Deploy the Relay

The relay server is a single Docker image. It handles WebSocket connections from the CLI/VS Code and forwards inbound HTTP requests to them.

Docker (recommended)

docker run -d \
  --name conduit-relay \
  --restart unless-stopped \
  -p 3000:3000 \
  -e CONDUIT_JWT_SECRET=$(openssl rand -hex 32) \
  -e STORAGE_ADAPTER=sqlite \
  -e SQLITE_PATH=/data/conduit.db \
  -e RELAY_DOMAIN=relay.yourdomain.com \
  -e RELAY_PROTO=https \
  -e RELAY_AUTH_REQUIRED=false \
  -v conduit-data:/data \
  ghcr.io/jimseiwert/conduit-relay:latest

Environment variables

Variable	Required	Default	Description
`CONDUIT_JWT_SECRET`	Yes	—	Secret used to sign slug tokens. Use `openssl rand -hex 32`.
`STORAGE_ADAPTER`	No	`memory`	`memory`, `sqlite`, or `postgres`
`SQLITE_PATH`	If sqlite	—	Path to the SQLite database file
`DATABASE_URL`	If postgres	—	Postgres connection string
`RELAY_DOMAIN`	No	`relay.conduitrelay.com`	Public domain for your relay (used in webhook URLs)
`RELAY_PROTO`	No	`https`	`http` or `https`
`RELAY_AUTH_REQUIRED`	No	`true`	Set to `false` for an open relay (recommended for self-hosted)
`RELAY_REGISTRATION_TOKEN`	No	—	Shared secret clients must provide to register slugs
`PORT`	No	`3000`	Port the relay listens on

With a reverse proxy (Caddy)

Put the relay behind Caddy for automatic HTTPS:

relay.yourdomain.com {
  reverse_proxy localhost:3000
}

Docker Compose

services:
  relay:
    image: ghcr.io/jimseiwert/conduit-relay:latest
    restart: unless-stopped
    ports:
      - "3000:3000"
    environment:
      CONDUIT_JWT_SECRET: your-secret-here
      STORAGE_ADAPTER: sqlite
      SQLITE_PATH: /data/conduit.db
      RELAY_DOMAIN: relay.yourdomain.com
      RELAY_PROTO: https
      RELAY_AUTH_REQUIRED: "false"
    volumes:
      - conduit-data:/data
 
volumes:
  conduit-data:

Verify the relay is running

curl https://relay.yourdomain.com/health
# {"status":"ok"}