Avatar
Seth For Privacy 2y ago

If you haven't yet done NIP-05 identity verification, no need to jump on solutions that do it for you.

I've put together the simplest possible self-hosted NIP-05 verification setup I can think of. Just get the cheapest VPS you can, clone the repo, edit 2 files slightly, and run one command and you'll have an always-on, always up-to-date, properly certified NIP-05 identity endpoint:

https://github.com/sethforprivacy/easy-nip5

Detailed steps are all in the readme at the above repo.

Feedback welcome!

Reply to this note

Please Login to reply.

Discussion

Avatar
Enki 2y ago

Go host your own NIP05.

#[0]

Avatar
MainStreetChungus 2y ago

Here’s how I DIY’d my own NIP-05

https://mainstreetchungus.com/nostr-nip-05-verification/

Avatar
SatoshiSamurai 2y ago

Nice walkthrough for those not technical. 👍🏻

Avatar
Seth For Privacy 2y ago

If you're outsourcing your NIP-05 identity to a third party service, you're entirely trusting them with validation and expose yourself to someone impersonating you.

This setup makes it dead simple and a one-time setup, it will maintain itself after that.

If you create new accounts just add on to nostr.json and profit!

Avatar
4c648e19... 2y ago

This way, you're still trusting your VPS provider.

Avatar
Seth For Privacy 2y ago

Yes, but it’s a lower risk, much less likely to get targeted (you’re just one of thousands of VPSs, instead of known to be using Nostr/NIP-05), etc.

Overall a better set of tradeoffs from a trust perspective.

Avatar
Jonas 2y ago

Is the CORS header set by default?

Access-Control-Allow-Origin: *

Avatar
Seth For Privacy 2y ago

It's set in one of the labels for the nip05 container, and handled by Traefik.

It's exactly what I run :)

Avatar
finch ☦️ 2y ago

Can you update the guide so that instead of the NIP-05 verification being in the format of name@domain.com, it's just domain.com?

Orange Surf did it in his guide here: https://orange.surf/nip05-with-ghost/

Avatar
Seth For Privacy 2y ago

I personally don't prefer that approach, but will add a note that it can be done to the readme :)

Avatar
Seth For Privacy 2y ago

Updated with a note on that! Thanks for the call-out, didn't actually realize that was possible!

Avatar
finch ☦️ 2y ago

Thanks Seth! Nice write up!

Avatar
Ryan 2y ago

Thanks, Seth

fc
stranger 2y ago

Nice writeup Seth! And for single-container setup you can use Caddy. It has automatic TLS too :)

Avatar
Seth For Privacy 2y ago

Caddy could serve the single nostr.json file itself as well?

fc
stranger 2y ago

Yes. file_server functionality

Avatar
Seth For Privacy 2y ago

Will have to dig in and test that, thanks! Would be much cleaner :)

fc
stranger 2y ago

This is my setup basically. CORS can be done better (maybe with some integrated directive) I guess. But Caddy’s documentation can be a bit chaotic :D

{

email redacted

}

hex737472616e676572.net {

root * /static

file_server

header {

Access-Control-Allow-Origin *

Access-Control-Allow-Credentials true

Access-Control-Allow-Methods *

Access-Control-Allow-Headers *

}

}

Avatar
QnA 2y ago

Top notch sir!

Avatar
Fabio 2y ago

Great work! Zapped you some : )