| images | ||
| src | ||
| .gitignore | ||
| biome.json | ||
| bun.lock | ||
| Dockerfile | ||
| index.ts | ||
| LICENSE | ||
| package.json | ||
| README.md | ||
| tsconfig.json | ||
 |
NIP-42 ProxyA simple, no-fuss NIP-42 authentication proxy for your Nostr relay.
|
Ever wanted to run a private Nostr relay without all the hassle? This NIP-42 proxy is your answer. It sits in front of your relay and makes sure only the right people can get in. Simple as that.
✨ What's Inside?
- NIP-42 Auth: Keep your relay safe and sound with NIP-42 authentication.
- Proxy Power: It's a straightforward proxy that forwards messages between your users and the relay.
- Whitelist Control: Easily manage who gets in and what they can do with a dynamic whitelist.
- Admin Interface: A handy RPC interface (protected by NIP-98) to manage your proxy.
- Docker-Ready: Comes with a
Dockerfile, so you can get it up and running in a flash. - Bun-Powered: Built with Bun for a fast and modern experience.
🚀 Get Going
What You'll Need
Let's Do This
-
Clone the code:
git clone https://git.arx-ccn.com/Arx/nip42-proxy.git cd nip42-proxy -
Install the things:
bun install -
Fire it up:
-
With Bun:
RELAY_URL="wss://my-relay.com" ADMIN_PUBKEY="my-admin-pubkey" bun run index.ts -
With Docker:
-
Build it:
docker build -t nip42-proxy . -
Run it:
docker run -p 3000:3000 -e RELAY_URL="wss://your-relay-url.com" -e ADMIN_PUBKEY="my-admin-pubkey" --name nip42-proxy nip42-proxy
-
-
Now you can connect to your proxy with any Nostr client that gets NIP-42.
⚙️ Tweaks and Knobs
This proxy is configured with environment variables. Here's the rundown:
Click to see all the options
| Variable | What it does | Default |
|---|---|---|
ALLOW_UNAUTHED_PUBLISH |
Let unauthenticated users publish events. | false |
RELAY_URL |
The URL of the relay you're proxying. | |
RELAY_OUTSIDE_URL |
The URL your users will connect to. | RELAY_URL |
RELAY_NAME |
The name of your relay. | |
RELAY_DESCRIPTION |
A little something about your relay. | |
RELAY_BANNER |
A URL for a banner image. | |
RELAY_ICON |
A URL for an icon. | |
RELAY_CONTACT |
How people can get in touch. | |
RELAY_POLICY |
A URL to your relay's policy. | |
ADMIN_PUBKEY |
The public key of the relay's admin. |
🔧 The Admin Zone
The proxy has a special RPC interface for admins, protected by NIP-98. Just send a POST request to the root URL (/) with the right headers (Content-Type: application/nostr+json+rpc and a NIP-98 Authorization token).
What you can do:
supportedmethods: See what commands are available.getinfo: Get the relay's info doc.banpubkey: Kick someone out.allowpubkey: Let someone in.listallowedpubkeys: See who's on the list.allowkind: Allow a certain kind of event.disallowkind: Block a certain kind of event.listallowedkinds: See what kinds are allowed.
🤔 How's It Work?
- Knock Knock: A client connects, but they're just a guest for now.
- Who's There?: The proxy asks for their credentials with an
AUTHchallenge. - The Password: The client sends back a valid
AUTHevent, signed with a key that's on the list. - You're In: The client is now authenticated and can chat with the relay.
- The Conversation: Messages flow freely between the client and the relay.
🤝 Wanna Help?
Got ideas? Found a bug? Pull requests and issues are always welcome.
📄 The Fine Print
This project is licensed under the AGPLv3. Check out the LICENSE file for the full text.