Latest Stable — v1.6.30
Download Fluxheim
Pre-built Linux binaries for x86_64 and ARM64, plus macOS developer builds. Released June 23, 2026.
Full
Recommended
Full Production Build
All stable production modules: proxy, web, cache, compression, load balancing, raw TCP stream proxying, TLS (rustls), PHP-FPM, ACME client, GeoIP/Geo-Context, security hardening, metrics, and OpenTelemetry.
Static serving + reverse proxy + PHP-FPM
Cache backends (memory, disk, tiered)
gzip, zstd, and Brotli compression
TLS + managed ACME renewal
Local GeoIP country/ASN context
Hardened TCP stream proxying
Prometheus + OpenTelemetry
~10.3 MB binary
Load Balancer
New
Load Balancer Edge
Focused HTTP/TCP load-balancer build without cache, static web, PHP, GeoIP, stream proxying, or traffic mirroring.
Advanced pool selection
Drain, disable, force-down
Hardened LB core
TLS + managed ACME renewal
PHP
Managed PHP-FPM
PHP Application Build
Static web + reverse proxy + PHP-FPM FastCGI bridge. Ideal for WordPress and PHP front-controller apps. No cache module compiled.
PHP-FPM FastCGI bridge
Static asset serving from same root
TLS + managed ACME renewal
~8.9 MB binary
Cache
Cache Edge Build
Focused cache edge without local static web serving. Includes proxy, cache, compression, TLS, and ACME. Ideal for CDN-style deployments.
Reverse proxy + cache
Cache-safe compression controls
TLS + managed ACME renewal
No static web module compiled
~6.8 MB binary
Proxy
Proxy Edge Build
Focused reverse proxy without cache, static web, or the dedicated load-balancer module. Designed for pure reverse-proxy deployments with TLS, ACME, compression, and upstream resilience.
Reverse proxy only
ACLs, rate limits, retries, health checks
TLS + managed ACME renewal
No cache or web module compiled
~5.8 MB binary
Platform Downloads
Production Linux builds plus Level 1 macOS developer tarballs.
| Build | Linux x86_64 | Linux ARM64 | macOS dev |
|---|---|---|---|
| Full | x86_64-linux | aarch64-linux | Apple Silicon |
| PHP | x86_64-linux | aarch64-linux | - |
| Load Balancer | x86_64-linux | aarch64-linux | - |
| Cache | x86_64-linux | aarch64-linux | - |
| Proxy | x86_64-linux | aarch64-linux | - |
| Config tester | x86_64-linux | aarch64-linux | - |
Installation
bash — tarball installation
# 1. Download the full Linux build tarball
# Use aarch64-linux instead of x86_64-linux on ARM64 servers.
curl -L https://github.com/valkyoth/fluxheim/releases/download/v1.6.30/fluxheim-1.6.30-full-x86_64-linux.tar.gz \
-o fluxheim-1.6.30.tar.gz
# 2. Verify and extract
tar xzf fluxheim-1.6.30.tar.gz
# 3. Move binary and helper tools to system path
sudo mv fluxheim /usr/local/bin/
sudo mv fluxheim-acme /usr/local/bin/ # ACME companion
sudo mv fluxheim-config-tester /usr/local/bin/ # Config validator
# 4. Create config directory and add your config
sudo mkdir -p /etc/fluxheim /srv/fluxheim
sudo cp packaging/default/fluxheim.toml /etc/fluxheim/fluxheim.toml
# 5. Validate config
fluxheim --check-config --config /etc/fluxheim/fluxheim.toml
# 6. Run directly (or see Systemd tab for service setup)
sudo fluxheim --config /etc/fluxheim/fluxheim.tomlbash — rootless Podman
# Pull GHCR images (full, load-balancer, cache, proxy, and PHP variants)
podman pull ghcr.io/valkyoth/fluxheim:v1.6.30 # full
podman pull ghcr.io/valkyoth/fluxheim:v1.6.30-load-balancer # load balancer
podman pull ghcr.io/valkyoth/fluxheim:v1.6.30-cache # cache edge
podman pull ghcr.io/valkyoth/fluxheim:v1.6.30-proxy # proxy edge
podman pull ghcr.io/valkyoth/fluxheim:v1.6.30-php # managed PHP-FPM
# Same build set is available on Quay
podman pull quay.io/valkyoth/fluxheim:v1.6.30
podman pull quay.io/valkyoth/fluxheim:v1.6.30-load-balancer
podman pull quay.io/valkyoth/fluxheim:v1.6.30-cache
podman pull quay.io/valkyoth/fluxheim:v1.6.30-proxy
podman pull quay.io/valkyoth/fluxheim:v1.6.30-php
# Run rootless — internal ports 8080 and 8443
podman run -d \
--name fluxheim \
--restart unless-stopped \
-p 8080:8080 \
-p 8443:8443 \
-v /srv/sites:/srv/sites:ro \
-v /srv/fluxheim/certs:/etc/fluxheim/certs:rw \
-v ./fluxheim.toml:/etc/fluxheim/fluxheim.toml:ro \
ghcr.io/valkyoth/fluxheim:v1.6.30
# Check logs
podman logs -f fluxheimbash — systemd service
# The tarball includes a hardened systemd unit
sudo cp packaging/systemd/fluxheim.service /etc/systemd/system/
# Create the fluxheim system user
sudo useradd -r -s /sbin/nologin -d /var/lib/fluxheim fluxheim
# Set up directories
sudo mkdir -p /etc/fluxheim /srv/fluxheim /var/log/fluxheim
sudo chown fluxheim:fluxheim /srv/fluxheim /var/log/fluxheim
# Reload systemd and enable the service
sudo systemctl daemon-reload
sudo systemctl enable --now fluxheim
# Check status
sudo systemctl status fluxheim
sudo journalctl -u fluxheim -fNote: The packaged systemd unit uses CAP_NET_BIND_SERVICE so Fluxheim can bind to ports 80 and 443 without running as root. The unit file includes security hardening options.
bash — managed ACME certificate issuance
# Fluxheim ships with acme-init for guided certificate setup
# Let's Encrypt (HTTP-01)
sudo fluxheim acme-init letsencrypt
# Actalis (free EAB-capable issuer)
sudo fluxheim acme-init actalis
# The companion tool fluxheim-acme handles renewal for
# container and external service-manager deployments
fluxheim-acme status
fluxheim-acme renew
fluxheim-acme reloadfluxheim.toml — ACME config
[[vhosts]]
name = "site"
hosts = ["example.com", "www.example.com"]
[vhosts.tls]
enabled = true
[vhosts.tls.acme]
enabled = true
# issuer = "letsencrypt"System Requirements
Supported Platforms
- Linux x86_64 (kernel 4.14+)
- Linux ARM64 / aarch64
- macOS developer binaries only
Container Images
All release image builds are published on GHCR and Quay.
- Wolfi (minimal, hardened)
- Full, load-balancer, cache, proxy, and PHP image profiles
- Alpine Linux
- SUSE Micro
- Debian
- Published on GHCR and Quay
All Releases
View all on GitHub →| Version | Date | Highlights | Downloads |
|---|---|---|---|
|
v1.6.0 – v1.6.30
Latest series
|
June 2026 | Native-runtime cutover line: Pingora-exit foundations, Fluxheim-owned HTTP/1 and HTTP/2 paths, native TLS/listener previews, route proxy/static-web parity, compression and error pages, forwarded-header policy, auth-request, traffic mirroring, rate limits, gRPC validation, pooled upstream HTTP/2, and hardened runtime evidence. | All on GitHub |
| v1.5.0 - v1.5.23 | June 2026 | Enterprise load-balancer and runtime-ownership line: focused load-balancer binaries/images, runtime member and weight controls, managed affinity cookies, stream and HTTP boundary work, active and protocol-aware health checks, service discovery, background task ownership, cache crate boundaries, UDP beta guardrails, origin-protection budgets, ARM/macOS assets, and broad security hardening. | All on GitHub |
| v1.4.0 – v1.4.7 | May 2026 | Proxy operations line with production proxy parity, richer route policy, traffic mirroring, dynamic upstream discovery, modular runtime/config split, Apple Silicon and Linux ARM64 release assets, GeoIP/Geo-Context, config-tester archives, and hardened TCP stream proxying | All on GitHub |
| v1.3.0 – v1.3.7 | May 2026 | PHP-FPM production line, managed php-fpm supervision, config tester and ACME companion binaries, FIPS/ISO validation tracks, focused cache/proxy profiles, and security hardening | All on GitHub |
| v1.2.0 – v1.2.6 | May 2026 | Cache and observability baseline with route-scoped cache policy, memory/disk/tiered backends, encrypted disk cache, peer fill, range caching, Prometheus, and OpenTelemetry export | All on GitHub |
| v1.1.x | 2026 | Certificate operations line with TLS policy profiles, multi-certificate rustls SNI, managed ACME issuance and renewal, EAB-capable issuers, file-backed TLS secrets, and renewal units | All on GitHub |
| v1.0.0 | 2026 | Gateway foundation with vhost routing, route-level static/proxy/redirect actions, static file serving, reverse proxying, rustls TLS, admin control-plane, secure headers, systemd packaging, and rootless containers | GitHub |
| v0.5.0 | Pre-release | First public pre-release milestone before the stable 1.x gateway line | GitHub |
See Changelog for detailed release notes.