Architecture
HashRelay is a relay proxy that tunnels Stratum mining traffic over an encrypted channel between your miners and the upstream mining pool.
Overview
┌─────────────────────────────────────────────────────────┐
│ Mining Farm (LAN) │
│ │
│ Miner ──┐ │
│ Miner ──┼──► HashRelay Client ──── Encrypted ──────► │
│ Miner ──┘ (local IP) Tunnel │ │
└──────────────────────────────────────────────────── │ ──┘
│
HashRelay Server
(public cloud VPS)
│
▼
Pool F2Pool / AntPool / …Key Components
Relay Server
The server runs on a cloud VPS with a stable public IP. It handles client authentication, port mapping, traffic routing, the admin REST API, and the web dashboard.
Relay Client
The client runs on a machine in the same LAN as the miners. It connects to the server over TLS/QUIC, exposes local TCP ports for miners, and handles automatic reconnection.
Transport Layer
| Mode | Description | Best For |
|---|---|---|
| tcp_tls | TCP with TLS 1.3 | Stable internet with firewall restrictions |
| tcp_encrypt | TCP + lightweight app-level encryption | High-throughput scenarios |
| quic | UDP/QUIC | Lossy or high-latency networks |
Security Model
- Mutual auth — Client authenticates with a secret token
- TLS 1.3 — All tunnel traffic encrypted in transit
- No credential exposure — Pool wallet addresses never leave the tunnel
- Audit logs — All connection events logged