Howdy,
Zrok has worked well from the cli for me. Currenly using the payed hosted solution from zrok.io with reserved shares following the instructions with
zrok reserve public {port} --unique-name "myshare"
and then
zrok share reserved "myshare"
I was hoping i could set this up with nssm - so that i could just have my persistent reserved share always start on this machine. I'm using zrok to securely expose a locally running API i've written in fastify that runs on port 3001.
it works great when i manually do the above, but have not yet figured out a way to make this persistent and automatic with some service.
I may next try to do it using pm2. Does anyone have any suggestions?
Our hosts are windows based field computers that have cell modems, so zrok is nice cuz i can expose the service without exposing the ip, and have the traffic encrypted.
You want a zrok background service to auto-start on a Windows OS like Windows 11, correct?
I'm not personally familiar with how nssm or pm2 define background services, but perhaps we can evaluate one of those options with you if neither of these fit the bill.
Two things:
good news - this is a feature of a near-future version of zrok which will have a cross-platform agent and GUI app
good news? - you can do this today with Docker Desktop, if you're willing to use Docker.
Download the appropriate zrok share compose.yml example (Compose Project file).
Load the Compose Project in Docker Desktop.
Set your zrok account token and share mode and share target in the Compose Project's .env file.
Start the Compose Project.
I noticed the Docker frontdoor guide I mentioned focuses on zrok public shares, and that fits the case you described with a reserved public share. It is also possible to use Docker Desktop on Windows (or macOS, Linux) to define an always-on background zrok private share, not only zrok public shares.
This is coming in v1.0 (soon, 1Q)... but that won't ship with a native Windows service wrapper, so it's still worth exploring if something like nssm will work well with zrok. The new zrok Agent, wrapped as a Windows service would work really well.
If you want to try an existing zrok share reserved with nssm (or pm2) @rylincoln, I'll happily do what I can to support you. There shouldn't be any reason why this should not work?
If there's something that ends up getting created for nssm (or even pm2), we could certainly try and include it in the zrok repository.
Howdy, so i figured out that nssm does work i just needed to tell the service to run as my local user since i think that is where the zrok env setup exists and the config for the unique-name reservation. it was originally trying to run as local system.
So i may have overcomplicated things but now it's working.
and then scheduled this script to start with nssm... then i discovered the issue was that the service was running as local system and zrok env was in my local user account.
So I think i can just direclty schedule zrok versus schedule a ps1 script to start zrok as long as i set the user account to be the one that has the zrok env setup... was just trying things out until i realized the root of my problem.
ANyhow it is working now. and also v1.0 sounds great!
I thought about using docker but my ultimate goal is to create an installer using inno setup that installs and starts my api (bun build --compile) exe, and then installs and starts zrok with a reserved name. I figured adding docker into the mix might further confuse me.
zrok uses the HOME environment variable (USERPROFILE on Windows, I believe) to find its .zrok folder where the zrok enable-d environment and credentials live. That might be related to why it wasn't working when you run it as local system.
You might be able to set USERPROFILE to a specific folder and as long as the service account has permissions on that folder, it would probably be fine.
This means you'll be able to run zrok agent start as a service and use the CLI to add/remove shares from it, and the agent will support the ability to preserve/restart/manage multiple shares from that single service. Eventually, later this year, you'll also be able to "enroll" a remote agent with the zrok instance to allow it to be remotely managed from the console at api.zrok.io.
I appreciate that! Very heads down working on the new API console (the user interface is getting a massive refresh). Once that's done, we'll be shifting into starting to figure out how to get 1.0 out the door. Once we get there, I'll probably reach out...
Hey @rylincoln thank you for that thread and all provided comments - they are valuable. Actually our company is a fresh user of zrok (we started this week) and we are facing the same problem as you. We would like to write windows script (which would be executed on hundreds of machines of our clients) that install zrok (an maybe nssm if anything native like sc can not be used) and starts it in a "deamon" mode so it would keep runing even if someone would close terminal or would restart machine.
Would you mind to share your current results if you have any on that front (unfortunately our team has more Linux than Windows so we are looking for support)? If there is no such option I completely understand, and please feel free to reject that request.
In this installer I've got the script working to check for nssm in c:\bin folder, if it doesn't already exist to download it, unarchive it and place it in c:\bin.
I'm not sure how to do this across hundreds of client machines but maybe having an installer would help?
The reason i'm using inno setup to install zrok is that i'm also having it install a custom api that i've compiled to exe written in typescript using bun build --compile. And i want a novice user to be able to setup this system on multiple field computers.
Ultimate goal is have the setup ask user few questions and then have it install
nssm
zrok
my custom app
Setup custom app with nssm and start it
setup zrok to tunnel traffic to custom app and start as service with nssm.
I think this command works to start zrok as service with nssm, however i haven't handled everything for allowing local system account access the zrok enabled env that's in my local user account automatically yet. So after running this i go into the services manager and setup this service to run as my local user account (not the local system account which would be better probably)
