2024-07-22 21:00:21 +00:00
# Nostr Web Services (NWS)
NWS replaces the IP layer in TCP transport using Nostr, enabling a secure connection between
clients and backend services.
Exit nodes are reachable through their [nprofiles ](https://nostr-nips.com/nip-19 ), which are combinations of a Nostr public key and multiple relays.
### Prerequisites
- A list of Nostr relays that the exit node is connected to.
- The Nostr private key of the exit node.
The exit node utilizes the private key and relay list to generate an [nprofile ](https://nostr-nips.com/nip-19 ), which is printed in the console on startup.
## Overview
### NWS main components
1. **Entry node** : It forwards tcp packets to the exit node using a SOCKS proxy and creates encrypted events for the public key of the exit node.
2. **Exit node** : It is a TCP reverse proxy that listens for incoming Nostr subscriptions and forwards the payload to the designated backend service.
< img src = "nws.png" width = "900" / >
## Quickstart
Running NWS using Docker is recommended. For instructions on running NWS on your local machine, refer to the [Build from source ](#build-from-source ) section.
### Using Docker Compose
2024-07-23 19:36:57 +00:00
Please navigate to the `docker-compose.yaml` file and set `NOSTR_PRIVATE_KEY` to your own private key.
2024-07-23 19:26:04 +00:00
Leaving it empty will generate a new private key on startup.
2024-07-22 21:00:21 +00:00
To set up using Docker Compose, run the following command:
```
docker compose up -d --build
```
2024-07-23 19:36:57 +00:00
This will start an example environment, including the entry node, exit node, and a backend service.
2024-07-22 21:00:21 +00:00
2024-07-23 19:26:04 +00:00
You can run the following commands to receive your nprofiles:
```bash
2024-07-23 20:18:41 +00:00
docker logs exit-https 2>& 1 | awk -F'profile=' '{if ($2) print $2}' | awk '{print $1}'
2024-07-23 19:26:04 +00:00
```
```bash
2024-07-23 20:19:33 +00:00
docker logs exit 2>& 1 | awk -F'profile=' '{if ($2) print $2}' | awk '{print $1}`
2024-07-23 19:26:04 +00:00
```
2024-07-22 21:00:21 +00:00
### Sending Requests to the Entry node
2024-07-23 19:26:04 +00:00
With the log information from the previous step, you can use the following command to send a request to the nprofile:
2024-07-22 21:00:21 +00:00
```
2024-07-23 19:36:57 +00:00
curl -v -x socks5h://localhost:8882 http://"$(docker logs exit 2>& 1 | awk -F'profile=' '{if ($2) print $2}' | awk '{print $1}' | tail -n 1)"/v1/info --insecure
2024-07-22 21:00:21 +00:00
```
If the nprofile supports TLS, you can choose to connect using https scheme
```
2024-07-23 19:36:57 +00:00
curl -v -x socks5h://localhost:8882 https://"$(docker logs exit-https 2>& 1 | awk -F'profile=' '{if ($2) print $2}' | awk '{print $1}' | tail -n 1)"/v1/info --insecure
2024-07-22 21:00:21 +00:00
```
When using https, the entry node can be used as a service, since the operator will not be able to see the request data.
## Build from source
The exit node must be set up to make the services reachable via Nostr.
### Configuration
2024-07-23 19:36:57 +00:00
Configuration should be completed using environment variables.
2024-07-22 21:00:21 +00:00
Alternatively, you can create a `.env` file in the current working directory with the following content:
```
NOSTR_RELAYS = 'ws://localhost:6666;wss://relay.damus.io'
NOSTR_PRIVATE_KEY = "EXITPRIVATEHEX"
BACKEND_HOST = 'localhost:3338'
```
- `NOSTR_RELAYS` : A list of nostr relays to publish events to. Will only be used if there was no nprofile in the
request.
- `NOSTR_PRIVATE_KEY` : The private key to sign the events
- `BACKEND_HOST` : The host of the backend to forward requests to
To start the exit node, use this command:
```
2024-07-22 23:45:28 +00:00
go run cmd/exit/exit.go
2024-07-22 21:00:21 +00:00
```
If your backend services support TLS, your service can now start using TLS encryption through a publicly available entry node.
---
To run an entry node for accessing NWS services behind exit nodes, use the following command:
```
2024-07-25 17:47:05 +00:00
go run cmd/entry/main.go
2024-07-22 21:00:21 +00:00
```
#### Entry node Configuration
If you used environment variables, no further configuration is needed.
For `.env` file configurations, do so in the current working directory with the following content:
```
2024-07-24 20:45:41 +00:00
NOSTR_RELAYS = 'ws://localhost:6666;wss://relay.com'
2024-07-22 21:00:21 +00:00
```
2024-07-24 20:45:41 +00:00
Here, NOSTR_RELAYS is a list of nostr relays to publish events to and will only be used if there was no nprofile in the request.