Self-hosted deployment

To start using self-hosted Webhook Relay tunnelling server, follow this guide. Tunnelling server is called Transponder.

Transponder image can be found at (webhookrelay/transponder:latest).

Available features

Getting a license

To get a license key for self-hosted Webhook Relay version (Transponder) please email [email protected]. Proof-of-Concept trial licenses are available free of charge.

Installing on cloud providers

Cloud agnostic examples

Various examples for deployment are available here:

Using Docker-Compose

This is an example from

First, clone repository:

git clone
cd webhook-forwarding


  1. Create a new file .env
  2. Copy & paste contents of .env.example file to .env and change the details such as admin username, password API key (key has to remain UUID format) and secret.

TLS Options

Option 1: No TLS (when your own firewall/load balancer does HTTPS termination)

If you don’t need TLS in Transponder:

Alternatively, if you do need encryption for the agent and you are doing TLS termination in front of the Transponder, you can use --ws flag when running forward command:

relay forward --ws -b my-bucket

Option 2: TLS Configuration

For TLS configuration you can choose between self-signed certificates and the ones provided by Let’s Encrypt.

For production instance, set CA_URL= in your .env file. Although it’s recommended to first try out your setup with staging CA so you don’t hit Let’s Encrypt rate limits.

Option 3: Let’s Encrypt certificates (TLS-ALPN challenge)

TLS-ALPN challenge is nice to use with webhook forwarding because you don’t need a wildcard cert and this method doesn’t require 3rd credentials from a DNS provider. Transponder uses this method by default, so just set this environment variable:

Your server must be reachable from the Internet (by Let’s Encrypt server).

Option 4: Using DNS challenge

It is recommended to use DNS challenge when you need a wildcard cert or your server is not reachable from the public Internet. Transponder supports Cloudflare as a DNS challenge provider. To use it instead of the TLS-ALPN challenge, set these additional variables:


This will ensure that during boot, Transponder will retrieve certificates for your server.

Option 5: Self-signed certificates

Get your certificates and place them into certs/ directory next to this docker-compose.yaml file. Then, set these environment variables in the .env file:


Starting the server

To start the server:

docker-compose up -d

You can view server logs here:

docker-compose logs

Accessing admin dashboard

By default, admin dashboard can be accessed on port 9300 (https://your-server-domain:9300).