schematic of how NWS works
nostr:note12vy8lmphxyfd7np7t503k8fzs3em2h6szfwad0fkgr6prjkjuhxsddyprj
Huge milestone: First demo of Nostr Web Services (NWS) bringing TCP to Nostr. With NWS, you can host any existing web application on Nostr without having to use DNS or even announce your public IP to the world, simply by sharing your service's npub (or nprofile).
Try it out the demo yourself. Here is a Cashu test mint running with NWS. Let's use curl to retrieve the mint's information. The request travels from your computer to the public NWS entry relay, then through nostr to the service's NWS exit relay. At the other end is a Cashu mint with HTTPS encryption.
```
curl -s -x socks5h://relay.8333.space:8882 https://nprofile1qqs8a8nk09fhrxylcd42haz8ev4cprhnk5egntvs0whafvaaxpk8plgpzemhxue69uhhyetvv9ujuwpnxvejuumsv93k2g6k9kr/v1/info --insecure | jq
```
I can't stress this enough: THE MINT RUNS BEHIND HTTPS!
The NWS entry relay can't read your traffic. It's encrypted. We can host public entry relays that can be used by anyone.
This means we can plug the entire internet to it 🌐.
Let's plug it into Cashu for now. Nutshell wallet supports socks5 proxies (that's how it uses Tor). By setting the public entry relay as the proxy, the wallet can now connect to a mint's npub/nprofile and communicate with it via NWS.
This is going to be so freaking cool. And it's going to be a lot more useful than just for Cashu. There are still bugs and issues that need to be ironed out but the code is coming out soon. Watch this space.
Discussion
this looks more like nostor to me. 🤔
more anon relays will be needed.
i am happy to serve until lawyer headaches start 🫡
can i pay lawyers with cashu? 😂
This isn't great for privacy. Tor is much better and safer.
What's cool about this is that you can host web applications without a domain or public IP and the fact that clients can use this without additional software if they can talk to nostr, or a simple socks5 proxy if they can't.
maybe i should run relays behind nws 😂
Right… with blossom, tho, it’s possible to have static data replicated, tho, right? Doesn’t help with anonymity per se, but does make the data anti-fragile.
So if the data in question was executable code - a script maybe - and then paired with a similarly distributed database (like SQLite)… you could have the beginnings of a distributed app. The database just needs to be filled with CRDTs that can be merged however…
Yeah… if I’m understanding this correctly, you could use this as an address scheme to a distributed app.
I’m not this smart enough to understand this, please excuse the silly question.
What is the benefit of implementing this?
You can host a website or some other low-bandwith service and make it reachable with an npub instead of an IP or DNS.
So a device on a network can be found through an npub instead of an IP?
What’s the difference? Isn’t an IP just an arbitrary number anyway?
I still don’t think I understand the benefit. Especially since the goal of a key pair is to sign things with the secret key. Are these devices signing data they transmit?
👀
Interesting. So NWS is kind a Node ‘intermediary’?
I don't fully uderstand the part on the middle of the scheme with those nostr relays, does that mean that each traffic/packet coming from the proxy is "encapsulated" into nostr events that are then read by NWS exit nodes?
So basically we have HTTPS traffic into nostr events and then back to HTTPS traffic again?
Yes, but it’s on TCP level so any (encrypted) protocol could run over it, not just HTTPS.
would caddy/apache/nginx be the reverse proxy in this diagram or would the NWS exit node have the reverse proxy built into it?
yes, a reverse proxy like that can be the "some service" in this diagram and terminate https and pass over to an http backend. that's what's happening in the demo with the mint.
there is still the issue of the SNI which needs to be overwritten by the exit node for backends like caddy to accept them. some reverse proxies seem to be fine with it, others aren't.
that schematic is a work of art
can someone compare the architecture diagrams of NWS and Tor?
nostr:note1y50wdh3jvcgwv2r43fwvx5z5lj0ysx5lz5t05rgjzzuswfjujjxs4zpdnl
🤙🤙🤙
For anyone looking for a comparison to TOR, as far as I understand it:
It’s comparable to the TOR hidden services that can be reached by onion addresses. Here we have the nostr npub to address a service.
Since both entry and exit node only connect to relays, they are the only part that needs to be publicly reachable. Services can run behind firewalls on machines that are not reachable from the outside.
But it’s not like TOR in term of being an anonymous browsing tool for any website. It’s (currently) only for exposing a single service in a censorship resistant way.
At the end bitcoiners will end up laying down intercontinental internet submarine cables, satellite systems and what not. Internet is centralized from the infrastructure layer and Google, Facebook, Amazon, Microsoft and the likes will use their power to surveil, censor and abstract more power.
Better to make relays dns/directory for nip19 rather than proxies to http.
nostr:note1uk728fkpgt8qqe2a9gylc9af5e4kjkyr05f3c04zpv8jgzwu9s6qpks74v
So simple, love it. Thank you for your work 🤙🫡
nostr:npub1h0uj825jgcr9lzxyp37ehasuenq070707pj63je07n8mkcsg3u0qnsrwx8 client can connect to serve with npub address, not dissclose the IP
You are truly one creative individual
🔥🔥🔥