Arqut

Arqut Community Edition

Complete guide for installing and configuring Arqut Community Edition (CE), a self-hosted VPN and networking solution with WebRTC-based peer-to-peer connectivity.

Overview

Arqut Community Edition consists of three main components that work together to provide secure remote access:

1. Arqut Server

Cloud/Central Server

  • TURN/STUN services for NAT traversal
  • WebRTC signaling for peer discovery
  • REST API for credential management
  • Automatic TLS via Let's Encrypt

2. Arqut Edge

Edge Device/Gateway

  • WireGuard VPN connectivity
  • WebRTC P2P connections
  • Local network proxy & routing
  • Integration with central server

3. Mobile App

iOS & Android

  • Works with both cloud and self-hosted
  • Configure server hostname
  • API key authentication
  • Secure tunnel management

Architecture

Server

WebRTC Signal

Edge

Local Net

Clients

iOS / Android

Connection Types

Direct P2P (when NAT allows)
Signaling (always)
TURN Relay (CGNAT fallback)

Prerequisites

For Server Installation

  • Public server with static IP (VPS, cloud instance, or dedicated server)
  • OS: Linux (Ubuntu 20.04+, Debian 11+, CentOS 8+)
  • CPU: 1+ cores (2+ recommended)
  • RAM: 512MB minimum (2GB+ recommended)
  • Domain name with DNS access (for TLS certificates)
  • Go 1.24+ (for building from source)

For Edge Installation

  • Local server or device (PC, Raspberry Pi, NAS, etc.)
  • OS: Ubuntu, Debian, or Raspberry Pi OS
  • CPU: 1+ cores
  • RAM: 512MB minimum (1GB+ recommended)
  • Network: Can reach the internet and local network

Network Requirements

Server (must be publicly accessible):

  • • Port 3478 UDP/TCP - TURN/STUN
  • • Port 5349 TCP - TURN over TLS
  • • Port 9000 TCP - REST API + WebSocket
  • • Port 80 TCP - HTTP (for Let's Encrypt)
  • • Port 443 TCP - HTTPS (optional)
  • • Ports 49152-65535 UDP - TURN relay ports

Edge (local network):

  • • Port 3030 TCP - Edge API (configurable)
  • • WireGuard ports as needed

Installation Steps

1

Install Arqut Server (Cloud)

The server must be installed first as it generates the API key needed by edge devices.

📖 Follow the detailed guide: Server Setup Guide

Quick summary:

  1. Build or download the server binary
  2. Generate API key: arqut-server apikey generate
  3. Configure domain, email, and network settings
  4. Set up DNS records pointing to your server
  5. Configure TLS certificate auto-renewal
  6. Start the server and verify it's running

Important: Save the generated API key securely - you'll need it for edge installation.

2

Install Arqut Edge (Local Network)

Once the server is running, install edge devices on your local network.

📖 Follow the detailed guide: Edge Setup Guide

Quick summary:

  1. Download and install edge binaries
  2. Configure with server URL and API key from Step 1
  3. Set up systemd services
  4. Start the edge service
  5. Verify connection to cloud server
3

Connect Mobile App

Configure the mobile app to connect to your self-hosted server.

Configuration steps:

  1. Download Arqut app from App Store (iOS) or Google Play (Android)
  2. Login to your account or register
  3. Open the app and navigate to Profile tab
  4. Scroll down to "Setup CE Server" section
  5. Enter your server configuration:
    • Server URL (ssl): Your server's API endpoint (e.g., https://yourdomain.com:9000/api/v1)
    • API Key: The key you generated in Step 1 (starts with arq_)
  6. Tap CONNECT button
  7. Verify the connection is successful

💡 Tip: Make sure your server is accessible from the internet and has a valid SSL certificate for secure connections.

Mobile App Setup

Environment Variables

Server Environment Variables

VariableDescriptionDefaultRequired
-Server uses config.yaml--

Edge Environment Variables

VariableDescriptionDefaultRequired
ARQUT_API_KEYAPI key from server-Yes
CLOUD_URLServer WebSocket URL-Yes
SERVER_ADDREdge API listen address:3030No
DB_PATHDatabase file path./data/edge.dbNo

WSL Users: If you encounter SQLite errors on WSL, use: DB_PATH=/tmp/arqut-edge.db

Troubleshooting

Server won't start:

  • • Check logs: journalctl -u arqut-server -n 50
  • • Verify ports aren't in use: sudo lsof -i :9000
  • • Confirm DNS is resolving: dig turn.yourdomain.com

Edge can't connect:

  • • Verify API key is correct
  • • Check server URL is reachable: curl https://yourdomain.com:9000/api/v1/health
  • • Review edge logs: journalctl -u arqut-edge -f
  • • Confirm firewall allows outbound HTTPS

Certificate issues:

  • • Verify DNS points to server IP
  • • Check port 80 is open (HTTP-01 challenge)
  • • Review ACME logs in server output
  • • Test with staging CA first

Next Steps

After successful installation:

  1. Configure clients to connect to your edge device
  2. Set up monitoring for both server and edge
  3. Review security settings and harden as needed
  4. Enable automatic updates for edge devices
  5. Configure backups for configurations and certificates

Getting Help

Community & Support