ZeroUI - ZeroTier Controller Web UI - is a web user interface for a self-hosted ZeroTier network controller.
Explore the screenshots »
Bug Report
·
Feature Request
·
Ask a Question
Table of Contents
This project is highly inspired by ztncui and was developed to address the current limitations of applying the self-hosted network controllers. Some ztncui problems cannot be fixed because of the core architecture of the project. ZeroUI tries to solve them and implements the following features:
Wait, I haven't heard about ZeroTier yet...ZeroTier is awesome open source project that is available on wide range of platforms. Most of your hard networking problems could be solved with ZeroTier. It could replace all your complex VPN setups. You can place all your devices on a virtual LAN and manage it easily. To sum up, ZeroTier combines the capabilities of VPN and SD-WAN, simplifying network management. |
Frontend:
Backend:
Ready to use deployment solution:
The recommended method to install ZeroUI is by using Docker and Docker Compose. To install Docker and Docker Compose on your system, please follow the installation guide from the official Docker documentation.
For HTTPS setup you will need a domain name. You can get it for free at https://www.duckdns.org.
The most simple one-minute installation. Great for the fresh VPS setup.
- Create a project directory
mkdir -p /srv/zero-ui/
cd /srv/zero-ui/
- Download the
docker-compose.yml
file
wget https://raw.githubusercontent.com/dec0dOS/zero-ui/main/docker-compose.yml
or
curl -L -O https://raw.githubusercontent.com/dec0dOS/zero-ui/main/docker-compose.yml
- Replace
YOURDOMAIN.com
with your domain name and set admin credentials (ZU_DEFAULT_PASSWORD
) indocker-compose.yml
- Pull the image
docker pull dec0dos/zero-ui
- Run the containers
docker-compose up -d --no-build
- Check if everything is okay (
CTRL-C
to stop log preview)
docker-compose logs -f
- Disable your firewall for the following ports:
80/tcp
,443/tcp
and9993/udp
- on Ubuntu/Debian with ufw installed:
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 9993/udp
- or you may use the old good iptables:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p udp --dport 9993 -j ACCEPT
- Navigate to
https://YOURDOMAIN.com/app/
. Now you could use your ZeroUI instance with HTTPS support and automated certificate renewal.
To disable Caddy proxy and HTTPS, remove the
https-proxy
fromdocker-compose.yml
, setZU_SECURE_HEADERS
tofalse
and change zero-ui portexpose
toports
.
Advanced manual setups are also supported. Check the following environment variables as a reference:
Name | Default value | Description |
---|---|---|
NODE_ENV | unset | You could learn more here |
LISTEN_ADDRESS | 0.0.0.0 |
Express server listen address |
ZU_SERVE_FRONTEND | true |
You could disable frontend serving and use ZeroUI instance as REST API for your ZeroTier controller |
ZU_SECURE_HEADERS | true |
Enables helmet |
ZU_CONTROLLER_ENDPOINT | http://localhost:9993/ |
ZeroTier controller API endpoint |
ZU_CONTROLLER_TOKEN | from /var/lib/zerotier-one/authtoken.secret |
ZeroTier controller API token |
ZU_DEFAULT_USERNAME | unset (docker-compose.yml : admin) |
Default username that will be set on the first run |
ZU_DEFAULT_PASSWORD | unset (docker-compose.yml : zero-ui) |
Default password that will be set on the first run |
ZU_DATAPATH | data/db.json |
ZeroUI data storage path |
ZU_DISABLE_AUTH | unset | If set to true, automatically log in all users. This is useful if ZeroUI is protected by an authentication proxy. Note that when this value is changed, the localStorage of instances of logged-in panels should be cleared |
ZU_LAST_SEEN_FETCH | true |
Enables Last Seen feature |
ZU_LAST_SEEN_SCHEDULE | */5 * * * * |
Last Seen cron-like schedule |
ZeroUI could be deployed as a regular nodejs web application, but it requires a ZeroTier controller that is installed with the zerotier-one
package. For more info about the network controller, you could read here.
For Ansible Role, please refer to zero-ui-ansible repo.
Controller setup tips (outside the Docker)
If you are using the existing controller on the host, it may be necessary to allow connection from the Docker container. You could do it in two ways:
- Allowing controller management from any IP address:
echo "{\"settings\": {\"portMappingEnabled\": true,\"softwareUpdate\": \"disable\",\"allowManagementFrom\": [\"0.0.0.0/0\"]}}" > /var/lib/zerotier-one/local.conf
Warning: don't forget to block connections to 9993/TCP from WAN. Direct controller API does not mean to be exposed to WAN, it should be proxified via the ZeroUI backend.
- Adding
network_mode: "host"
to zero-ui in docker-compose.yml.
More info is provided in the following discussion.
After installation, log in with your credentials that are declared with ZU_DEFAULT_USERNAME and ZU_DEFAULT_PASSWORD.
Currently, almost all main ZeroTier Central features are available. Refer to the roadmap for more information.
For the screenshots, please refer to the screenshots.
To get the latest version just run
docker-compose pull && docker-compose up -d --no-build
in the folder where docker-compose.yml
is located. Backup is not required as your data is saved in Docker volumes but recommended.
You could also set up watchtower for automatic updates.
docker run -d \
--name watchtower \
-v /var/run/docker.sock:/var/run/docker.sock \
--restart always \
containrrr/watchtower \
--cleanup --include-restarting \
zu-main zu-controller
You should regularly back up the zerotier-one
and data
folders in your ZeroUI installation directory.
You should do it manually before the upgrade via the following commands:
tar cvf backup-ui.tar data/
tar cvf backup-zt.tar zerotier-one/
See the open issues for a list of proposed features (and known issues).
- Top Feature Requests (Add your votes using the 👍 reaction)
- Top Bugs (Add your votes using the 👍 reaction)
- Newest Bugs
Please try to create bug reports that are:
- Reproducible. Include steps to reproduce the problem.
- Specific. Include as much detail as possible: which version, what environment, etc.
- Unique. Do not duplicate existing opened issues.
- Scoped to a Single Bug. One bug per report.
First off, thanks for taking the time to contribute! Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make will benefit everybody else and are greatly appreciated.
- Fork the project
- Create your feature branch (
git checkout -b feat/amazing_feature
) - Commit your changes (
git commit -m 'feat: add amazing_feature'
) - Push to the branch (
git push origin feat/amazing_feature
) - Open a Pull Request
ZeroUI uses conventional commits, so please follow the guidelines.
Run yarn commit
to open TUI that follows conventional commits guidelines.
To set up a development environment, please follow these steps:
- Clone the repo
git clone https://github.com/dec0dOS/zero-ui.git
cd zero-ui
- Install packages
yarn install
- Start the development server
yarn dev
- Navigate to http://localhost:3000
It is also required to install the ZeroTier controller. On Linux installing the zerotier-one
package is enough, other platforms require some tweaking. Firstly you should get the controller token. On macOS, you could find it with the following command:
sudo cat "/Library/Application Support/ZeroTier/One/authtoken.secret"
After you could start the ZeroUI development environment:
ZU_CONTROLLER_TOKEN=TOKEN_FROM_authtoken.secret yarn dev
For other platforms, please refer to ZeroTier manual.
Reach out to me at one of the following places:
ZeroUI follows good practices of security, but 100% security cannot be assured. ZeroUI is provided "as is" without any warranty. Use at your own risk.
For enterprise support, a more reliable and scalable solution, please use ZeroTier Central.
For more information and to report security issues, please refer to our security documentation.
ZeroUI is not affiliated or associated with or endorsed by ZeroTier Central or ZeroTier, Inc.
See LICENSE for more information.