Selfhosted Nestri Relay
Should I Self-Host a Nestri Relay?
If you want to use and enjoy the simplicity of the Nestri ecosystem, then you should not set up the Nestri Relay locally. Our free BYOG (Bring Your Own GPU) plan includes free shared relay access, which we highly recommend for those who want to start playing quickly on their own hardware without additional setup.
However, if you prefer to install and manage the Nestri Relay yourself, there are some important considerations to keep in mind.
Important Considerations for Self-Hosting Nestri Relay
- WebRTC and Firewall Issues
- WebRTC, by default, attempts to access your public IP even if both the relay and Nestri Node are on the same local network.
- This behavior can cause firewalls to block traffic, as the connection may attempt to access itself, resulting in connection failures.
- Unordered Third
- Recommended Deployment Strategy
- Instead of hosting the relay on your local network, we strongly recommend deploying the Nestri Relay on a VPS (Virtual Private Server) in the cloud.
- Using a cloud-based VPS minimizes potential firewall conflicts and ensures a more stable connection between your Nestri Node and the relay.
If you're set on self-hosting despite the potential challenges, proceed with caution and ensure you have a proper understanding of firewall configurations and networking setups to mitigate connectivity issues.
Self-hosted Nestri Relay
For those who prefer full control over the Nestri stack, it is possible to self-host the Nestri Relay. However, setting this up can be a bit complex, as it requires SSL Certificates for secure communication between your Nestri Node and your gaming devices. There are three main options:
- Let's Encrypt Certificate: This is the most common certificates for self-hosting and requires a domain name. You can generate a certificate using tools like certbot or acme.sh. Let's Encrypt provides free SSL certificates that are trusted by most browsers and are relatively straightforward to set up.
- Purchased SSL Certificate: The easiest option for most users is to buy an SSL certificate from a trusted Certificate Authority (CA). This option eliminates much of the hassle involved with certificate generation and renewals, as these certificates are already trusted by browsers and don’t require as much manual setup.
While self-hosting offers more flexibility, most users will find the Nestri-hosted Relay to be the easiest and most reliable option for getting started with cloud gaming on Nestri. This hosted relay is available to everyone using the BYOG package and requires no configuration.
Prerequisites
- Server Requirements:
- Ensure port 443 is open for both TCP and UDP (
:443/udp & :443/tcp
). - The server should have at least 6-8GB RAM and 2 vCPUs.
- Supports both ARM or AMD64 architecture.
- Ensure port 443 is open for both TCP and UDP (
- Software Requirements:
- Docker and
docker-compose
must be installed on the server. You can use this installation script to set up Docker. - Git must be installed to clone the necessary repository.
- Docker and
- Certificates:
- You will need both private and public SSL certificates. It is recommended to use certificates from a trusted Certificate Authority (CA), either by using Let's Encrypt or purchasing a commercial SSL certificate, for secure communication. Avoid using self-signed certificates, as they can lead to compatibility issues and security warnings in browsers.
Self-hosted Nestri Relay with an Reverse Proxy
Caddy
As caddy user you can use the following docker-compose.yml file:
The Caddyfile should look like this:
Please modify it to your needs and replace the placeholder values with your own. You should also setup the Caddyfile to match your domain.
Traefik
As traefik user you can use the following docker-compose.yml file:
Please modify it to your needs and replace the placeholder values with your own.
Where to find the relay compose files?
You will also find the relay compose files in our github repository.