Configuration Reference

All options can be set in config/relayly.yaml or overridden via environment variables using the RELAYLY_ prefix (e.g. RELAYLY_PORT=9090).

Full Config Reference

Key	Default	Description
`host`	`0.0.0.0`	Listen address for the relay WebSocket server
`port`	`8080`	Relay WebSocket port
`db.path`	`./data/relayly.db`	Path to the SQLite database file
`noise.key_path`	`./data/server.noise.key`	Path to the server Noise Protocol keypair
`admin.enabled`	`true`	Enable the admin UI server
`admin.host`	`127.0.0.1`	Admin server bind address
`admin.port`	`8081`	Admin server port
`log.level`	`info`	Log verbosity: `debug`, `info`, `warn`, `error`
`log.format`	`json`	Log format: `json` or `console`
`tls.enabled`	`false`	Enable TLS (or use a reverse proxy instead)

Example Config File

# config/relayly.yaml
host: 0.0.0.0
port: 8080

db:
  path: ./data/relayly.db

noise:
  key_path: ./data/server.noise.key

admin:
  enabled: true
  host: 127.0.0.1
  port: 8081

log:
  level: info
  format: json

tls:
  enabled: false

Environment Variables

Every config key maps to RELAYLY_<UPPER_KEY>:

RELAYLY_PORT=9090
RELAYLY_LOG_LEVEL=debug
RELAYLY_ADMIN_ENABLED=false
RELAYLY_DB_PATH=/data/custom.db

Security Checklist

Before going to production, verify:

Run behind TLS (Caddy / nginx)
Bind admin UI to 127.0.0.1 (the default, do not change to 0.0.0.0)
Mount /data as a persistent Docker volume
Back up /data/relayly.db and /data/server.noise.key
Rotate the server Noise keypair if the host is compromised

Warning: The admin UI has no authentication by default. Never expose it to the public internet.