Relay Deployment using VMWare 6.5 Image

Article author
Fikayo Adepoju
  • Updated


Download and the Extract Image

Download the ESXi image here. Extract the folder and import the 2 files Relay.ovf and Relay-disk1.VMDK to the new VM.

Use the following credentials for the image:

user: dnsfilter

pass: ChangeMeNow!

Modify Relay Configuration with your sitekey

A sample config file has been attached to the image already (same as shown below). 

You will need to create a Deployment site in our UI and then find the associated sitekey Local Domains and the IP for your local DNS (ex: Active Directory) can optionally be configured. The config file can be found at /etc/relay/relay.conf if you choose an installation method where manual manipulation of the config is required.

# Proxy listening address, optional, defaults to :53
 #listen_addresses = [ "" ]
 # SO reuse port true/false, defaults to false
 so_reuse_port = true

 # Desired upstream use order, defaults to "udp", "tcp", "tcp-tls", set only one to disable the others
 upstream_order = [ "udp", "tcp", "tcp-tls" ]

 # Console error log, defaults to "error"
 # Set to "debug" for troubleshooting
 level = "error"

 name = "Your Network"
 secret_key = "somesecretkey"

  # Local DNS servers to forward domain specific requests

 #addresses = [ "", "" ]
 #local_domains = [ "local.domain", "my.lan" ]

 # The sections below are for testing purposes only
 # ------------------------------------------------
 # "Normal" Upstream servers, defaults to DNSFilter DNS Servers and
 #ip_address = ""
 # Optional, defaults to 53
  #port = 53

 # "TLS" Upstream servers, defaults to DNSFilter DNS-over-TLS Servers and
 #auth_name = ""
 #ip_address = ""
 # Optional, defaults to 853
 #port = 853
 # Optional, useful for self-signed certs
 #digest = "sha256"
 #hash = "lrdOgE4H0RyJiSVe9360dSqUu8w0iA8O1cjAsUMijAY="
 #digest = "sha256"
 #hash = "this is an invalid hash"

In order to modify the relay.conf configuration file at `/etc/relay/relay.conf`. You can modify this file by using a text editor.

Example below, using Vim: 

vi /etc/relay/relay.conf

Set the "secret_key" to that of your site. You can find the Relay secret key for your deployment here.

See below an example of the edited relay configuration file:


Next, you need to have docker-compose installed in your VM. You can find more details on docker-compose here.

You will need to create a docker-compose.yml file in the same directory as relay.conf. The YAML file below contains the configuration to get you all set up.

Below is an example of the docker-compose.yml file:

version: '3'



image: dnsfilter/relay:latest

network_mode: host


   - "./relay.conf:/go/bin/relay.conf"

restart: unless-stopped


This configuration assumes that you have a relay configuration file relay.conf at the same location as the docker-compose YAML file.

With this in place, if you run the `ls` command, you should have the files shown below in your current directory:


Setup a static IP using netplan

Your deployment will likely need a static IP address set on the Relay server. Ubuntu uses netplan for network settings. More information can be found on Canonical's netplan website. Here are the steps for Ubuntu:

  1. First edit the cloud init file. nano /etc/netplan/50-cloud-init.yaml
                version: 2
                renderer: networkd
                    dhcp4: no
                        addresses: [,]
  2. Change the addresses to the desired static IP and change enp0s3 to the correct interface name which would need to be discovered on the host.

See below an example: 


Finally, run "netplan apply" to effect the changes.

Change VM to a bridged network (from NAT)

The Relay’s Ubuntu image requires your network interface to run in bridged mode instead of NAT, however, the EXSi VMware doesn’t have a bridged mode. Because of this, you would need to run an opensource Firewall/Router utility as a VM within your  ESXI Vmware.

If you have already connected your VM to a proper Firewall box, whatever you connect to the LAN port of the Firewall will be in bridged mode, this step will not be needed.

In this example, we would use the pfSense Firewall VM to achieve this. You would need a minimum of 2 Network Interface Cards, one for LAN and another for WAN. The LAN Virtual Switch (vSwitch) would do the bridging so ensure that you connect the Relay VM to the LAN vSwitch.

Start Docker Service

Finally, start the docker service by running the following commands:

sudo systemctl enable docker.service

sudo systemctl start docker.service



Was this article helpful?

0 out of 6 found this helpful

Have more questions? Submit a request



Article is closed for comments.