- Use Case
- Log in →
- Security & Tech
- Webhook Forwarding
- Exec Commands
- WebSocket Server
- Functions guide
- Automating code updates
- HTTP Tunnels
- TLS Tunnels
- Global Infrastructure
- Ingress Controller (Tunnels)
- Webhook Relay Operator (Forwarding)
Internet of Things
- Home Automation
- Internet of Things (IoT)
- CLI commands
- Proxy Configuration
- Self-hosted deployment
- Client configuration
To start using self-hosted Webhook Relay tunnelling server, follow this guide. Tunnelling server is called Transponder.
Transponder image can be found at https://hub.docker.com/r/webhookrelay/transponder (
- HTTP/HTTPS tunnels
- Custom subdomains, domains
- WebSocket support
- TLS pass-through tunnels
- Dashboard UI
- Webhook Forwarding
To get a license key for self-hosted Webhook Relay version (Transponder) please email [email protected]. Proof-of-Concept trial licenses are available free of charge.
Various examples for deployment are available here: https://github.com/webhookrelay/transponder-deployment.
This is an example from https://github.com/webhookrelay/transponder-deployment/tree/master/webhook-forwarding.
First, clone repository:
git clone https://github.com/webhookrelay/transponder-deployment.git
- Create a new file
- Copy & paste contents of
.envand change the details such as admin username, password API key (key has to remain UUID format) and secret.
If you don’t need TLS in Transponder:
- Ensure that environment variables
MANAGED_DOMAINSaren’t set. Either remove them from the
.envfile or edit the
docker-compose.yamlto unset them.
healthchecksection in the docker-compose.yaml to use http:// instead of https://
RELAY_REQUIRE_TLS=falsein the agent to disable TLS for GRPC connections.
Alternatively, if you do need encryption for the agent and you are doing TLS termination in front of the Transponder, you can use
--ws flag when running forward command:
relay forward --ws -b my-bucket https://bin.webhookrelay.com/v1/webhooks/d1ea0a51-f317-4e8d-a641-067e96a46bc3
For TLS configuration you can choose between self-signed certificates and the ones provided by Let’s Encrypt.
For production instance, set CA_URL=https://acme-v02.api.letsencrypt.org/directory in your .env file. Although it’s recommended to first try out your setup with staging CA so you don’t hit Let’s Encrypt rate limits.
TLS-ALPN challenge is nice to use with webhook forwarding because you don’t need a wildcard cert and this method doesn’t require 3rd credentials from a DNS provider. Transponder uses this method by default, so just set this environment variable:
Your server must be reachable from the Internet (by Let’s Encrypt server).
It is recommended to use DNS challenge when you need a wildcard cert or your server is not reachable from the public Internet. Transponder supports Cloudflare as a DNS challenge provider. To use it instead of the TLS-ALPN challenge, set these additional variables:
This will ensure that during boot, Transponder will retrieve certificates for your server.
Get your certificates and place them into
certs/ directory next to this docker-compose.yaml file. Then, set these environment variables in the
To start the server:
docker-compose up -d
You can view server logs here:
By default, admin dashboard can be accessed on port 9300 (https://your-server-domain:9300).