docs/book/src/zerocode/remote.md
Connect zerocode on your workstation to a daemon running on another machine (Raspberry Pi, home server, VPS, etc.).
Generate a self-signed TLS certificate:
<div class="os-tabs-src">openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 \
-keyout ~/.zeroclaw/wss.key \
-out ~/.zeroclaw/wss.cert \
-days 3650 -nodes -subj '/CN=zeroclaw'
Enable WSS. Set the wss config through the Config pane (or the gateway / zeroclaw config set). Use absolute paths; the config does not expand ~.
Open the firewall port:
<div class="os-tabs-src">sudo ufw allow 9781/tcp
The default WSS port is 9781. Change it with port = <number> in the [wss] section.
Start (or restart) the daemon:
<div class="os-tabs-src">zeroclaw daemon
You should see a log line confirming the WSS listener started on 0.0.0.0:9781.
Connect with TLS verification skipped:
<div class="os-tabs-src">zerocode --connect wss://<remote-ip>:9781 --tls-skip-verify
--tls-skip-verify is required for self-signed certificates. The HMAC session signing still authenticates the connection.
That's it. zerocode reconnects automatically if the connection drops.
The wss section:
| Field | Default | Description |
|---|---|---|
enabled | false | Enable the WSS listener |
bind | 0.0.0.0 | Bind address |
port | 9781 | Listen port |
cert_path | (none) | Absolute path to PEM certificate |
key_path | (none) | Absolute path to PEM private key |