vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-02 21:40:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
Pulse/docs/RELAY.md
rcourtman d76e8fc58c Promote relay public rollout posture
2026-03-28 19:07:37 +00:00

4.4 KiB
Raw Blame History

Relay / Mobile Remote Access (Relay and Above)

Pulse Relay provides end-to-end encrypted remote access foundations for Pulse instances. It allows secure remote connectivity without exposing your Pulse server to the public internet.

Supported Pulse Mobile clients pair from Settings → Relay using a QR code or deep link and connect through Pulse Relay over end-to-end encrypted remote access.

How It Works

┌──────────┐         ┌──────────────┐         ┌──────────┐
│  Mobile   │◄──E2E──►│  Relay       │◄──WSS──►│  Pulse   │
│  App      │  ECDH   │  Server      │         │  Server  │
└──────────┘         └──────────────┘         └──────────┘
  1. Your Pulse server maintains a persistent WebSocket connection to the relay server.
  2. A mobile client connects to the relay server and authenticates.
  3. An ECDH key exchange creates a per-channel encryption key.
  4. All monitoring data is encrypted end-to-end — the relay server never sees plaintext data.

Quick Start

  1. Go to Settings → Relay.
  2. Toggle relay On.
  3. Use the QR Code or Deep Link to pair a supported Pulse Mobile client.
  4. Your paired mobile client connects through relay.

Requirements

  • Relay, Pro, Pro+, or Cloud license — relay is gated by the relay feature key.
  • Outbound WebSocket — Pulse must be able to reach relay.pulserelay.pro (port 443).
  • No inbound ports — you do not need to open any ports on your firewall.

Security

Relay was designed with a zero-trust model:

Property Detail
Encryption End-to-end ECDH key exchange per channel
Plaintext Relay server never sees your monitoring data
Authentication Per-session mobile authentication
Back-pressure Data limiters prevent channel flooding
License-gated Requires an active Relay-or-higher license
Configurable Can be enabled/disabled at any time via Settings
Audit Relay connection events are logged to the audit trail

Configuration

UI

Settings → Relay — toggle on/off, view QR code, and manage relay pairing sessions.

Environment Variables

Variable Description Default
PULSE_RELAY_ENABLED Enable/disable relay false
PULSE_RELAY_SERVER Override relay server URL relay.pulserelay.pro

Storage

Relay configuration is stored encrypted in relay.enc in the Pulse data directory.

API Reference

Method Endpoint Scope Description
GET /api/settings/relay settings:read Get relay status and config
PUT /api/settings/relay settings:write Update relay settings
POST /api/onboarding/qr settings:read Generate mobile onboarding QR code
POST /api/onboarding/deep-link settings:read Generate mobile deep link

Mobile App Setup

iOS / Android

  1. Join mobile early access when available.
  2. Open the app and tap Connect to Server.
  3. Scan the QR code from Settings → Relay in your Pulse web UI.
  4. The app connects via the relay and begins showing live data.

Multiple Servers

The mobile app supports connecting to multiple Pulse instances. Each connection has its own encrypted channel.

Troubleshooting

Relay showing "Disconnected"

  1. Confirm your Relay, Pro, Pro+, or Cloud license is active (Settings → License).
  2. Verify the Pulse server can reach the relay server: 
    curl -s https://relay.pulserelay.pro/healthz
  3. Check Pulse logs for relay errors: 
    journalctl -u pulse | grep -i relay
# or
docker logs pulse | grep -i relay

Mobile app can't connect

  1. Verify relay is enabled in Settings → Relay.
  2. Confirm your mobile account has beta access.
  3. Re-scan the QR code — sessions can expire.
  4. Ensure your mobile device has internet access.

Data not updating on mobile

  1. Check the relay connection status in Settings → Relay.
  2. Look for WebSocket reconnection messages in Pulse logs.
  3. Restart the mobile app.

See Also