Here i describe how to install a nostr relay. Nostr is an opensource decentralized protocol used to create social and in general create censorship resistant content. It is based on decentralized relays which can be run by anyone very simply. In this guide i will install one implementation (there are several ones). Firewall also has been added.
Thanks to André Neves for his guide https://andreneves.xyz/p/set-up-a-nostr-relay-server-in-under from which i got inspired. i decided to fork because during installation i found something not working for me, some steps not necessary and something that was worth optimizing. Here the final setup that worked for me.
First important thing: use a minimum 8GB VPS. smaller VPS do not work simply, the software does not start. In this example i used a Ubuntu 22.04 with 8GB RAM and 4 core. In this example i am a user “dev” put in sudo group.
Update apt
sudo apt updateInstall dependencies needed
# install dependencies
sudo apt install nginx certbot python3-certbot-nginx ufw
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt updateSetup Docker on the Vps
# install docker (ubuntu)
sudo apt-get install ca-certificates curl gnupg lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo chmod a+r /etc/apt/keyrings/docker.gpg
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
Give the permission to deal with docker to user dev. After that, logout and login again with dev user.
sudo addgroup dev dockerGet software from github repository
# Clone software repo
git clone https://github.com/Cameri/nostr-ts-relay.git
# Set up relay settings
cd nostr-ts-relay && mkdir ~/.nostr
cp settings.sample.json ~/.nostr/settings.jsonConfigure basic settings. Section info is important and you should complete it correctly. Here is mine
"info": {
"relay_url": "wss://nostr.massmux.com",
"name": "nost.massmux.com",
"description": "Nostr relay by massmux.com.",
"pubkey": "npub1sej07d37lnfk592wlh9uv2dy68jv2y0ez98p6dw7w0llx89hswesvs5fqm",
"contact": "go@massmux.com"
},
# [...]Configure nginx
# Delete the default nginx settings file
sudo rm -f /etc/nginx/sites-available/defaultedit the file /etc/nginx/sites-available/default
sudo vi /etc/nginx/sites-available/defaultput the following content. This is needed in order to proxy between external 443 connections to local 8008 port connections
server{
server_name subdomain.domain.com;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8008;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Restart nginx
# Restart nginx
sudo service nginx restartNow setup letscncrypt certificate. Follow the procedure. be sure that your domain is correctly configured in DNS meaning that the A record is pointed correcly and also reverse PTR
# Request SSL cert from letsencrypt/certbot
sudo certbot --nginx -d subdomain.mydomain.comRestart nginx
# Restart nginx
sudo service nginx restartStart the server
./scripts/start --detachIn case you need to stop it, the command is.
./scripts/stopFirewall. Restrict ports:
sudo ufw allow 22
sudo ufw allow 443
sudo ufw enable
Now verify the connection to the site: https://websocketking.com/ , you should get something like:
Finally i suggest to access your server only with SSH key and disable access with password (after checked that you are able to connect with your SSH Key).
As a last step I suggest to add your relay to a watch website, like nostr.watch. After added to the site, you will see (if all went smooth) something like this
