Containers
Tuwunel ships as a small, statically linked OCI image that runs unprivileged on any container runtime. Pick a deployment style based on how you already manage services on the host.
-
Docker. Pull prebuilt images from GHCR or Docker Hub, then run standalone or via one of the provided
docker-composestacks (with Caddy, Traefik, or a bring-your-own reverse proxy). -
Kubernetes. Community-maintained Helm chart for cluster deployments. Tuwunel itself does not scale horizontally, so the chart runs a single replica with persistent storage.
-
Podman with Quadlets. Rootless deployment managed by systemd user units, suited to single-host setups where containers should behave like native services.
Image registries
| Registry | Image | Tags |
|---|---|---|
| GitHub Registry | ghcr.io/matrix-construct/tuwunel | latest, preview, main |
| Docker Hub | docker.io/jevolk/tuwunel | latest, preview, main |
Three rolling tags trade update frequency for confidence.
| Tag | Source | Cadence | Use when |
|---|---|---|---|
:latest | Most recent tagged release | ~monthly | Production. Default choice. |
:preview | Selected higher-confidence updates | ~weekly | You want fixes between releases without chasing main. |
:main | Every reviewed merge to the main branch | ~daily | You track development and accept unknown-risk changes. |
For automated updates we strongly advise tracking :latest.