Self-Hosting the Relay
The relay is a lightweight Rust binary that routes encrypted messages between peers. It holds channels in memory only — no database, no persistent storage, no breach risk.
Build from Source
bash
cd walletpair-websocket-relay
cargo build --release
./target/release/walletpair-relay --config config.tomlConfiguration
config.toml
[server]
host = "0.0.0.0"
port = 8080
[limits]
max_channels = 10000
[rate_limit]
# Per-IP rate limiting
enabled = trueEndpoints
| Path | Purpose |
|---|---|
/v1 | WebSocket endpoint (requires walletpair.v1 subprotocol header) |
/healthz | Liveness probe — always returns 200 |
/readyz | Readiness probe — returns 503 if at capacity |
/metrics | Prometheus metrics export |
Deployment
The relay is a single binary with no external dependencies. Deploy it anywhere you can run a process:
- Docker — planned but not yet available
- Bare metal / VM — just run the binary with a config file
- Cloud Run / Fly.io — works well for low-ops deployment
The relay is stateless, so horizontal scaling is straightforward: run multiple instances behind a load balancer. Each channel lives on a single relay instance.
Security Notes
- The relay never sees decrypted payloads
- No persistent storage means no data to breach
- Rate limiting and channel limits protect against resource exhaustion
- All WebSocket connections require the
walletpair.v1subprotocol - Consider TLS termination (via reverse proxy) for production deployments