zrok frontdoor

#1 Open Source Solution for Zero Trust Reverse Proxies

Let zrok do the security heavy lifting.

Delegate internet edge hardening, high availability, TLS certificates, and other IT concerns to zrok frontdoor.

Meet FrontDoor

What is Front Door?

zrok frontdoor protects servers behind a global distributed reverse proxy zero trust solution.

It securely shares a production website or service as a system daemon and background process.

zrok frontdoor is a truly “zero trust” connection over the Internet, not just a local network, using OpenZiti’s global distributed zero trust network.

It provides private or public, instant, secure tunneling of applications from anywhere.

How it works

  • zrok frontdoor is a zero trust reverse proxy allows a web application to be exposed securely without opening inbound ports.
  • The DNS record of the application is the only publicly visible record, and it is protected with zero trust policies.
  • zrok frontdoor is secured by using a zero trust overlay network built using OpenZiti and hosted by NetFoundry.

What you Get

Frontdoor Features

Zero Trust

zrok frontdoor uses OpenZiti’s mesh overlay network so that every user, device, and application attempting to connect is continuously authenticated and authorized.

Public or Private Sharing

zrok frontdoor streamlines developer endpoint sharing over the internet. It can also be a private dark, P2P, zero trust network.

Decentralized Services

zrok frontdoor is a distributed replacement for large centralized file-sharing platforms, video streaming platforms, and other services

Easy to use

zrok frontdoor includes a management console with a simple user experience as well as a Command Line Interface. You can Start sharing quickly with a single command or line of code

Self-hosted or Hosted

zrok frontdoor is available via open source software for on-premise deployments or can be used  in the cloud using NetFoundry’s multi-tenant cloud.

Free Option Available

The zrok source is open under the Apache 2.0 license, includes an SDK, and is a native application on the OpenZiti platform.

Easy to Migrate and Take In-House

If you build something on zrok frontdoor using zrok.io, you can take what you built and move it in-house to your own servers and take full control.


Specific Features

Controlled access

zrok frontdoor can require a shared password or allow specific email addresses or domains by enabling the Google or GitHub login option when you reserve your shared subdomain. The zrok.io front ends enforce your authentication policy before the traffic reaches your share.

Hardened entry point

The managed zrok.io front ends automatically handle failover scenarios and filter and mitigate anonymous abuse from the web.

Secure backhaul

The data link between the zrok.io front ends and your zrok share service is automatically encrypted. It can’t be eavesdropped, impersonated, or manipulated.

Convenient deployment

The lightweight zrok share service installs as a Linux package or a Docker Compose project. Scripts and Ansible playbook are published with the zrok frontdoor guide.

Management console

The zrok console beautifully visualizes usage metrics over useful time frames.

Activity logs

Every request your share service handles is logged on your server.


zrok Use Cases

Share a server

zrok runs a built-in web server to host a target directory of files, such as a website or index of downloads.
Share files
zrok Drive serves a target directory as a virtual network drive with WebDAV.
Share a service
zrok proxies a target web server that you specify as an HTTP/S URL. This allows you to easily and securely expose a webhook or web service (API).
Share a Caddy web server
A flexible option for sharing target which is a Caddyfile leveraging zrok‘s built-in Caddy server. Now you can do almost anything with zrok that you can do with Caddy.


Why We’re Different

  • Open source
  • Globally distributed
  • Production-ready
  • Elegant – embedded in code,  often the only solution which meets both security and innovation goals
  • Efficient –  integrated software solution that does not rely on security perimeter infrastructure of companies using it


Business Benefits
Internet security hardening, high availability, and scaling is hard to setup and maintain. There is complexity and high costs of personnel and software to maintain traditional secure infrastructure. Solution providers often have difficulty to integrating their web services, webhooks and API’s into secure corporate infrastructure. A zero trust approach removes the cost and complexity of security. Using a zero trust global distributed reverse proxy will deliver significant benefits including:

  • Save time
  • Reduce time to market
  • Reduce setup cost
  • Reduce operational support costs
  • Reduce risk
Frictionless Setup.
Free to use. Open Source.

Get sharing in minutes.

Please Star us on GitHub Star