart: unless-stopped
    ports:
    - 9000:9000
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - /home/blaze/portainer/data:/data
  zrok:
    image: openziti/zrok
    restart: unless-stopped
    user: "1000"  #this is the UID for user blaze
    volumes:
    - ${HOME}/.zrok:/home/ziggy/.zrok
    environment:
      PFXLOG_NO_JSON: "true"
    command: share reserved "y##########d" --headless --insecure

Have also tried user: ${UID} & 0 (as root) without success.

Have also tried with and without --headless --insecure.

What Also Doesn't Work

I've read through about a dozen posts, finding this one most interesting.

So I tried this to see if it would forward within the container:

blaze@base$ zrok reserve public http://portainer:9000
... your reserved share token is '4##########p'
... reserved frontend endpoint: https://4##########p.share.zrok.io

and then I had to change the composed file to this:

    command: share reserved "4##########p" --headless --insecure

But no luck. I got this feeling I am missing an .env file someplace. But it doesn't say anything about it on the Getting Started With Docker page in the documents.

I can see both shares inside the API.

In most cases I simply get the zrok "not found" error. Some combinations (when I changed the user) resulted in my getting a 502 page.

Any help would be greatly appreciated.

2

Further Testing with PHPmyAdmin

Tested docker compose

services:
  php_master:
    image: phpmyadmin:latest
    container_name: php_master
    restart: unless-stopped
    ports:
      - 8080:80
    volumes:
      - /home/blaze/phpadmin/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
    environment:
      - "PMA_ARBITRARY=1"
  zrok:
    image: openziti/zrok
    restart: unless-stopped
    user: "1000"
    volumes:
      - /home/blaze/.zrok:/home/ziggy/.zrok
    environment:
      PFXLOG_NO_JSON: "true"
    command: share public --headless http://localhost:8080

When run the container loads and I am given a public share.

But when tried to access get 502.

blaze@base:~/phpadmin$ sudo docker compose up 
[+] Running 1/1
 ✔ Container phpadmin-zrok-1  Recreated                                                                                                                                  0.1s 
Attaching to php_master, zrok-1
php_master  | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.2. Set the 'ServerName' directive globally to suppress this message
php_master  | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.2. Set the 'ServerName' directive globally to suppress this message
php_master  | [Sat Nov 01 18:21:38.437396 2025] [mpm_prefork:notice] [pid 1:tid 1] AH00163: Apache/2.4.65 (Debian) PHP/8.3.27 configured -- resuming normal operations
php_master  | [Sat Nov 01 18:21:38.437427 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
zrok-1      | [   6.596]    INFO main.(*sharePublicCommand).shareLocal: access your zrok share at the following endpoints:
zrok-1      |  https://zjwownptt0li.share.zrok.io
zrok-1      | [  56.796]    INFO main.(*sharePublicCommand).shareLocal: [] -> GET /
zrok-1      | [  56.797]   ERROR zrok/endpoints/proxy.newReverseProxy.func2: error proxying: dial tcp [::1]:8080: connect: connection refused

... I'll keep testing.

3

SOLVED

blaze@base:~/$ zrok reserve public http://portainer:9000
...      your reserved share token is '8s8ffea06niy'
...      reserved frontend endpoint: https://8s8ffea06niy.share.zrok.io

And this is the docker composed file

services:
  portainer:
    container_name: portainer
    image: portainer/portainer-ce:lts
    command: -H unix:///var/run/docker.sock
    restart: unless-stopped
    ports:
      - 9000:9000
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/blaze/portainer/data:/data
#    environment:
#      - TRUSTED_ORIGINS=6lznrphk0h15.share.zrok.io
  zrok:
    image: openziti/zrok
    restart: unless-stopped
    user: "1000"
    volumes:
      - /home/blaze/.zrok:/home/ziggy/.zrok
    environment:
      PFXLOG_NO_JSON: "true"
    command: share reserved "8s8ffea06niy" --headless

Hope this helps someone else.

2 Likes