This repository is meant to help people use zrok to run Foundry Virtual Tabletop (VTT). There are two basic sections, using
a zrok public share, accessible to anyone on the internet who knows the url or a zrok private share, where their users need
to also have zrok installed and is only available via zrok (but available to anyone who has zrok running).
- download/install/start Foundry VTT and make sure it works
- download the latest zrok for windows and invite yourself to the platform. See this video for a quick/easy walkthrough walkthrough of the process.
- if you didn't watch/follow the video above, put the zrok.exe somewhere you can find, for example c:\zrok\zrok.exe
- if you didn't watch/follow the video above, invite yourself to zrok using: zrok invite. see https://docs.zrok.io/docs/getting-started/#generating-an-invitation
- zrok enablethe server. see Enabling Your zrok Environment
- download: the start-server script
- if zrok isn't on your path, edit the script and update the PATH_TO_ZROK with the location of your zrok.exe or provide it when running the script. It's really easiest if you just watch and follow that video.
A public Foundry VTT server is one that is exposed to anyone on the internet but to access the server people will need to know your special url. This makes it highly unlikely for random people to find your Foundry server, it won't be scannable by traditional port scanning. Still you should follow the Foundry VTT best practices for securing your game. Use strong passwords, etc.
Another nice bonus is that with zrok, you'll be getting HTTPS/TLS for free since https://zrok.io or the self-hosted zrok instances will enable it. This option is great for most people since it will make it very easy to expose your Foundry VTT server without needing to setup TLS and without needing to figure out how to forward ports in your firewall. You can also run this from anywhere, even if you pick your laptop/pc up and move it. You won't have to deal with IP addresses, dynamic DNS, etc.
To run a public Foundry VTT server run the start-server.ps1 script with the -Public option as shown (the script is not signed, research this if you don't understand it):
  powershell.exe -ExecutionPolicy Bypass -File start-server.ps1 -Public
Note
This will release any pre-existing share, then share it back again "publicly".
Inviting people to join your publicly hosted Foundry VTT server is incredibly easy. When the screen pops up, just send them the url! Tell them their username and password and have fun! (so easy)
A "private" Foundry VTT server is one that is not exposed to the internet at all. In order to access the server, your friends will need to know the special token --and-- they will have to run zrok as well. It has all the benefits of a public VTT server except it tunnels the traffic from clients to the server securely using a fully zero trust connection (mutual TLS etc) without the need for setting TLS up in the Foundry server. That does have the down side of forcing you how to figure out using TLS/certs so you can configure voice/video chat, but it's entirely hidden from the internet. If there's demand for it, I'll see if I can figure out an easy guide for that, but I expect there's plenty online already.
Here's how you keep your Foundry VTT server even away from the public entirely.
To run a zrok-private Foundry VTT server run the start-server.ps1 script without the -Public option as shown (the script is not signed, research this if you don't understand it):
  powershell.exe -ExecutionPolicy Bypass -File start-server.ps1
Note
This will release any pre-existing share, then share it back again "privately".
- 
download/install zrok as described in the prerequisites 
- 
zrok enablethe client. see Enabling Your zrok Environment
- 
download the start-client script 
- 
if zrok isn't on your path, update the start-client script and update the PATH_TO_ZROK with the location of your zrok.exe or provide it when running the script It's really easiest if you just watch and follow that video. 
- 
run start-client.ps1(the script is not signed, research this if you don't understand it):powershell.exe -ExecutionPolicy Bypass -File start-client.ps1
- 
when the start-client.ps1script executes, you'll be prompted to enter the secret token from the server:

