Home Hosting

Disclaimer: Please consider the privacy policy of your lab and university and other applicable laws and regulations. Keep in mind that you are responsible for any violations. We cannot be held responsible or liable for any damage done by using our software or this instruction.

Use at your own risk.

As stated in our license, there is no warranty and we take no responsibility for any damage, loss of data or other consequences if you follow this instruction. We do not recommend following these instructions.

This document is still a work-in-progress.

Set secure passwords!


  1. Bridging - Make your VM accessible in your local Network
  2. Port Forwarding - Make your VM reachable over the internet
  3. Obtain a SSL certificate for your domain

This instruction makes your local z-Tree unleashed set up globally reachable. It is important to note, that it is sufficient that these steps need only to be applied to your server. Then the experimenters might connect to a running instance of z-Tree and start the session remotely.

Use DynDns, portforwarding and HTTPS

  • Possible application: Running zTree unleashed experiments from home without a “Thin” server


  • A registered domain name supporting DynDNS
  • A router / ISP allowing port forwarding (for a specific range)
  • Having clarified that you have the permission to run experiments from home with your Data Protection Officer or some other person.

A list of providers:

Reasons why not to use this instruction:

  • You do not know whether you are allowed to do this.
  • You are not allowed to do this.
  • An unstable connection could make your results worthless.
  • It could make your local network globally reachable and prone to attacks.
  • Your router does not allow port forwarding.


1. Bridging. Make your VM reachable in your local network

Right-click on the right VM and select ‘Settings…’

Attach your Network from ‘NAT’ to the ‘Bridged Adapter’

Select your current Adapter which connects your PC to the internet.

(In my case I have WiFi. Therefore I have selected …Wireless-AC…). Most likely your adapter has another name.

After starting your Virtual Machine, it should appear as a entry on its own in the table of your router.

(These images are specific to my Fritz!Box. The options may not even be available in your own router.)

Ensure, that your virtual machine will always get the same IP-address. (Refer to your routers’ handbook or your local internet service provider)

Your VM should now be reachable in your local network. You may obtain your ip address by opening the terminal emulator and typing ip a.

Type this IP address into your browsers‘ URL bar. Alternatively you may just enter http://zunleashed/

You’ll see the default nginx (a light Webserver) page of your VM. This means that you are connected to it. Now you may use any other computer in your local network and access this page (given that your router allows communication between devices in your network).

You now may initialize z-Tree unleashed and start local experimens with computers which connected to the same local network.

2. Make your VM globally reachable

2.1 Forward the necessary firewall ports in your router

Refer to the handbook of your router and if possible forward ports 50001 to 50255 (TCP). The application doesn’t matter.

If your router does not allow port forwarding, you cannot continue. Please stop here. It's futile. If you cannot establish port forwardings, you MUST use a "Thin" server.

For later, in order to obtain a SSL Certificate (for using HTTPS) from Let’s encrypt we need to open port 80, too.

Again, this is specific to my router

Now your computer might be accessed from the Internet by just entering your (likely ephemeral) public IP address and a corresponding port.

Using DynDNS to make your changing public IP static

Skip this if you already have a static IP address.

Kept short, DynDNS is a service that links a domain name to your (ephemeral) IP address. This means that you do not have to enter your IP address in the browsers’ URL bar, but may use a domain name owned by you and that stays the same over time. It is important to note that this approach is not always available and it might lead to data loss in the case of your IP address changing while you are conducting an experiment. Then subjects would click on their URLs and would not reach your network as it might not be updated in your DynDNS providers’ database in time. In this case you should manually update your address, but you have to be concious of this issue.

You have two choices here:

  1. If your router supports a built-in DynDNS you may use it. Please refer to the handbook of your router and check whether this is the case.
  2. If not, install ddclient and let your virtual machine update your IP to your DynDNS provider.

Enable DynDNS from within your virtual machine

This intructions install ddclient

You will a good instruction on how to set up ddclient on the following website (The steps are essentially the same):

Now your Virtual Machine should be reachable over the internet.

Obtain a SSL certificate for your domain

In this next step we will secure your connection with a SSL certificate and use https.


  • A static IP address (or made static using DynDNS)
  • owning the domain name pointing to this IP address
  • forwarding port 80 and depending on the use case forwarding ports 50001 - 50255 or 49152 - 65536.

Obtain a SSL certificate with Let’s Encrypt.

(Note: You’ll need to forward port 80 to obtain and renew this certificate)

1. Enter sudo apt-get install python-certbot-nginx in your ‘Terminal Emulator’

This command installs the bot which will obtain the certificates for you.

2. Enter certbot --nginx -d INSERT_YOUR_DOMAIN_NAME_HERE

This requests and installs the certificates.

3. Enter your email address / Agree to the terms of service / Decide whether to share your email address

If this process is successfull your certificate will be saved.

Remember both paths as you will need to enter them during the initialization of z-Tree unleashed.

Installing the certificates

1. First run ‘Initialize zTu’

2. Choose model ‘0’

3. Enter your domain name

4. First enter the path to the file called fullchain.pem obtained above:

Secondly enter the path to the file called privkey.pem

This applies only if you use your router at home. Do not do this as otherwise the range for our proposed port hopping gets reduced and it becomes less secure.

Note: We need to reduce the range of ports used by ztree unleashed ports to the range you forwarded in your router.

So it looks like the following:

Save and close this file. (If you start a high number of subjects you migh get stuck in an infinite loop while starting z-Tree unleashed. To prevent this, set port1 and port2 to start from 50256. )

Now start a session by pressing ‘Start session’

Note: You need an already transferred copy of z-Tree and z-Leaf in the folder /share/ztree.

Using a web browser on another machine:

Your virtual machine is globally reachable and each connection is using HTTPS.

More information