Getting Started
Here is a quick tutorial to get your Zoraxy up and running to serve your self-hosted site.
If you have having issue with the docker version of Zoraxy, see here.
Visit the release page and get Zoraxy that matches your server's OS and CPU architecture.
For those who are not experience with networking in dockerized environment, DO NOT use the docker version. Most of the Zoraxy functions are automated based on different kind of protocol sniffing logics and usually require direct access to the networking interface and original (unmodified) request. Zoraxy will still works in docker with incorrect network settings, but you might see unexpected routing / access control behavior or incorrect statistics.
If you are using Linux, system daemon can be setup using systemctl. You can follow the steps mentioned here to create the service file.
If you are using Windows, you can first create a desktop shortcut for Zoraxy and move the shortcut inside your startup folder. Afterward, when your computer finished startup, Zoraxy will also be started automatically.
By default, Zoraxy management ui (webmin UI) will be listening on port 8000. Open the port 8000 with a modern browser with your server IP address (e.g. if your server is located at 192.168.0.100, open http://192.168.0.100:8000 in your browser)
Afterward, you will see a new account registration interface. Enter your administrator username and password and click confirm. Next, you can login to your Zoraxy using your newly created account.
After your account is setup and logged in, you will see the Zoraxy management interface
Lets assume your DNS has already been configured to point a certain domain to Zoraxy. If no, you should go to your DNS provider and create an A record that point to the IP address of which your Zoraxy is hosted. Here is an example where the 93.184.216.34 should be changed to your server's (public) IP address and example.com is your domain.
| Name | Type | Data | TTL | Class |
|---|---|---|---|---|
| example.com | A | 93.184.216.34 | 86400 | IN |
If you are hosting Zoraxy under an NAT router, remember to port forward the required ports (usually port 80 and 443) to your server that is hosting Zoraxy.
By default, Zoraxy listens to port 80 (default http port). You can check if Zoraxy is working by visiting http://server_ip_here/ and you should be able to see the Zoraxy build in static web server.
If no, please make sure your Static Web server is enabled and the default site is set to "Internal Static Web Server"
If everything is working, once you enter your domain name into your browser and connect to it using HTTP (e.g. http://you_domain.com), you should be able to see the static web server page identical as what you would see when visiting your server via LAN IP address (e.g. http://server_ip_here/`)
Let say you have another web server in LAN with LAN IP 192.168.0.101 providing another web server at port 8080 which you want to expose using subdomain (e.g. http://arozos.example.com). Also lets assume you already have a subdomain CNAME record set in your DNS provider that points to the A record of your domain which looks something like this
| Name | Type | Data | TTL | Class |
|---|---|---|---|---|
| example.com | A | 93.184.216.34 | 86400 | IN |
| arozos.example.com | CNAME | example.com | 600 | IN |
Then you can teach Zoraxy how to route traffics if the visitor is coming from arozos.example.com. To do that, you first go to Create Proxy Rules > Fill in all the information > Create Endpoint and fill in the information as follows.
- If your service requires TLS connections (i.e. you must connect to it using https://), check the "Proxy Target require TLS Connection" options.
- Sometime, these services might also uses a self-signed certificate. In such case, you will also need to open the "Advance Setting" dropdown menu and select "Ignore TLS/SSL Verification Error" option.
- Websocket is automatically proxied using header sniffing detection approach. You do not need to setup websocket manually and Zoraxy will decided when to switch to websocket for you.
After the setup is completed, you will see your subdomain being registered in the HTTP Proxy List as follows.
To setup TLS/SSL certificate for your site, you can go to the TLS / SSL certificates tab. Scroll to the bottom of the page and click on the "Open ACME tool".
Next, you will need to fill in the ACME Email with your own network manager email, click "Save" and click "Enable Certificate Auto Renew".
Then, go to "Generate New Certificate" at the bottom of the snippet, enter your domain name(s) and click "Get Certificate".
If you have multiple (sub)domain names, you can also add them with comma "," as separator. In the matching rule name, use the longest common suffix for all your domains. In the example below, example.com is used as Matching Rule for subdomains s1.example.com, s2.example.com and s3.example.com.
Certificate generation will take a few minutes. After it is completed, you can go to the "Status Tab" and enable "Use TLS to serve proxy request" and change the Inbound Port to 443. Usually, it is recommended to enable "Enable HTTP server on port 80" and "Force HTTP to HTTPS redirect" unless your ISP is blocking port 80 inbound access to your server.
Now, you should be able to visit your site with https://arozos.example.com and see a valid TLS certificate being loaded. If you see a self-signed certificate, which means your "Get Certificate" steps is not successful. You might want to use the HTTPS wizard and try to debug your networking issues. You can find the link to the build in HTTPS wizard under the "Get Certificate" button.
