NWS - enable TCP on Nostr
Go to file
2024-07-23 19:13:56 +02:00
cmd Add HTTPS reverse proxy support 2024-07-23 19:10:02 +02:00
config Initial commit 2024-07-22 23:00:21 +02:00
exit Extend certificate validity to 10 years 2024-07-23 19:13:56 +02:00
netstr Add HTTPS reverse proxy support 2024-07-23 19:10:02 +02:00
protocol Add HTTPS reverse proxy support 2024-07-23 19:10:02 +02:00
proxy Initial commit 2024-07-22 23:00:21 +02:00
socks5 Initial commit 2024-07-22 23:00:21 +02:00
.gitignore Initial commit 2024-07-22 23:00:21 +02:00
docker-compose.yaml Add HTTPS reverse proxy support 2024-07-23 19:10:02 +02:00
go.mod Initial commit 2024-07-22 23:00:21 +02:00
go.sum Initial commit 2024-07-22 23:00:21 +02:00
LICENSE Initial commit 2024-07-22 23:00:21 +02:00
nws.png Initial commit 2024-07-22 23:00:21 +02:00
README.md Initial commit 2024-07-22 23:00:21 +02:00

Nostr Web Services (NWS)

NWS replaces the IP layer in TCP transport using Nostr, enabling a secure connection between clients and backend services.

Exit nodes are reachable through their nprofiles, which are combinations of a Nostr public key and multiple relays.

Prerequisites

  • A list of Nostr relays that the exit node is connected to.
  • The Nostr private key of the exit node.

The exit node utilizes the private key and relay list to generate an nprofile, which is printed in the console on startup.

Overview

NWS main components

  1. Entry node: It forwards tcp packets to the exit node using a SOCKS proxy and creates encrypted events for the public key of the exit node.
  2. Exit node: It is a TCP reverse proxy that listens for incoming Nostr subscriptions and forwards the payload to the designated backend service.

Quickstart

Running NWS using Docker is recommended. For instructions on running NWS on your local machine, refer to the Build from source section.

Using Docker Compose

To set up using Docker Compose, run the following command:

docker compose up -d --build

This will start an example setup, including the entry node, exit node, and a backend service.

Sending Requests to the Entry node

You can use the following command to send a request to the nprofile:

curl -v -x socks5h://localhost:8882  http://nprofile1qqsp98rnlp7sn4xuf7meyec48njp2qyfch0jktwvfuqx8vdqgexkg8gpz4mhxw309ahx7um5wgkhyetvv9un5wps8qcqggauk8/v1/info --insecure

If the nprofile supports TLS, you can choose to connect using https scheme

curl -v -x socks5h://localhost:8882  https://nprofile1qqstw2nc544vkl4760yeq9xt2yd0gthl4trm6ruvpukdthx9fy5xqjcpz4mhxw309ahx7um5wgkhyetvv9un5wps8qcqcelsf6/v1/info --insecure

When using https, the entry node can be used as a service, since the operator will not be able to see the request data.

Build from source

The exit node must be set up to make the services reachable via Nostr.

Configuration

Configuration can be completed using environment variables. Alternatively, you can create a .env file in the current working directory with the following content:

NOSTR_RELAYS = 'ws://localhost:6666;wss://relay.damus.io'
NOSTR_PRIVATE_KEY = "EXITPRIVATEHEX"
BACKEND_HOST = 'localhost:3338'
  • NOSTR_RELAYS: A list of nostr relays to publish events to. Will only be used if there was no nprofile in the request.
  • NOSTR_PRIVATE_KEY: The private key to sign the events
  • BACKEND_HOST: The host of the backend to forward requests to

To start the exit node, use this command:

go run cmd/exit/main.go

If your backend services support TLS, your service can now start using TLS encryption through a publicly available entry node.


To run an entry node for accessing NWS services behind exit nodes, use the following command:

go run cmd/proxy/main.go

Entry node Configuration

If you used environment variables, no further configuration is needed. For .env file configurations, do so in the current working directory with the following content:

NOSTR_RELAYS = 'ws://localhost:6666;wss://relay.damus.io'

Here, NOSTR_RELAYS is a list of nostr relays to publish events to and will only be used if there was no nprofile in the request.