I love the idea of nostr:npub126ntw5mnermmj0znhjhgdk8lh2af72sm8qfzq48umdlnhaj9kuns3le9ll, however thought of it as "mostly" useless to average individuals who aren't looking to tor everything.

While the new version is in developement to enable https external access to services using your domain, I found out a hack on how to do this in the meantime

Credit to remcoros on the nostr:npub126ntw5mnermmj0znhjhgdk8lh2af72sm8qfzq48umdlnhaj9kuns3le9ll for the original guide. Hopefully I made it a little more understandable to dumbos like me 😉

As a prerequisite, you'll need to know Caddy reverse proxy (or use another, but Caddy simplifies cert stuff for me), and you'll need to know basic CLI, like how to navigate the filesystem, and create/save a text file.

This example uses the FreeGPT service but I've tested with nostr:npub1wyuh3scfgzqmxn709a2fzuemps389rxnk7nfgege6s847zze3tuqfl87ez, and nostr-rs-relay.

## Enable external access+HTTPS

1. pick a port and subdomain. add the entry to Caddy for automatic certificate/ssl reverse proxy:

```

https://subdomain.domain.com:443 {

header Strict-Transport-Security max-age=31536000;

reverse_proxy 192.168.1.111:50002

}

```

2. Install the service from start9 marketplace or sideload.

3. Go to the services management page and go to the Wrapper Repository URL listed there.

4. Arriving in Github, look for the file `scripts/procedures/healthChecks.ts`

1. possibly line 4? You should see a line: `"web-ui": healthUtil.checkWebUrl("http://free-gpt.embassy:8080")`, the part you need is `free-gpt.embassy:8080` which is the service and port it's listening on.

5. Now SSH into the Start9 server and switch to the root user with `sudo -i`.

6. Switch to the "chrooted" environment with `/usr/lib/startos/scripts/chroot-and-upgrade`. You should see a bit of syncing.

7. Create and open your service file `vim /lib/systemd/system/socat.freegpt.service` and give it a sensible name.

8. Paste the below text and:

1. Modify the description

2. Modify the port number after "tcp-l" to match the port you chose in your CaddyFile.

3. Modify the text "free-gpt.embassy:8080" to match the text for your service found from Github.

```

bash

[Unit]

Description=socat electrs forward

Wants=podman.service

After=podman.service

[Service]

Type=simple

Restart=always

RestartSec=3

ExecStartPre=/bin/bash -c "/bin/systemctl set-environment IP=$(ip route | grep default | awk '{print $9}')"

ExecStart=/usr/bin/socat tcp-l:50002,fork,reuseaddr,su=nobody,bind=${IP} tcp:free-gpt.embassy:8080

[Install]

WantedBy=multi-user.target

```

9. Save and quit.

10. Start your service with `systemctl enable socat.freegpt` or whichever service name you chose. That's the file name you created earlier.

11. exit the "chrooted" environment with `exit`.

12. That's it! if all's well you may reach your site on the clear-net with your domain.