Home Hosting


You will need:

  • A registered domain name supporting Dynamic DNS (a list of providers: https://help.ubuntu.com/community/DynamicDNS [)]{.ul}
  • A router / ISP allowing port forwarding (for a specific range)
  • Clarify that you have the permission to run experiments from home with your Data Protection Officer or some other person.

Port Forwarding

  • Open the settings (right click) of your zTu virtual machine (VM)

  • Go to Network settings and keep your Network attached to ‘NAT’

  • Click on ‘Advanced’ and then on ‘Port Forwading’

  • Now you need to open port 80 for Let’s Encrypt (for later) and port 443 to make your VM globally reachable. To do this you need to define each of the ports as both ‘Host port’ and ‘Guest Port’. You can leave ‘Host IP’ and ‘Guest IP’ blank.

  • Also open these two ports (80, 443) on your router. Forward these two ports to your host machine (i.e., the machine running VirtualBox and the zTu VM)

Let’s Encrypt Certificate

For the following steps you need to be logged in as root/sudo.

It is also important that you chose the model 0 in your zTu configuration…

… and that you entered your registered domain name when asked for the host name. Otherwise you can still change this in your settings.

  • Now you need to install ‘certbot’ with the following two commands (all of these commands are run in the Terminal Emulator):
sudo apt update
sudo apt install -y certbot
  • Certbot uses port 80. To check if other processes are binding to the port enter:
sudo ss -lntp 'sport = 80'
  • If the output shows a program, it is likely nginx. Stop nginx temporarily with sudo systemctl stop nginx.

  • Finally you can create the certificates for your registered domain with this command:

sudo certbot certonly --standalone
  • After running the command successfully you will get a confirmation that the files with the cerficate and private key are created and where they are saved. Normally it’s in /etc/letsencrypt/live/[yourdomainname]/fullchain.pem and /etc/letsencrypt/live/[yourdomainname]/privkey.pem . Go to zTu’s settings and insert the paths when asked for the SSL certificate and private key.

  • You can now delete the port forwardings in your router as well as the VM for port 80. Note that Let’s Encrypt certificates are valid for only 3 months at a time. Hence, once you run certbot renew, you need to re-establish the port forwarding for port 80. Do not delete the port forwarding for port 443.

  • If you previously stopped nginx, start it with sudo systemctl start nginx.

Your VM should now be globally reachable.