Configuration Reference

server.toml

# ── Network ──────────────────────────────────────────────
[server]
api_addr    = "0.0.0.0:8080"
tunnel_addr = "0.0.0.0:8443"
quic_addr   = "0.0.0.0:8444"

# ── Auth ─────────────────────────────────────────────────
[auth]
token = "CHANGE_ME_USE_A_LONG_RANDOM_STRING"

# ── TLS ──────────────────────────────────────────────────
[tls]
cert_file = "/etc/hashrelay/tls.crt"
key_file  = "/etc/hashrelay/tls.key"

# ── Database ─────────────────────────────────────────────
[database]
driver = "sqlite"
path   = "/var/lib/hashrelay/hashrelay.db"

# ── Logging ──────────────────────────────────────────────
[log]
level  = "info"
format = "json"

client.toml

[client]
server_addr = "relay.example.com:8443"
token       = "CHANGE_ME_USE_A_LONG_RANDOM_STRING"
transport   = "tcp_tls"   # tcp_tls | tcp_encrypt | quic
label       = "farm-a"

[reconnect]
max_retries = 0      # 0 = unlimited
retry_delay = "5s"

[log]
level = "info"

Environment Variable Overrides

All config values can be overridden with HASHRELAY_ prefix and __ as separator:

export HASHRELAY_AUTH__TOKEN="my-secret"
export HASHRELAY_CLIENT__SERVER_ADDR="relay.example.com:8443"

TLS Certificate Setup (Let's Encrypt)

certbot certonly --standalone -d relay.yourdomain.com

HashRelay automatically reloads certificates on SIGHUP — no restart needed for cert renewals.