Self-hosted file transfer with a passphrase that works anywhere. Files go peer-to-peer between any two devices. The relay never sees your bytes.
Try it: airpipe.sanyamgarg.com
- Sender picks a file. Gets a passphrase like
RIVER FALCON MARBLE 42. - Receiver types it at the homepage, runs
airpipe download <PHRASE>, or scans the QR. - Both pair through the relay, then the file streams directly between them over WebRTC.
- If the receiver isn't online yet, the sender can pick "mailbox" mode instead. The relay holds the encrypted file for 10 minutes.
Same passphrase works for both modes. Receiver doesn't need to know which one the sender chose.
docker run -p 8080:8080 ghcr.io/sanyam-g/airpipe-relayThat's it. One Go binary, ~15 MB image. Bundles the landing page, browser sender/receiver, and the install script.
Or with the bundled docker-compose.yml (includes an opt-in Watchtower sidecar that auto-pulls new images):
git clone https://github.com/Sanyam-G/Airpipe
cd Airpipe
docker compose up -dPoint the CLI at your relay (per-call):
airpipe --relay https://your-server.example send file.txtOr set it permanently:
export AIRPIPE_RELAY=https://your-server.example
airpipe send file.txtEnv vars if you want to tune things:
| Var | Default | Notes |
|---|---|---|
PORT |
8080 |
|
AIRPIPE_ALLOWED_ORIGINS |
http://localhost:8080,http://127.0.0.1:8080 |
Comma-separated origins for CORS. Set to the domain(s) you host from. Use * to allow any. |
AIRPIPE_RATE_LIMIT_PER_MIN |
60 |
|
AIRPIPE_LOG_FORMAT |
json |
Or text. |
Install:
curl -sSL https://airpipe.sanyamgarg.com/install.sh | shOr via Go:
go install github.com/Sanyam-G/Airpipe/cmd/airpipe@latestSelf-update later: airpipe update. Linux + macOS + Windows, amd64 + arm64.
On Windows, grab airpipe-windows-amd64.exe from the latest release and put it on your PATH.
airpipe send report.pdfYou get a prompt: direct (P2P) or mailbox (relay holds it 10 min). Pick one. The CLI shows a passphrase, a QR, and a link.
airpipe download RIVER FALCON MARBLE 42Multiple files or a folder get auto-zipped:
airpipe send file1.txt photos/airpipe receive ./downloadsPrints a QR. Phone scans it, drops a file, the file lands in ./downloads. Direct WebRTC, fallback to relay if NAT punching fails.
Open airpipe.sanyamgarg.com/live. Get a passphrase + QR. Receiver types the passphrase at the homepage in their browser. Both pair, sender drops a file. No CLI, no app, no account.
NaCl secretbox (Poly1305 + XSalsa20, 256-bit key) on top of DTLS for the live path. The key never leaves the side that generated it. The relay only sees a 16-char room token and ciphertext.
The passphrase derives both the relay token and the encryption key via SHA-256 with domain separation. Same algorithm on CLI and browser.
Go relay (gorilla/websocket, pion/webrtc), embedded HTML/CSS/JS frontend (tweetnacl.js for browser crypto), Docker, Cloudflare Tunnel optional. Single static binary.
MIT