diff --git a/.gitignore b/.gitignore
index 3f2261c..b8ee807 100644
--- a/.gitignore
+++ b/.gitignore
@@ -79,4 +79,5 @@ sentry/config.yml
 sentry/*.bak
 sentry/requirements.txt
 relay/credentials.json
+relay/config.yml
 symbolicator/config.yml
diff --git a/install.sh b/install.sh
index f9e91c4..aea57a6 100755
--- a/install.sh
+++ b/install.sh
@@ -97,6 +97,7 @@ ensure_file_from_example $SENTRY_CONFIG_PY
 ensure_file_from_example $SENTRY_CONFIG_YML
 ensure_file_from_example $SENTRY_EXTRA_REQUIREMENTS
 ensure_file_from_example $SYMBOLICATOR_CONFIG_YML
+ensure_file_from_example $RELAY_CONFIG_YML
 
 if grep -xq "system.secret-key: '!!changeme!!'" $SENTRY_CONFIG_YML ; then
     echo ""
@@ -245,19 +246,6 @@ if [ ! -f "$RELAY_CREDENTIALS_JSON" ]; then
   echo "Relay credentials written to $RELAY_CREDENTIALS_JSON"
 fi
 
-RELAY_CREDENTIALS=$(sed -n 's/^.*"public_key"[[:space:]]*:[[:space:]]*"\([a-zA-Z0-9_-]\{1,\}\)".*$/\1/p' "$RELAY_CREDENTIALS_JSON")
-if [ -z "$RELAY_CREDENTIALS" ]; then
-  >&2 echo "FAIL: Cannot read credentials back from $RELAY_CREDENTIALS_JSON."
-  >&2 echo "      Please ensure this file is readable and contains valid credentials."
-  >&2 echo ""
-  exit 1
-fi
-
-if ! grep -q "\"$RELAY_CREDENTIALS\"" "$SENTRY_CONFIG_PY"; then
-  echo "SENTRY_RELAY_WHITELIST_PK = (SENTRY_RELAY_WHITELIST_PK or []) + ([\"$RELAY_CREDENTIALS\"])" >> "$SENTRY_CONFIG_PY"
-  echo "Relay public key written to $SENTRY_CONFIG_PY"
-  echo ""
-fi
 
 cleanup
 
diff --git a/relay/config.yml b/relay/config.example.yml
similarity index 98%
rename from relay/config.yml
rename to relay/config.example.yml
index da00363..f54c934 100644
--- a/relay/config.yml
+++ b/relay/config.example.yml
@@ -1,4 +1,3 @@
----
 relay:
   upstream: "http://web:9000/"
   host: 0.0.0.0
diff --git a/sentry/sentry.conf.example.py b/sentry/sentry.conf.example.py
index 05862cb..7116f9c 100644
--- a/sentry/sentry.conf.example.py
+++ b/sentry/sentry.conf.example.py
@@ -3,6 +3,36 @@
 
 from sentry.conf.server import *  # NOQA
 
+
+# Generously adapted from pynetlinux: https://git.io/JJmga
+def get_internal_network():
+    import ctypes
+    import fcntl
+    import math
+    import socket
+    import struct
+
+    iface = 'eth0'
+    sockfd = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    ifreq = struct.pack('16sH14s', iface, socket.AF_INET, b'\x00' * 14)
+
+    try:
+        ip = struct.unpack(
+            "!I", struct.unpack('16sH2x4s8x', fcntl.ioctl(sockfd, 0x8915, ifreq))[2]
+        )[0]
+        netmask = socket.ntohl(
+            struct.unpack('16sH2xI8x', fcntl.ioctl(sockfd, 0x891B, ifreq))[2]
+        )
+    except IOError:
+        return ()
+    base = socket.inet_ntoa(struct.pack("!I", ip & netmask))
+    netmask_bits = 32 - int(round(math.log(ctypes.c_uint32(~netmask).value + 1, 2), 1))
+    return ('{0:s}/{1:d}'.format(base, netmask_bits),)
+
+
+INTERNAL_IPS = get_internal_network()
+INTERNAL_SYSTEM_IPS = INTERNAL_IPS
+
 DATABASES = {
     "default": {
         "ENGINE": "sentry.db.postgres",