CDN acceleration and security for this project are sponsored by Tencent EdgeOne
One‑click deployment of a ZeroTier Planet server, with Docker‑based containerized installation.
- Telegram Group: https://t.me/+JduuWfhSEPdlNDk1
- Group 1: 692635772
- Group 2: 785620313
- Group 3: 316239544
- Group 4: 1027678459
- ✅ Supports Linux/AMD64 and Linux/ARM64 architectures
- 🐳 Docker containerized deployment
- 📥 Supports downloading planet and moon configuration files via URL
- 🌐 Can be deployed as either a Moon or Planet server
- 🔧 Simple one‑click deployment script
- 📊 Visual, web‑based management UI
- 0. Managed Hosting
- 1. What Is ZeroTier?
- 2. Why Run Your Own PLANET Server?
- 3. Getting Started
- 4. Client Configuration
- 5. SSL for the Management Panel
- 6. Uninstall
- 7. FAQ
- 8. Roadmap
- 9. Risk Statement
- 10. Related Projects
- 11. Donations & Support
- 12. Acknowledgments
Looking for a hassle‑free solution?
We provide professional managed hosting:
| Item | Details |
|---|---|
| Trial | Free 3‑day trial |
| Annual Fee | ¥99 per year |
| Bandwidth | High‑speed 300 Mbit |
| Traffic Policy | 100 GB/month forwarded traffic; once peers connect via P2P, traffic is not counted. Beyond quota: ¥10 per additional 100 GB |
| Data Center | Premium route: Ningbo China Telecom |
| Contact | Telegram: https://t.me/uxkram, or join a QQ group and contact the admin |
Speed test:
Follow for the latest updates and technical posts:
ZeroTier is a powerful P2P VPN that lets you create your own virtual LAN over the public Internet. With it, you can easily access devices at home from anywhere—for example, reach your home NAS directly from the office or on mobile. Most importantly, devices connect peer‑to‑peer without going through a relay by default, which improves both performance and security.
The ZeroTier One client establishes P2P connections among devices (laptops, phones, servers, etc.), even when they are all behind NAT. Using techniques such as STUN, ZeroTier can traverse most NAT types to enable direct device‑to‑device communication. Only when direct connectivity fails does it fall back to relay.
Put simply, ZeroTier acts like a virtual Ethernet switch spanning the Internet, so devices distributed around the world can talk to each other as if they were on the same LAN.
| Concept | Description |
|---|---|
| PLANET (root servers) | The core root servers for the ZeroTier network. They handle network discovery and initial connections—the “central hub” of the ecosystem. |
| MOON (private roots) | User‑operated private root servers. They act as regional anchors to help nearby nodes connect faster and improve network performance. |
| LEAF (endpoints) | All devices that join a ZeroTier network—PCs, phones, servers, etc. These endpoints discover and communicate under the coordination of PLANET and MOON. |
This guide walks you through building your own private PLANET server so you have full control over your ZeroTier environment.
- Higher stability: The official roots are overseas; users in mainland China may see high latency and jitter. A self‑hosted PLANET can significantly improve link quality.
- Faster setup: A local PLANET server can help nodes establish P2P connectivity more quickly.
- Full control: Maintain complete control over your network configuration and tune it for your needs.
- Better privacy: Private deployment means your traffic does not traverse third‑party infrastructure by default.
- Reduced dependency: Avoid outages or fluctuations affecting the public root infrastructure.
Before you begin, make sure your server meets the following:
- ✅ Public IPv4 address
- ✅ Open these ports:
3443/tcp(management UI, adjust if needed)9994/tcp(ZeroTier transport, adjust if needed)9994/udp(ZeroTier transport, adjust if needed)
- ✅ Docker (container runtime)
- ✅ Git (to fetch the repository)
A recent Linux distribution is recommended, such as:
- Debian 12
- Ubuntu 20.04+
- Rocky Linux
- Other similar distributions
# Debian/Ubuntu, etc.
apt update && apt install git -y
# CentOS, etc.
yum update && yum install git -y
curl -fsSL https://get.docker.com | bash
Note: If network issues prevent installation, you can use a mainland China mirror. See: Install Docker.
service docker start
sudo tee /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://docker.mirrors.aster.edu.pl",
"https://docker.mirrors.imoyuapp.win"
]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
Official repository:
git clone https://github.com/xubiaolin/docker-zerotier-planet.git
Accelerated mirror:
git clone https://github.com/xubiaolin/docker-zerotier-planet.git
- Enter the project directory:
cd docker-zerotier-planet
- Run the deployment script:
./deploy.sh
- Choose an action:
Welcome to the zerotier-planet script. Choose an action:
1. Install
2. Uninstall
3. Update
4. Show Info
5. Exit
Enter a number:
Tip: The script typically completes in 1–3 minutes, depending on your network and hardware.
- Successful installation:
After the script completes, the planet and moon configuration files are generated in ./data/zerotier/dist.
You can retrieve them in either of two ways:
- Download from the URL shown upon completion, or
- Use
scpor another file transfer tool to fetch them from the server
Important: Keep these files safe—you will need them when configuring clients.
Open http://<server-ip>:3443 to access the controller.
Default credentials:
- Username:
admin - Password:
password
- After logging in, click Networks
- Click Add Network
- Enter a readable network name; other settings can remain at defaults
- Click Create Network
A Network ID will be generated—record it; you will need it for client setup.
-
Select Easy Setup
-
Generate the IP range
ZeroTier clients are available for:
- Windows
- macOS
- Linux
- Android
Download the Windows client from the official ZeroTier website.
Copy the planet file into C:\ProgramData\ZeroTier\One (this is a hidden directory—enable “show hidden items”).
-
Press
Win + Sand search for Services
-
Locate ZeroTier One and restart it
Open PowerShell as Administrator and run:
PS C:\Windows\system32> zerotier-cli.bat join <NETWORK_ID>
200 join OK
PS C:\Windows\system32>
Note:
<NETWORK_ID>is the ID created in the web UI above.
In the management UI, locate the new client and check Authorized.
The assigned ZeroTier IP will appear under IP assignment.
Run:
PS C:\Windows\system32> zerotier-cli.bat peers
200 peers
<ztaddr> <ver> <role> <lat> <link> <lastTX> <lastRX> <path>
fcbaeb9b6c 1.8.7 PLANET 52 DIRECT 16 8994 1.1.1.1/9993
fe92971aad 1.8.7 LEAF 14 DIRECT -1 4150 2.2.2.2/9993
PS C:\Windows\system32>
You should see both a PLANET and a LEAF peer with DIRECT links.
Steps:
- Install the Linux ZeroTier client
- Go to
/var/lib/zerotier-one - Replace the
planetfile in that directory - Restart the service:
service zerotier-one restart - Join the network:
zerotier-cli join <NETWORK_ID> - Approve the join request in the management UI
- Run
zerotier-cli peersand verify thePLANETrole appears
We recommend the Unofficial Android Client.
Steps:
- Go to
/Library/Application\ Support/ZeroTier/One/and replace theplanetfile - Restart ZeroTier‑One:
cat /Library/Application\ Support/ZeroTier/One/zerotier-one.pid | sudo xargs kill - Join the network:
zerotier-cli join <NETWORK_ID> - Approve the join request in the management UI
- Run
zerotier-cli peersand verify thePLANETrole appears
Steps:
- Install the ZeroTier client
- Go to
/etc/config/zero/planet - Replace the
planetfile - In the OpenWRT web UI, stop ZeroTier, then start it again
- Join the network from the OpenWRT web UI
- Approve the join request in the management UI
- Run
ln -s /etc/config/zero /var/lib/zerotier-one - Run
zerotier-cli peersand verify thePLANETrole appears
Option 1: Jailbreak
Install ZeroTier and replace the planet file (requires a jailbroken device).
Option 2: WireGuard
Use WireGuard to access the ZeroTier network indirectly.
Set up SSL via a reverse proxy (e.g., Nginx). Example configuration:
upstream zerotier {
server 127.0.0.1:3443;
}
server {
listen 443 ssl;
server_name {CUSTOM_DOMAIN}; # Replace with your domain
# SSL certificate paths
ssl_certificate <path to .pem or .crt>;
ssl_certificate_key <path to .key>;
# SSL tuning
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://zerotier;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name {CUSTOM_DOMAIN}; # Replace with your domain
return 301 https://$server_name$request_uri;
}
docker rm -f zerotier-planet
A: Check firewall rules. On Windows, allow inbound ICMP. Apply equivalent settings on Linux.
A: There is a plugin here (requires a jailbroken device): https://github.com/lemon4ex/ZeroTieriOSFix
A: This project removes the official roots and uses only your custom PLANET nodes.
A: Re‑deploy (treat it as a fresh installation).
A: Modify the LXC configuration and uncheck “unprivileged.” The config file is at /etc/pve/lxc/{ID}.conf.
For Proxmox < 7.0, add:
lxc.cgroup.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
For Proxmox ≥ 7.0, add:
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
A: Run ./deploy.sh and select the option to reset the password.
A: Check firewalls. If you’re on Alibaba Cloud, Tencent Cloud, etc., open the required ports in the provider console. Also open them on Linux itself (e.g., ufw).
A: Run zerotier-cli peers with admin privileges:
<ztaddr> <ver> <role> <lat> <link> <lastTX> <lastRX> <path>
69c0d507d0 - LEAF -1 RELAY
93caa675b0 1.12.2 PLANET -894 DIRECT 4142 4068 110.42.99.46/9994
ab403e2074 1.10.2 LEAF -1 RELAY
If your peer shows RELAY, traffic is being relayed.
A: ZeroTier uses UDP. Some regions may apply QoS to UDP. Consider OpenVPN if necessary.
A: Not yet.
A: Yes.
A: Yes—sample configuration:
version: '3'
services:
myztplanet:
image: xubiaolin/zerotier-planet:latest
container_name: ztplanet
ports:
- 9994:9994
- 9994:9994/udp
- 3443:3443
- 3000:3000
environment:
- IP_ADDR4=[IPV4IP ADDRESS]
- IP_ADDR6=
- ZT_PORT=9994
- API_PORT=3443
- FILE_SERVER_PORT=3000
volumes:
- ./data/zerotier/dist:/app/dist
- ./data/zerotier/ztncui:/app/ztncui
- ./data/zerotier/one:/var/lib/zerotier-one
- ./data/zerotier/config:/app/config
restart: unless-stopped
🥰 Your support accelerates development 🥰
- Multi‑PLANET support
- Customizable port 3443
- Split deployment of PLANET and controller
This project is for learning and research only. Commercial use is not encouraged. We are not liable for any loss incurred from using this project.
If this project helps you, consider supporting development:
Thanks to the following supporters—your encouragement keeps this project going.
In chronological order:
- 随性
- 我
- 你好
- Calvin
- 小猪猪的饲养员
- 情若犹在
- 天天星期天
- 啊乐
- 夏末秋至
- **忠
- 岸芷汀兰
- Kimi Chen
- 匿名
- 阳光报告旷课
- 濂溪先生
- Water
- 匿名
- 匿名
- 陆
- 精钢葫芦娃
- 唯
- 王小新
- 匿名
- Duck不必
