HTTP Tunnels

Web Relay assigns random hexadecimal names to the created HTTP tunnels. This is okay for one-time personal uses or development.

But if you’re displaying the URL at a hackathon or integrating with a third-party webhook or just use it regularly, it can be frustrating if it is difficult to read and remember. You can specify a custom subdomain for your tunnel URL when you are creating a new tunnel:

$ relay tunnel create www --subdomain demo-1

To specify a tunnel name when using connect command:

$ relay connect --name www http://localhost:4000/
Connecting: <----> http://localhost:4000/
1.5110973039938712e+09 info client starting {"version": "develop"}
1.5110973041917999e+09 info adding HTTP tunnel ---> http://localhost:4000/
1.511097304192018e+09 info tunnel proxy configuration updated

Password protection

Anyone who can guess your tunnel URL can access your local or private web service unless you protect it.

To enable HTTP Basic Auth provide --username and --password flags:

relay connect --username foo --password bar http://localhost:4000

Accessing a URL now will prompt users for credentials.

Token protection

Similarly to HTTP Basic Auth you can also specify token protection. Tokens are easier to pass around:

relay connect --subdomain landing  --token <token>

Even though basic auth and token protection can prevent unwanted visitors to your websites, it is advisable to also enable SSL.


Encrypt communication to and from your website using HTTPS. It is important to encrypt as much web traffic as possible to prevent data theft and other tampering. This is a critical step toward building a safer, better Internet.

Traffic between an agent and the public service is always encrypted and encryption cannot be disabled.

There are several crypto options for tunnels:

To create a tunnel with flexible encryption use --crypto flexible flag:

$ relay connect --crypto flexible http://localhost:4000/
Connecting: <----> http://localhost:4000/ <----> http://localhost:4000/

HTTPS is available for all paid plans on all tunnels.

Custom domains

You can have your tunnel on non domain. To do this, when creating a tunnel, specify hostname (you can also create it through the web UI):

relay connect --host http://localhost:4000/

Now, if you go to tunnels page, you should see a CNAME specified next to your tunnel name such as Now, using your DNS provider add a CNAME record for and point it to

Keep in mind that since we don’t have certificates for your domain, they won’t match (our certificate is for * If you have a TLS key and certificate, use TLS tunnel.

Tunnels with Docker

When using with Docker webhookrelayd container needs a way to communicate with other containers. For this, we can use “links”. Here’s an example how to connect to a running container called jupyter:

docker run --link jupyter:jupyter -e KEY=TokenKey -e SECRET=TokenSecret webhookrelay/webhookrelayd:latest --mode tunnel -t jupyter

Tunnels for Kubernetes

Do you want to use tunnels inside Kubernetes? See ingress section for installing and configuring Kubernetes ingress controller.