These are the steps I took to install and run a nostr relay on a new server.
First, you'll need the server, this tutorial is using the most basic server Hetzner provides (CX11 - €4.15/mo), you don't need much. If you don't know where to get your server from and decide to go with Hetzner, consider using my affiliate link: https://hetzner.cloud/?ref=4FZql6rUwaeQ
Once you have your server running, log into it via SSH. I'm on a MacOS, so I'll use Terminal as my command line tool. open a new Terminal window and paste the following commands:
Connect to server via SSH:
ssh root@<server-ip> replace with the IP from your new server
Next, we'll need to install some needed stuff:
sudo apt install build-essential
sudo apt install libssl-dev
sudo apt install pkg-config
sudo apt install libsqlite3-dev
Install Rust:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
https://www.rust-lang.org/learn/get-started for more info.
Install nostr-rs-relay:
- clone the repo
git clone https://github.com/scsibug/nostr-rs-relay.git - get inside the project folder
cd nostr-rs-relay - build it
cargo buildorcargo build --releasefor an optimized binary, read the comments for more info (thanks @kirillkovalenko)
Configure nostr-rs-relay with your own settings:
nano config.toml
Run nostr-rs-relay (from inside the project folder):
RUST_LOG=info ./target/debug/nostr-rs-relay
At this point you should have a working relay at http://server-ip:8080
To use your own domain, go to your registrar and add a new A record pointing to the server-ip, then:
install Certbot (https://certbot.eff.org/instructions?ws=haproxy&os=ubuntufocal):
sudo apt install snapd
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot certonly --standalone
Certbot gives you two files, the certificate and the key, we'll need to combine those in a single file to use with Haproxy. Replace "yourdomain" with your own domain.
cd /etc/letsencrypt/live/yourdomain/
cat fullchain.pem privkey.pem > yourdomain.pem
Automate renewal with haproxy: https://serversforhackers.com/c/letsencrypt-with-haproxy
(check "Automating Renewal" section)
Install Haproxy:
Get back to home folder first cd ~
sudo apt install haproxy
- edit the config
nano /etc/haproxy/haproxy.cfg - keep a copy of the original content and replace it with this:
https://git.sr.ht/~gheartsfield/nostr-rs-relay/tree/master/item/reverse-proxy.md
you'll need to edit 2 lines with your own info:
bind :443 ssl crt /etc/certs/example.com.pem alpn h2,http/1.1
acl host_relay hdr(host) -i relay.example.com
- restart haproxy
systemctl restart haproxy.service
To run nostr-rs-relay in the background, we'll need to create a new service to instruct our server to do just that. You can use the following website: https://mysystemd.talos.sh/
here's what the content needs to look like:
Description=Keeps the relay alive by way of magic words
After=network.target
Wants=network-online.target
[Service]
Restart=always
Type=simple
ExecStart=/root/nostr-rs-relay/target/debug/nostr-rs-relay
WorkingDirectory=/root/nostr-rs-relay
Environment='RUST_LOG=info'
[Install]
WantedBy=multi-user.target
save the file, name it nostr-rs-relay, and upload it to the server, replacing local-path and server-ip:
rsync -avz /local-path/nostr-rs-relay.service root@server-ip:/etc/systemd/system/nostr-rs-relay.service
then
sudo systemctl daemon-reload
sudo systemctl enable nostr-rs-relay
sudo systemctl start nostr-rs-relay
you can check the logs with:
journalctl --unit nostr-rs-relay --follow --since=today
Done! I was able to put this up with the help of the awesome nostr community, in particular @scsibug, @cameri and @fiatjaf. Thank you. <3
P.S. If you find something wrong or missing, help me make it better.
consider using
cargo build --releaseto have an optimized binary created