Deployment

Production deployment guide for the HashRelay server and client.

Server — Recommended Specs

Size	Clients	Monthly Cost (est.)
1 vCPU / 512 MB	≤ 10	~$4 USD/mo
2 vCPU / 2 GB	≤ 100	~$12 USD/mo
4 vCPU / 8 GB	≤ 1000	~$40 USD/mo

Use providers with BGP anycast or CN2 routes for China↔overseas tunnels.

Using systemd (Recommended)

# /etc/systemd/system/hashrelay-server.service
[Unit]
Description=HashRelay Server
After=network.target

[Service]
Type=simple
User=hashrelay
ExecStart=/usr/local/bin/hashrelay-server --config /etc/hashrelay/server.toml
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl enable --now hashrelay-server

Using Docker

docker run -d \
  --name hashrelay-server \
  --restart always \
  -p 8080:8080 \
  -p 8443:8443 \
  -p 8444:8444/udp \
  -v /etc/hashrelay:/config \
  -v /var/lib/hashrelay:/data \
  hashrelay/server:latest --config /config/server.toml

Client — Linux (systemd)

curl -Lo /usr/local/bin/hashrelay-client \
  https://github.com/hashrelay/hashrelay/releases/latest/download/client-linux-x86_64
chmod +x /usr/local/bin/hashrelay-client

Client — Windows (NSSM)

nssm install HashRelayClient "C:\hashrelay\hashrelay-client.exe"
nssm set HashRelayClient AppParameters "--config C:\hashrelay\client.toml"
nssm set HashRelayClient Start SERVICE_AUTO_START
nssm start HashRelayClient

Firewall Rules

# Server: allow inbound
ufw allow 8443/tcp   # tunnel (TLS)
ufw allow 8444/udp   # tunnel (QUIC)
ufw allow 8080/tcp   # admin API (restrict in production)