Self-hosted deployment

To start using self-hosted Webhook Relay tunnelling server, follow this guide. Tunnelling server is called Transponder.

Transponder image can be found at https://hub.docker.com/r/webhookrelay/transponder (webhookrelay/transponder:latest).

Available features

Getting a license

To get a license key for self-hosted Webhook Relay version (Transponder) please email [email protected]. Proof-of-Concept trial licenses are available free of charge.

Installing on cloud providers

Cloud agnostic examples

Various examples for deployment are available here: https://github.com/webhookrelay/transponder-deployment.

Using Docker-Compose

This is an example from https://github.com/webhookrelay/transponder-deployment/tree/master/webhook-forwarding.

First, clone repository:

git clone https://github.com/webhookrelay/transponder-deployment.git
cd webhook-forwarding

Configuration

  1. Create a new file .env
  2. Copy & paste contents of .env.example file to .env and change the details such as admin username, password API key (key has to remain UUID format) and secret.

TLS Options

Option 1: No TLS (when your own firewall/load balancer does HTTPS termination)

If you don’t need TLS in Transponder:

Alternatively, if you do need encryption for the agent and you are doing TLS termination in front of the Transponder, you can use --ws flag when running forward command:

relay forward --ws -b my-bucket https://bin.webhookrelay.com/v1/webhooks/d1ea0a51-f317-4e8d-a641-067e96a46bc3

Option 2: TLS Configuration

For TLS configuration you can choose between self-signed certificates and the ones provided by Let’s Encrypt.

For production instance, set CA_URL=https://acme-v02.api.letsencrypt.org/directory in your .env file. Although it’s recommended to first try out your setup with staging CA so you don’t hit Let’s Encrypt rate limits.

Option 3: Let’s Encrypt certificates (TLS-ALPN challenge)

TLS-ALPN challenge is nice to use with webhook forwarding because you don’t need a wildcard cert and this method doesn’t require 3rd credentials from a DNS provider. Transponder uses this method by default, so just set this environment variable:

MANAGED_DOMAINS=your-domain.com

Your server must be reachable from the Internet (by Let’s Encrypt server).

Option 4: Using DNS challenge

It is recommended to use DNS challenge when you need a wildcard cert or your server is not reachable from the public Internet. Transponder supports Cloudflare as a DNS challenge provider. To use it instead of the TLS-ALPN challenge, set these additional variables:

CLOUDFLARE_EMAIL=your-cloudflare-account-email
CLOUDFLARE_API_KEY=your-cloudflare-api-key

This will ensure that during boot, Transponder will retrieve certificates for your server.

Option 5: Self-signed certificates

Get your certificates and place them into certs/ directory next to this docker-compose.yaml file. Then, set these environment variables in the .env file:

CERT_PATH=./certs/your-domain.pem
CERT_KEY_PATH=./certs/your-domain-key.pem

Starting the server

To start the server:

docker-compose up -d

You can view server logs here:

docker-compose logs

Accessing admin dashboard

By default, admin dashboard can be accessed on port 9300 (https://your-server-domain:9300).