---
title: "Docker container | WebhookRelay"
meta:
  "og:description": "How to use Webhook Relay client with Docker to start forwarding webhooks to your internal services and open tunnels to expose your services"
  "og:title": "Docker container"
  description: "How to use Webhook Relay client with Docker to start forwarding webhooks to your internal services and open tunnels to expose your services"
---

![Stripes](https://webhookrelay.com/docs/installation/docker/images/stripes.svg)

Documentation

**Fundamentals**

# **Docker container**

How to use Webhook Relay client with Docker to start forwarding webhooks to your internal services and open tunnels to expose your services

## [Prerequisites](#prerequisites)

- Docker, installation instructions: [https://docs.docker.com/engine/install/](https://docs.docker.com/engine/install/)
- Webhook Relay account, get your token here: [https://my.webhookrelay.com/tokens](https://my.webhookrelay.com/tokens)

## [Forward webhooks](#forward-webhooks)

1. Go to [https://my.webhookrelay.com/buckets](https://my.webhookrelay.com/buckets) and create a bucket and where you want to forward the webhooks
2. Go to the [tokens page](https://my.webhookrelay.com/tokens) and get your access key and secret

```
export RELAY_KEY=<replace with your key>
export RELAY_SECRET=<replace with your secret>
```

1. Start a webhookrelayd agent:

```
docker run -d \
  --name whr-relayd \
  --restart always \
  -e RELAY_KEY=${RELAY_KEY} \
  -e RELAY_SECRET=${RELAY_SECRET} \
  -e BUCKETS=<bucket name> \
  webhookrelay/webhookrelayd:latest
```

If you are using self-signed certificates on your internal side, specify `INSECURE` environment variable to skip validation:

```
INSECURE=true
```

## [Open a tunnel](#open-a-tunnel)

1. Go to [https://my.webhookrelay.com/tunnels](https://my.webhookrelay.com/tunnels) and create a tunnel with your desired destination
2. Start a bidirectional tunnel:

```
docker run --name whr-relayd \
  --net host \
  --restart always \
  -d webhookrelay/webhookrelayd:latest \
  --mode tunnel -t mytunnelname -k [access key] -s [access secret]
```

Here _webhookrelayd_ commands:

- **--mode tunnel** indicates that it should start bidirectional tunnel
- **-t mytunnelname** acts as a filter, it has to match the tunnel name that you have created previously
- **-k access key** is your authentication token key
- **-s access secret** is your authentication token secret

You can also specify these details through environment variables:

```
KEY=<your token key>
SECRET=<your token secret>
TUNNELS=<comma separated list of tunnels>
REGION=<region - eu, au, us-west (defaults to eu)>
```

Did this page help you?