nws/README.md

122 lines
4.4 KiB
Markdown
Raw Normal View History

2024-07-22 21:00:21 +00:00
# Nostr Web Services (NWS)
NWS replaces the IP layer in TCP transport using Nostr, enabling secure connections between clients and backend services.
2024-07-22 21:00:21 +00:00
2024-07-28 18:21:46 +00:00
Exit node [domain names](#nws-domain-names) make private services accessible to entry nodes.
2024-07-22 21:00:21 +00:00
### Prerequisites
- A list of Nostr relays that the exit node is connected to.
- The Nostr private key of the exit node.
## Overview
### NWS main components
1. **Exit node**: A TCP reverse proxy that listens for incoming Nostr subscriptions and forwards the payload to your designated backend service.
2024-08-04 12:35:26 +00:00
2. **Entry node**: A SOCKS5 proxy that forwards TCP packets and creates encrypted events for the exit node.
2024-07-22 21:00:21 +00:00
<img src="nws.png" width="900"/>
2024-07-28 18:21:46 +00:00
### NWS domain names
There are two types of domain names resolved by NWS entry nodes:
1. `.nostr` domains, which have base32 encoded public key hostnames and base32 encoded relays as subdomains.
2. [nprofiles](https://nostr-nips.com/nip-19#shareable-identifiers-with-extra-metadata), which are combinations of a Nostr public key and multiple relays.
2024-07-28 18:21:46 +00:00
Both types of domains will be generated and printed in the console on startup
2024-07-22 21:00:21 +00:00
## Quickstart
Using Docker to run NWS is recommended. For instructions on running NWS on your local machine, refer to the [Build from source](#build-from-source) section.
2024-07-22 21:00:21 +00:00
2024-07-28 18:21:46 +00:00
### Using Docker-Compose
2024-07-22 21:00:21 +00:00
Navigate to the `docker-compose.yaml` file and set `NOSTR_PRIVATE_KEY` to your private key. Leaving it empty will generate a new private key upon startup.
2024-07-22 21:00:21 +00:00
To set up using Docker Compose, run the following command:
```bash
2024-07-22 21:00:21 +00:00
docker compose up -d --build
```
This will start an example environment, including:
- Entry node
- Exit node
- Exit node with HTTPS reverse proxy
- [Cashu Nutshell](https://github.com/cashubtc/nutshell) (backend service)
- [nostr-relay](https://github.com/hoytech/strfry)
2024-07-22 21:00:21 +00:00
2024-07-28 18:21:46 +00:00
You can run the following commands to receive your NWS domain:
```bash
2024-07-28 18:21:46 +00:00
docker logs exit-https 2>&1 | awk -F'domain=' '{if ($2) print $2}' | awk '{print $1}'
```
2024-07-28 18:21:46 +00:00
```bash
docker logs exit 2>&1 | awk -F'domain=' '{if ($2) print $2}' | awk '{print $1}'
```
2024-07-28 18:21:46 +00:00
### Sending requests to the entry node
2024-07-22 21:00:21 +00:00
2024-07-28 18:21:46 +00:00
With the log information from the previous step, you can use the following command to send a request to the exit node domain:
2024-07-22 21:00:21 +00:00
```bash
curl -v -x socks5h://localhost:8882 http://"$(docker logs exit 2>&1 | awk -F'domain=' '{if ($2) print $2}' | awk '{print $1}' | tail -n 1)"/v1/info --insecure
2024-07-22 21:00:21 +00:00
```
If the exit node supports TLS, you can choose to connect using the HTTPS scheme:
2024-07-22 21:00:21 +00:00
```bash
curl -v -x socks5h://localhost:8882 https://"$(docker logs exit-https 2>&1 | awk -F'domain=' '{if ($2) print $2}' | awk '{print $1}' | tail -n 1)"/v1/info --insecure
2024-07-22 21:00:21 +00:00
```
When using HTTPS, the entry node can be used as a service, as the operator will not be able to see the request data.
2024-07-22 21:00:21 +00:00
## Build from Source
2024-07-22 21:00:21 +00:00
To make your services reachable via Nostr, set up the exit node.
2024-07-22 21:00:21 +00:00
2024-07-28 18:21:46 +00:00
### Exit node
2024-07-22 21:00:21 +00:00
Configuration can be completed using environment variables. Alternatively, you can create a `.env` file in the current working directory with the following content:
2024-07-22 21:00:21 +00:00
```
2024-08-27 21:50:05 +00:00
NOSTR_RELAYS='ws://localhost:6666;ws://localhost:7777;wss://relay.domain.com'
NOSTR_PRIVATE_KEY="EXITPRIVATEHEX"
BACKEND_HOST='localhost:3338'
PUBLIC=false
2024-07-22 21:00:21 +00:00
```
- `NOSTR_RELAYS`: A list of Nostr relays to publish events to. Used only if there is no relay data in the request.
- `NOSTR_PRIVATE_KEY`: The private key to sign the events.
- `BACKEND_HOST`: The host of the backend to forward requests to.
- `PUBLIC`: If set to true, the exit node will announce itself on the Nostr network, enabling other entry nodes to discover it for public internet traffic relaying.
2024-07-22 21:00:21 +00:00
To start the exit node, use this command:
```bash
2024-08-27 21:50:05 +00:00
go run cmd/nws/nws.go exit
2024-07-22 21:00:21 +00:00
```
If your backend services support TLS, your service can now start using TLS encryption through a publicly available entry node.
---
2024-07-28 18:21:46 +00:00
### Entry node
2024-07-26 19:44:47 +00:00
2024-07-22 21:00:21 +00:00
To run an entry node for accessing NWS services behind exit nodes, use the following command:
```bash
2024-08-27 21:50:05 +00:00
go run cmd/nws/nws.go entry
2024-07-22 21:00:21 +00:00
```
2024-07-26 19:44:47 +00:00
If you don't want to use the `PUBLIC_ADDRESS` feature, no further configuration is needed.
2024-07-22 21:00:21 +00:00
```
PUBLIC_ADDRESS='<public_ip>:<port>'
2024-07-22 21:00:21 +00:00
```
2024-08-04 12:35:26 +00:00
- `PUBLIC_ADDRESS`: This can be set if the entry node is publicly available. Exit node discovery will still be done using Nostr. Once a connection is established, this public address will be used to transmit further data. (`<ip/domain>:<port>`)
- `NOSTR_RELAYS`: A list of Nostr relays to publish events to. Used only if there is no relay data in the request.