How to setup ZeroTier One & ZTNCUI using docker-compose in just 2 minutes

First, create a directory for the ZeroTier One / ZTNCUI files to reside in, e.g.:

mkdir /opt/zerotier-mydomain

Now, create docker-compose.yml in that directory

services:
  ztncui:
    container_name: ztncui
    restart: always
    image: keynetworks/ztncui
    ports:
      - 9993:9993/udp
      - 3180:3180
      - 3443:3443
    volumes:
      - ./etc:/opt/key-networks/ztncui/etc
      - ./zt1:/var/lib/zerotier-one   

After that, create .env in said directory containing some info about your node:

NODE_ENV=production
HTTPS_PORT=3443
MYDOMAIN=zerotier.mydomain.com

Now we’ll use the script from Create a systemd service for your docker-compose project in 10 seconds in order to create a systemd service to automatically run the service:

curl -fsSL https://techoverflow.net/scripts/create-docker-compose-service.sh | sudo bash /dev/stdin

This script will also automatically start the service (i.e. docker-compose up). ZTNCUI (which comes packaged with ZeroTier One) will generate a temporary admin password automatically, which we can extract from the log using this simple command:

docker-compose exec ztncui cat /var/log/docker-ztncui.log | grep "Current Password" | tail -n 1

Example output:

2022/08/19 14:32:37 Current Password: esh0Eengai

Be sure to open the ports 9993/udp, 3180 and (unless you are using a reverse proxy) 3443 in your firewall, for example:

sudo ufw allow 9993/udp
sudo ufw allow 3180
sudo ufw allow 3443

Now we can open https://[IP]:3443 to open the webinterface (ignore the certificate validation error). You can also setup a reverse proxy at this stage, which we’ll cover in future posts.

You should see a page like this one:

Click Login at the top right:

Enter**admin** as username and the password we extracted above (esh0Eengai in this example).

You will be asked to change your password, and after that you can create ZeroTier networks.