Here i describe how to install a nostr relay. Nostr is an opensource decentralized protocol used to create social and in general create censorship resistant content. It is based on decentralized relays which can be run by anyone very simply. In this guide i will install one implementation (there are several ones). Firewall also has been added.

Thanks to André Neves for his guide from which i got inspired. i decided to fork because during installation i found something not working for me, some steps not necessary and something that was worth optimizing. Here the final setup that worked for me.

First important thing: use a minimum 8GB VPS. smaller VPS do not work simply, the software does not start. In this example i used a Ubuntu 22.04 with 8GB RAM and 4 core. In this example i am a user “dev” put in sudo group.

Update apt

sudo apt update

Install dependencies needed

# install dependencies
sudo apt install nginx certbot python3-certbot-nginx ufw
sudo apt-get remove docker docker-engine containerd runc
sudo apt update

Setup Docker on the Vps

# install docker (ubuntu)
sudo apt-get install ca-certificates curl gnupg lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo chmod a+r /etc/apt/keyrings/docker.gpg
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli docker-compose-plugin

Give the permission to deal with docker to user dev. After that, logout and login again with dev user.

sudo addgroup dev docker

Get software from github repository

# Clone software repo
git clone

# Set up relay settings
cd nostr-ts-relay && mkdir ~/.nostr
cp settings.sample.json ~/.nostr/settings.json

Configure basic settings. Section info is important and you should complete it correctly. Here is mine

"info": {
    "relay_url": "wss://",
    "name": "",
    "description": "Nostr relay by",
    "pubkey": "npub1sej07d37lnfk592wlh9uv2dy68jv2y0ez98p6dw7w0llx89hswesvs5fqm",
    "contact": ""
# [...]

Configure nginx

# Delete the default nginx settings file
sudo rm -f /etc/nginx/sites-available/default

edit the file /etc/nginx/sites-available/default

sudo vi  /etc/nginx/sites-available/default

put the following content. This is needed in order to proxy between external 443 connections to local 8008 port connections

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

Restart nginx

# Restart nginx
sudo service nginx restart

Now setup letscncrypt certificate. Follow the procedure. be sure that your domain is correctly configured in DNS meaning that the A record is pointed correcly and also reverse PTR

# Request SSL cert from letsencrypt/certbot
sudo certbot --nginx -d

Restart nginx

# Restart nginx
sudo service nginx restart

Start the server

./scripts/start --detach

In case you need to stop it, the command is.


Firewall. Restrict ports:

sudo ufw allow 22
sudo ufw allow 443
sudo ufw enable


Now verify the connection to the site: , you should get something like:

Finally i suggest to access your server only with SSH key and disable access with password (after checked that you are able to connect with your SSH Key).

As a last step I suggest to add your relay to a watch website, like After added to the site, you will see (if all went smooth) something like this