nws/README.md


# Nostr Web Services (NWS)

NWS replaces the IP layer in TCP transport using Nostr, enabling secure connections between clients and backend services.

Exit node [domain names](#nws-domain-names) make private services accessible to entry nodes.

### Prerequisites

- A list of Nostr relays that the exit node is connected to.
- The Nostr private key of the exit node.

## Overview

### NWS main components

1. **Exit node**: A TCP reverse proxy that listens for incoming Nostr subscriptions and forwards the payload to your designated backend service.
2. **Entry node**: Forwards TCP packets to the exit node using a SOCKS proxy and creates encrypted events for the exit node.

<img src="nws.png" width="900"/>

### NWS domain names

There are two types of domain names resolved by NWS entry nodes:
1. `.nostr` domains, which have base32 encoded public key hostnames and base32 encoded relays as subdomains.
2. [nprofiles](https://nostr-nips.com/nip-19), which are combinations of a Nostr public key and multiple relays.

Both types of domains will be generated and printed in the console on startup

## Quickstart

Using Docker to run NWS is recommended. For instructions on running NWS on your local machine, refer to the [Build from source](#build-from-source) section.

### Using Docker-Compose

Navigate to the `docker-compose.yaml` file and set `NOSTR_PRIVATE_KEY` to your private key. Leaving it empty will generate a new private key upon startup.

To set up using Docker Compose, run the following command:
```bash
docker compose up -d --build
```

This will start an example environment, including:
- Entry node
- Exit node
- Exit node with HTTPS reverse proxy
- [Cashu Nutshell](https://github.com/cashubtc/nutshell) (backend service)
- [nostr-relay](https://github.com/scsibug/nostr-rs-relay)

You can run the following commands to receive your NWS domain:

```bash
docker logs exit-https 2>&1 | awk -F'domain=' '{if ($2) print $2}' | awk '{print $1}'
```

```bash
docker logs exit 2>&1 | awk -F'domain=' '{if ($2) print $2}' | awk '{print $1}'
```

### Sending requests to the entry node

With the log information from the previous step, you can use the following command to send a request to the exit node domain:

```bash
curl -v -x socks5h://localhost:8882 http://"$(docker logs exit 2>&1 | awk -F'domain=' '{if ($2) print $2}' | awk '{print $1}' | tail -n 1)"/v1/info --insecure
```

If the exit node supports TLS, you can choose to connect using the HTTPS scheme:

```bash
curl -v -x socks5h://localhost:8882 https://"$(docker logs exit-https 2>&1 | awk -F'domain=' '{if ($2) print $2}' | awk '{print $1}' | tail -n 1)"/v1/info --insecure
```

When using HTTPS, the entry node can be used as a service, as the operator will not be able to see the request data.

## Build from Source

To make your services reachable via Nostr, set up the exit node.

### Exit node

Configuration can be completed using environment variables. Alternatively, you can create a `.env` file in the current working directory with the following content:

```
NOSTR_RELAYS='ws://localhost:6666;wss://relay.domain.com'
NOSTR_PRIVATE_KEY="EXITPRIVATEHEX"
BACKEND_HOST='localhost:3338'
PUBLIC=false
```

- `NOSTR_RELAYS`: A list of Nostr relays to publish events to. Used only if there is no relay data in the request.
- `NOSTR_PRIVATE_KEY`: The private key to sign the events.
- `BACKEND_HOST`: The host of the backend to forward requests to.
- `PUBLIC`: If set to true, the exit node will announce itself on the Nostr network, enabling other entry nodes to discover it for public internet traffic relaying.

To start the exit node, use this command:

```bash
go run cmd/exit/exit.go
```

If your backend services support TLS, your service can now start using TLS encryption through a publicly available entry node.

---

### Entry node

To run an entry node for accessing NWS services behind exit nodes, use the following command:

```bash
go run cmd/entry/main.go
```

If you don't want to use the `PUBLIC_ADDRESS` feature, no further configuration is needed.

```
PUBLIC_ADDRESS='<public_ip>:<port>'
```

- `PUBLIC_ADDRESS`: This can be set if the entry node is publicly available. When set, the entry node will additionally bind to this address. Exit node discovery will still be done using Nostr. Once a connection is established, this public address will be used to transmit further data.
- `NOSTR_RELAYS`: A list of Nostr relays to publish events to. Used only if there is no relay data in the request.
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00
Initial commit 2024-07-22 21:00:21 +00:00			`# Nostr Web Services (NWS)`

Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			`NWS replaces the IP layer in TCP transport using Nostr, enabling secure connections between clients and backend services.`
Initial commit 2024-07-22 21:00:21 +00:00
readme 2024-07-28 18:21:46 +00:00			`Exit node [domain names](#nws-domain-names) make private services accessible to entry nodes.`
Initial commit 2024-07-22 21:00:21 +00:00
			`### Prerequisites`

			`- A list of Nostr relays that the exit node is connected to.`
			`- The Nostr private key of the exit node.`

			`## Overview`

			`### NWS main components`

Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			`1. Exit node: A TCP reverse proxy that listens for incoming Nostr subscriptions and forwards the payload to your designated backend service.`
			`2. Entry node: Forwards TCP packets to the exit node using a SOCKS proxy and creates encrypted events for the exit node.`
Initial commit 2024-07-22 21:00:21 +00:00
			`<img src="nws.png" width="900"/>`

readme 2024-07-28 18:21:46 +00:00			`### NWS domain names`

			`There are two types of domain names resolved by NWS entry nodes:`
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			1. `.nostr` domains, which have base32 encoded public key hostnames and base32 encoded relays as subdomains.
			`2. [nprofiles](https://nostr-nips.com/nip-19), which are combinations of a Nostr public key and multiple relays.`
readme 2024-07-28 18:21:46 +00:00
			`Both types of domains will be generated and printed in the console on startup`

Initial commit 2024-07-22 21:00:21 +00:00			`## Quickstart`

Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			`Using Docker to run NWS is recommended. For instructions on running NWS on your local machine, refer to the [Build from source](#build-from-source) section.`
Initial commit 2024-07-22 21:00:21 +00:00
readme 2024-07-28 18:21:46 +00:00			`### Using Docker-Compose`
Initial commit 2024-07-22 21:00:21 +00:00
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			Navigate to the `docker-compose.yaml` file and set `NOSTR_PRIVATE_KEY` to your private key. Leaving it empty will generate a new private key upon startup.
Update private key handling and improve readme 2024-07-23 19:26:04 +00:00
Initial commit 2024-07-22 21:00:21 +00:00			`To set up using Docker Compose, run the following command:`
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			```bash
Initial commit 2024-07-22 21:00:21 +00:00			`docker compose up -d --build`
			```

Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			`This will start an example environment, including:`
			`- Entry node`
			`- Exit node`
			`- Exit node with HTTPS reverse proxy`
			`- [Cashu Nutshell](https://github.com/cashubtc/nutshell) (backend service)`
			`- [nostr-relay](https://github.com/scsibug/nostr-rs-relay)`
Initial commit 2024-07-22 21:00:21 +00:00
readme 2024-07-28 18:21:46 +00:00			`You can run the following commands to receive your NWS domain:`
Update private key handling and improve readme 2024-07-23 19:26:04 +00:00
			```bash
readme 2024-07-28 18:21:46 +00:00			`docker logs exit-https 2>&1 \| awk -F'domain=' '{if ($2) print $2}' \| awk '{print $1}'`
Update private key handling and improve readme 2024-07-23 19:26:04 +00:00			```
readme 2024-07-28 18:21:46 +00:00
Update private key handling and improve readme 2024-07-23 19:26:04 +00:00			```bash
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			`docker logs exit 2>&1 \| awk -F'domain=' '{if ($2) print $2}' \| awk '{print $1}'`
Update private key handling and improve readme 2024-07-23 19:26:04 +00:00			```

readme 2024-07-28 18:21:46 +00:00			`### Sending requests to the entry node`
Initial commit 2024-07-22 21:00:21 +00:00
readme 2024-07-28 18:21:46 +00:00			`With the log information from the previous step, you can use the following command to send a request to the exit node domain:`
Initial commit 2024-07-22 21:00:21 +00:00
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			```bash
			`curl -v -x socks5h://localhost:8882 http://"$(docker logs exit 2>&1 \| awk -F'domain=' '{if ($2) print $2}' \| awk '{print $1}' \| tail -n 1)"/v1/info --insecure`
Initial commit 2024-07-22 21:00:21 +00:00			```

Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			`If the exit node supports TLS, you can choose to connect using the HTTPS scheme:`
Initial commit 2024-07-22 21:00:21 +00:00
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			```bash
			`curl -v -x socks5h://localhost:8882 https://"$(docker logs exit-https 2>&1 \| awk -F'domain=' '{if ($2) print $2}' \| awk '{print $1}' \| tail -n 1)"/v1/info --insecure`
Initial commit 2024-07-22 21:00:21 +00:00			```

Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			`When using HTTPS, the entry node can be used as a service, as the operator will not be able to see the request data.`
Initial commit 2024-07-22 21:00:21 +00:00
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			`## Build from Source`
Initial commit 2024-07-22 21:00:21 +00:00
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			`To make your services reachable via Nostr, set up the exit node.`
Initial commit 2024-07-22 21:00:21 +00:00
readme 2024-07-28 18:21:46 +00:00			`### Exit node`
Initial commit 2024-07-22 21:00:21 +00:00
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			Configuration can be completed using environment variables. Alternatively, you can create a `.env` file in the current working directory with the following content:

Initial commit 2024-07-22 21:00:21 +00:00			```
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			`NOSTR_RELAYS='ws://localhost:6666;wss://relay.domain.com'`
			`NOSTR_PRIVATE_KEY="EXITPRIVATEHEX"`
			`BACKEND_HOST='localhost:3338'`
			`PUBLIC=false`
Initial commit 2024-07-22 21:00:21 +00:00			```

Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			- `NOSTR_RELAYS`: A list of Nostr relays to publish events to. Used only if there is no relay data in the request.
			- `NOSTR_PRIVATE_KEY`: The private key to sign the events.
			- `BACKEND_HOST`: The host of the backend to forward requests to.
			- `PUBLIC`: If set to true, the exit node will announce itself on the Nostr network, enabling other entry nodes to discover it for public internet traffic relaying.
Initial commit 2024-07-22 21:00:21 +00:00
			`To start the exit node, use this command:`

Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			```bash
Trivial filename fix in README. 2024-07-22 23:45:28 +00:00			`go run cmd/exit/exit.go`
Initial commit 2024-07-22 21:00:21 +00:00			```

			`If your backend services support TLS, your service can now start using TLS encryption through a publicly available entry node.`

			`---`

readme 2024-07-28 18:21:46 +00:00			`### Entry node`
updated readme 2024-07-26 19:44:47 +00:00
Initial commit 2024-07-22 21:00:21 +00:00			`To run an entry node for accessing NWS services behind exit nodes, use the following command:`
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00
			```bash
updated build instrution 2024-07-25 17:47:05 +00:00			`go run cmd/entry/main.go`
Initial commit 2024-07-22 21:00:21 +00:00			```
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00
updated readme 2024-07-26 19:44:47 +00:00			If you don't want to use the `PUBLIC_ADDRESS` feature, no further configuration is needed.
Initial commit 2024-07-22 21:00:21 +00:00
			```
Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			`PUBLIC_ADDRESS='<public_ip>:<port>'`
Initial commit 2024-07-22 21:00:21 +00:00			```

Added public exit nodes with clearnet support 2024-08-01 12:35:28 +00:00			- `PUBLIC_ADDRESS`: This can be set if the entry node is publicly available. When set, the entry node will additionally bind to this address. Exit node discovery will still be done using Nostr. Once a connection is established, this public address will be used to transmit further data.
			- `NOSTR_RELAYS`: A list of Nostr relays to publish events to. Used only if there is no relay data in the request.