MTE Relay Server Tool

DOMAIN_MAP Builder

Configure one or more domains for MTE Relay Server, validate your settings, and copy a ready-to-use DOMAIN_MAP environment variable value.

DOMAIN_MAP docs →

Domain Configuration

1 domain

Mode

Client-to-server relay

Domain 1

HostThe exact Host header value the relay receives, e.g. "relay.example.com" or "api.host:8443". Use "*" as a wildcard fallback.Host is required.

Upstream URL requiredThe backend service to forward decoded requests to.Upstream URL is required.

CORS Origins requiredComma-separated list of allowed browser origins. Use * to allow all, or specify exact origins like https://app.example.com.

Client ID SecretSecret used to sign and validate relay client IDs. Minimum 32 characters. Leave blank to let the server auto-generate one — set explicitly for stable production behavior.

32 / 32 min

CORS Methods optionalAllowed HTTP methods for CORS responses. Default: GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS, CONNECT, TRACE.

Pass-through Routes optionalComma-separated regex patterns for routes that bypass MTE encryption, e.g. /health, /metrics. Must start with /.

⚠2 validation issues — fix them to enable output.

Complete the form to generate output

Formatted JSON

{
  "your-domain.com": {
    "upstream": "...",
    ...
  }
}

Use this to review or document your configuration.

One-line DOMAIN_MAP value

{"your-domain.com":{"upstream":"...", ...}}

Paste this directly as the value for the DOMAIN_MAP environment variable in your container or shell configuration.

Host matching reference

MTE Relay Server matches the incoming Host header against your DOMAIN_MAP keys using exact, case-insensitive matching.

https://api.example.com/users → Host: api.example.com
https://api.example.com:8443/users → Host: api.example.com:8443
Use "*" as a fallback that matches any host not matched by a specific key.
If no match is found and there is no wildcard, the request is rejected with 404.