- Bridging - Make your VM accessible in your local Network
- Port Forwarding - Make your VM reachable over the internet
- Obtain a SSL certificate for your domain
This instruction makes your local z-Tree unleashed set up globally reachable. It is important to note, that it is sufficient that these steps need only to be applied to your server. Then the experimenters might connect to a running instance of z-Tree and start the session remotely.
Use DynDns, portforwarding and HTTPS
- Possible application: Running zTree unleashed experiments from home without a “Thin” server
- A registered domain name supporting DynDNS
- A router / ISP allowing port forwarding (for a specific range)
- Having clarified that you have the permission to run experiments from home with your Data Protection Officer or some other person.
A list of providers:
Reasons why not to use this instruction:
- You do not know whether you are allowed to do this.
- You are not allowed to do this.
- An unstable connection could make your results worthless.
- It could make your local network globally reachable and prone to attacks.
- Your router does not allow port forwarding.
REMEMBER TO STICK TO THE RULES DEFINED BY YOUR LAB!
1. Bridging. Make your VM reachable in your local network
Right-click on the right VM and select ‘Settings…’
Attach your Network from ‘NAT’ to the ‘Bridged Adapter’
Select your current Adapter which connects your PC to the internet.
(In my case I have WiFi. Therefore I have selected …Wireless-AC…). Most likely your adapter has another name.
After starting your Virtual Machine, it should appear as a entry on its own in the table of your router.
(These images are specific to my Fritz!Box. The options may not even be available in your own router.)
Ensure, that your virtual machine will always get the same IP-address. (Refer to your routers’ handbook or your local internet service provider)
Your VM should now be reachable in your local network. You may obtain your ip address by opening the terminal emulator and typing
Type this IP address into your browsers‘ URL bar. Alternatively you may just enter http://zunleashed/
You’ll see the default nginx (a light Webserver) page of your VM. This means that you are connected to it. Now you may use any other computer in your local network and access this page (given that your router allows communication between devices in your network).
You now may initialize z-Tree unleashed and start local experimens with computers which connected to the same local network.
2. Make your VM globally reachable
2.1 Forward the necessary firewall ports in your router
Refer to the handbook of your router and if possible forward ports 50001 to 50255 (TCP). The application doesn’t matter.
For later, in order to obtain a SSL Certificate (for using HTTPS) from Let’s encrypt we need to open port 80, too.
Again, this is specific to my router
Now your computer might be accessed from the Internet by just entering your (likely ephemeral) public IP address and a corresponding port.
Using DynDNS to make your changing public IP static
Skip this if you already have a static IP address.
Kept short, DynDNS is a service that links a domain name to your (ephemeral) IP address. This means that you do not have to enter your IP address in the browsers’ URL bar, but may use a domain name owned by you and that stays the same over time. It is important to note that this approach is not always available and it might lead to data loss in the case of your IP address changing while you are conducting an experiment. Then subjects would click on their URLs and would not reach your network as it might not be updated in your DynDNS providers’ database in time. In this case you should manually update your address, but you have to be concious of this issue.
You have two choices here:
- If your router supports a built-in DynDNS you may use it. Please refer to the handbook of your router and check whether this is the case.
- If not, install
ddclientand let your virtual machine update your IP to your DynDNS provider.
Enable DynDNS from within your virtual machine
This intructions install
You will a good instruction on how to set up ddclient on the following website (The steps are essentially the same):
Now your Virtual Machine should be reachable over the internet.
Obtain a SSL certificate for your domain
In this next step we will secure your connection with a SSL certificate and use https.
- A static IP address (or made static using DynDNS)
- owning the domain name pointing to this IP address
- forwarding port 80 and depending on the use case forwarding ports 50001 - 50255 or 49152 - 65536.
Obtain a SSL certificate with Let’s Encrypt.
(Note: You’ll need to forward port 80 to obtain and renew this certificate)
sudo apt-get install python-certbot-nginx in your ‘Terminal Emulator’
This command installs the bot which will obtain the certificates for you.
certbot --nginx -d INSERT_YOUR_DOMAIN_NAME_HERE
This requests and installs the certificates.
3. Enter your email address / Agree to the terms of service / Decide whether to share your email address
If this process is successfull your certificate will be saved.
Remember both paths as you will need to enter them during the initialization of z-Tree unleashed.
Installing the certificates
1. First run ‘Initialize zTu’
2. Choose model ‘0’
3. Enter your domain name
4. First enter the path to the file called
fullchain.pem obtained above:
Secondly enter the path to the file called
This applies only if you use your router at home. Do not do this as otherwise the range for our proposed port hopping gets reduced and it becomes less secure.
Note: We need to reduce the range of ports used by ztree unleashed ports to the range you forwarded in your router.
So it looks like the following:
Save and close this file. (If you start a high number of subjects you migh get stuck in an infinite loop while starting z-Tree unleashed. To prevent this, set port1 and port2 to start from 50256. )
Now start a session by pressing ‘Start session’
Note: You need an already transferred copy of z-Tree and z-Leaf in the folder
After your clients start your link list should contain your domain and the correct port range.
Test one of the links in the local browser: (It uses https and the lock appears)
Using a web browser on another machine:
Your virtual machine is globally reachable and each connection is using HTTPS.