Gnost-relay

Gnost-relay is an Nostr relay written in Go.

Setting up

You need to have Golang, git and PostgreSQL installed in your machine:

~ # pkg_add golang postgresql gjt

Setting up Database

Let's make the PostgreSQL database first, Then start PostgreSQL:

# su -l _postgresql
$ initdb -D data -U postgres -E utf-8
$ exit
# rcctl start postgresql

If needed, Make PostgreSQL start after boot:

# rcctl enable postgresql

Now make gnost_relay user and it is database:

# psql -U postgres
psql (15.2)
Type "help" for help.

postgres=# CREATE USER 'gnost_relay' WITH ENCRYPTED PASSWORD 'wJ3v49LPP';
CREATE USER
postgres=# CREATE DATABASE 'gnost_relay' OWNER 'gnost_relay';
CREATE ROLE
postgres=# \q
#

Change wJ3v49LPP with your preferred password.

Setting up Gnost

Now let's make _nostr user then login:

# useradd -m _nostr
# su -l _nostr

Clone the repository and enter into the directory:

$ git clone https://github.com/barkyq/gnost-relay
$ cd gnost-relay

Modify the listen address if needed. By default, it is localhost:8080. For chroot environment, It should be 127.0.0.1:8080:

$ sed -i "s/localhost:8080/127.0.0.1:8080/g" main.go

Then start compiling:

$ go build

Once done, There should be gnost-relay bin inside the directory:

$ stat gnost-relay
1024 32073755 -rwxr-xr-x 1 _nostr _nostr 128184144 13579046 "May 27 07:04:28 2023" "May 27 07:04:01 2023" "May 27 07:04:01 2023" 32768 26624 0 gnost-relay

You may modify config.json accordingly.

Setting up the chroot environment

Exit and go back as root, Then go to /home/_nostr/, and make jail folder:

$ exit
# cd /home/_nostr
# mkdir jailbox

Copy gnost-relay bin and config.json into the jailbox directory

# cp gnost-relay/gnost-relay gnost-relay/config.json jailbox

cd into the jailbox folder, ldd the gnost-relay bin and copy the required libs:

# cd jailbox
# ldd gnost-relay
gnost-relay:
        Start            End              Type  Open Ref GrpRef Name
        0000000000400000 0000000000d63000 exe   2    0   0      gnost-relay
        0000000201305000 00000002013fb000 rlib  0    1   0      /usr/lib/libc.so.97.0
        00000002a1aef000 00000002a1afb000 rlib  0    1   0      /usr/lib/libpthread.so.27.0
        0000000268f2d000 0000000268f2d000 ld.so 0    1   0      /usr/libexec/ld.so
# mkdir -p usr/lib{exec,}
# cp /usr/libexec/ld.so usr/libexec
# cp /usr/lib/libc.so.97.0 /usr/lib/libpthread.so.27.0 usr/lib

Go back to the previous folder (Should be /home/_nostr), Start editing start.sh:

# cd /home/_nostr
# vi start.sh

start.sh:

#!/bin/sh

export DATABASE_URL='postgres://gnost_relay:YOURDBPASS@[::1]:5432/gnost_relay'
chroot -u _nostr /home/_nostr/jailbox/ /gnost-relay --config /config.json | tee -a /home/_nostr/logfile

Replace YOURDBPASS with the database password that you provide for gnost_relay before.

Save it, and make it executeable:

# chmod +x start.sh

You may like to test whenever you have a working set up by running ./start.sh.

Setting up rc.d service

Edit /etc/rc.d/nostr:

#!/bin/ksh

daemon="/home/_nostr/start.sh"
daemon_logger=daemon.info

. /etc/rc.d/rc.subr

pexp="/gnost-relay.*"

rc_stop_signal=KILL
rc_usercheck=NO
rc_reload=NO
rc_bg=YES

rc_cmd $1

Save it, then make it as executeable:

# chmod +x /etc/rc.d/nostr

Then try start it:

# rcctl start nostr
nostr(ok)
#

If needed, You could make gnost to start after boot:

# rcctl enable nostr

Configuring relayd

Relayd will be used for reverse proxy. Edit /etc/relayd.conf and insert the following:

# $OpenBSD: relayd.conf,v 1.4 2018/03/23 09:55:06 claudio Exp $

ext_inet="<IPv4 address>"
ext_inet6="<IPv6 address>"

table <nostr_server> { 127.0.0.1 }

http protocol honk { # Protocol for upstream honk server
    #tcp { nodelay, sack, socket buffer 65536, backlog 128 } # Uncomment and adjust as you see fit
    tls { keypair example.com }

    # Append a bunch of headers
    match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
    match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"

    http websockets
}

relay www {
    listen on $ext_inet port https tls # Comment to disable listening on IPv4

    protocol nostr

    forward to <nostr_server> port 8080
}

relay www6 {
    listen on $ext_inet6 port https tls # Comment to disable listening on IPv6

    protocol nostr

    forward to <nostr_server> port 8080
}

Change example.com with your domain address.

And change <IPv4 address> and <IPv6 address> to your server's address(es) and comment one of the two listen options if needed.

Check the configuration with relayd -n, if it is OK, enable and start relayd (as root):

# rcctl enable relayd
# rcctl start relayd

Also read

- Relayd.Acceleration - TLS Acceleration with relayd