LetUsMsg

LUM Relay Binary

LetUsMsg relays are single static binaries — no external dependencies, minimal RAM, and designed to be ephemeral so you can rebuild or rotate them quickly. Supported builds: Linux AMD64, Linux ARM64, macOS Intel, and macOS Apple Silicon. All releases are signed and container-ready.

  • Single Go binary (lum-relay) deployable via Docker or Kubernetes.
  • Cosign‑signed images, non‑root, read‑only, zero disk writes.
  • gRPC APIs over HTTP/2 with mutual TLS.

Deploy Now

Download Relay

Download the file for you architecture and rename to ’lum-relay'

Download Linux AMD64 Download Linux ARM64 Download macOS Intel (AMD64) Download macOS Apple Silicon

Previous Releases

Linux AMD64

Linux ARM64

macOS Intel

macOS Apple Silicon

🚧 [WIP] Run Locally – Docker Compose

Status: Work in progress; steps may change.

Save the following in docker-compose.yml:

version: "3.9"
services:
  lum-relay:
    image: ghcr.io/lum/lum-relay:latest
    restart: always
    read_only: true
    tmpfs:
      - /tmp
    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges:true
    ports:
      - "19760:19760"
    environment:
      RELAY_TLS_CERT: /run/secrets/tls.crt
      RELAY_TLS_KEY: /run/secrets/tls.key
    secrets:
      - tls.crt
      - tls.key
secrets:
  tls.crt:
    file: ./secrets/tls.crt
  tls.key:
    file: ./secrets/tls.key

Then build and run:

docker compose up

Messages remain in memory only; relays expire in roughly seven days by default.

🚧 [WIP] Run on Kubernetes – K3s or Cloud

Status: Work in progress; charts and values are still being finalized.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: lum-relay
spec:
  replicas: 2
  template:
    spec:
      containers:
      - name: relay
        image: ghcr.io/lum/lum-relay:latest
        ports:
          - containerPort: 19760
        volumeMounts:
          - mountPath: /tmp
            name: tmp-storage
        securityContext:
          runAsNonRoot: true
          readOnlyRootFilesystem: true
          capabilities:
            drop: ["ALL"]
        env:
          - name: RELAY_TLS_CERT
            value: /run/secrets/tls.crt
          - name: RELAY_TLS_KEY
            value: /run/secrets/tls.key
      volumes:
        - name: tmp-storage
          emptyDir:
            medium: Memory

Apply it with:

kubectl apply -f relay.yaml

Use the same manifest on K3s, EKS, GKE, or AKS. All storage uses emptyDir.medium: Memory; nothing touches disk.

Default Rotation and Lifetimes

ParameterDefaultDescription
Relay TTL7 daysAutomatic rotation
Grace period48 hOverlap window for message pulls
Message TTL72 hCache expiry
Cipher rounds100 (default)Configurable per channel

Own your infrastructure. Control your encryption. Leave nothing behind.