WWW.AUSTRICH.NET

Self-custodial Zaps with nostdress

This page provides notes on setting up self-custodial zaps using the nostdress fork by believethehype (https://github.com/believethehype/nostdress).

Pre-requisites

  • Lightning Node running and tested
  • Server with OS installed to run nostdress. A Raspberry Pi 4 running the 64-bit Rasperry Pi OS Lite was used however the instructions should work for other Debian or Ubuntu Linux systems.
  • A free Cloudflare account and a domain name to be used for the Lightning address set up in Cloudflare. Note that this guide doesn’t fully cover the Cloudflare set up.

Diagram

The following diagram provides an overview of the setup.

Installing Nostdress

Install Go

sudo apt install snapd

sudo reboot

sudo snap install core

sudo snap install go --classic

Install Nostdress

Create a user for nostdress

sudo adduser --gecos "" --disabled-password nostdress

Become the nostdress user

sudo su - nostdress

Download nostdress from the Git repository

git clone https://github.com/believethehype/nostdress.git

Build nostdress

cd nostdress

go build

Configure Nostdress

Generate a new Nostr key-pair to be used for signing ZAP events. This should be a separate key pair to the one you use for Nostr.

Copy the .env.example file to .env and edit the .env file

cp .env.example .env

vi .env

Replace the sections in <> to match your configuration

HOST="0.0.0.0"
PORT=17423
DOMAIN="<yourdomain.org - domain configured in Cloudflare for receiving zaps>"
SECRET="69420"
SITE_OWNER_NAME="<yourname>"
SITE_OWNER_URL="<http://yourdomain.org>"
SITE_NAME="<yourname>"
NOSTR_PRIVATE_KEY="<new Nostr private key, nsec format"
FORWARD_URL="/somepageyouwanttoshowdontuseoptionifnone"
NIP05=true
GET_NOSTR_PROFILE=false
LND_PRIVATE_ONLY=false
DB_DIR="./"
RELAYS="wss://nostr.mutinywallet.com,wss://relay.nostrgraph.net,wss://blastr.f7z.xyz,wss://relay.damus.io/,wss://relay.utxo.one,wss://relay.nostr.ch,wss://eden.nostr.land,wss://nostr.btcmp.com,wss://nostr.relayer.se,wss://relay.current.fyi,wss://nos.lol,wss://nostr.mom,wss://relay.nostr.info,wss://nostr.zebedee.cloud,wss://nostr-pub.wellorder.net,wss://relay.snort.social/,wss://nostr.oxtr.dev/,wss://nostr.fmt.wiz.biz/,wss://brb.io"

Manually run nostdress to ensure no errors are seen

./nostdress

Press ctrl-c to exit.

Create a systemd unit file to run nostdress

sudo vi /etc/systemd/system/nostdress.service

Add the following configuration to the file

[Unit]
Description=nostdress
After=network.target

[Service]
WorkingDirectory=/home/nostdress/nostdress
ExecStart=/home/nostdress/nostdress/nostdress
KillSignal=SIGINT

Type=simple
Restart=always
RestartSec=30
TimeoutSec=240

User=nostdress

[Install]
WantedBy=multi-user.target

Enable and start nostdress

sudo systemctl enable nostdress

sudo systemctl start nostdress

Install Cloudflared

curl -L https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-archive-keyring.gpg >/dev/null

echo "deb [signed-by=/usr/share/keyrings/cloudflare-archive-keyring.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflared.list

sudo apt update

sudo apt install cloudflared

Establish the Cloudflare tunnel connection

cloudflared tunnel login

Follow the instructions to retrieve the certificate from Cloudflare.

Create the tunnel in the Cloudflare Zero Trust dashboard:

Cloudflared is already installed so copy and paste the section of code highlighted in Red

Check that the status of the channel shows as “Healthy” in the Zero Trust dashboard.

Add a “Public Hostname” to send traffic to nostdress running on your server (127.0.0.1 port 17423 by default)

You should now be able to access the page to set up the Lightning address and connection to the Lightning node at https://yourdomain.org/lnaddress.

Enter the username that you wish to use and the connection details for the Lightning node. The IP address should be the internal IP address of your Lightning node, port 8080. Enter your Nostr public key if you wish to receive DMs for zaps.

Submit the changes, and if successful a test invoice will be generated.

Create a new WAF (Web Application Firewall) rule in Cloudflare to block URLs that shouldn’t be accessible publicly with the following expression and action set to “Block”

(http.request.uri.path contains "/lnaddress") or (http.request.uri.path contains "/claim") or (http.request.uri.path contains "/api") or (http.request.uri.path contains "/grab")

Verify that https://yourdomain.org/lnaddress is now blocked.

Change your Nostr Lighting address and test to confirm that zaps are working correctly!