Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Show HN: Zrok: open-source peer to peer sharing (openziti.io)
22 points by michaelquigley on Feb 7, 2023 | hide | past | favorite | 1 comment
zrok is a fun incubator project I've been working on over the last six months. The goal was to see how we could build a tool in the genre of "reverse-proxy-meets-streamlined-sharing", like a lot of the other tools that you probably know, already love, or use regularly.

I've been part of the OpenZiti team for years now, and it was an obvious choice to use OpenZiti as the foundation for zrok. We already know OpenZiti inside and out, and we know how it can best be leveraged to build a tool like this so that it's secure, zero-trust, and scalable, all while still keeping it friction-free and easy to use. I was a part of the team that designed much of what makes OpenZiti an amazing choice for developing things like zrok.

I started out exploring the primary use case supported by other tools like ngrok and it's friends... the typical "share a private HTTP endpoint on an ephemeral URL." I was able to get a basic solution up and working within a week or two. A primitive web console and some of the other bits were put together in about a month, and that was enough to start showing folks internally what was working and to get feedback. Another month or so and we had a v0.2, which we put up into a staging environment for testing and experimenting internally. Our team was starting to get excited about zrok.

Another couple of months of work and we've arrived at v0.3, which is what I'd like to share with you today.

In the discussions about v0.2, the (now obvious) idea came up to implement something that we're calling "private sharing". It works a lot like the traditional on-demand reverse proxy, except instead of exposing the private endpoint through a public HTTP listener, it binds the shared resource onto an OpenZiti network, where it can be accessed securely by another zrok client. This "other" zrok client exposes an HTTP listener wherever the user wants... but it's usually put on the loopback interface of that user's system. This allows the user to securely access the shared resource on their system as if it's local, even though it's somewhere else on a zero-trust network.

As we've started working through the development of v0.3, we've realized that we can incorporate other useful capabilities, like streamlined file sharing (elegant WebDAV integration is coming). As more people started using zrok internally, more and more ideas have surfaced. The buzz within our teams continues to build. And now we're hoping that you might enjoy it, also.

We've got big plans for zrok v0.4 and beyond. We think we can do some really interesting stuff that makes zero-trust, secure, peer-to-peer sharing work well for lots of users and use cases. Please don't mind some of our rough edges with v0.3. There's a lot that's unfinished, but there's a ton of promise and value in what's already available.

We have documentation and videos both on getting started as an end user of zrok, and also about self-hosting zrok in your own environment. zrok itself and all of its underlying dependencies are fully open-source, so you're free to start experimenting with it today.

NetFoundry, the company sponsoring the open-source development of both zrok and OpenZiti is also beta testing zrok.io, which is a public zrok instance that anyone will be able to sign up for and try out. That service is currently in a limited beta and requires an invite to get access. Feel free to reach out to [email protected] to request an invite. We'll try and get you set up with access as soon as we can.

Thank you for taking the time to check out zrok! We'd love to hear any feedback that you might have.



Later on: https://news.ycombinator.com/item?id=34709487




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: