Ok, last night I read more about PKDNS and found out that you have to publish your DNS entries at intervals because the MAINLINE DHT also deletes the entries in the hash table at intervals. That's why you have to run a service that constantly republishes the DNS zone.
./pkdns-cli publish seed.txt dns.zone
Packet xiqz1bc7xmiw9kz8n8j6epbwnww59nibd9f7175cwd1jz6kmcdko
@ A 144.76.70.79
Announce every 60min. Stop with Ctrl-C...
2024-11-02 17:38:53.291982645 +01:00 Successfully announced.
A beautiful day in the alps.
Thanks to nostr:nprofile1qqsqx84rqcvglmnrr2r0rg8ynnhg70tzty4ju7l9lr430z8ryldngzspzemhxue69uhkummnw3ezuun9d3skjtnpwpcz7h8dsdf for the amazing donation made straight to all Amethyst devs via the Zap the Devs button. #Value4value works.
Plebs together strong 💪
But easy to read, I don't think that's the aim of the whole thing. It comes from the Normie world. As a first step, getting full control over DNS resolution detached from ICANN is a powerful step.
We would have to ask the developer and follow the development on Github.
I can imagine that pubkeys can be mined, just like npubs. With prefixes or postfixes.
The project seems to be very, very fresh and I'm curious to see what else will be added.
I hear you, but for me, the cost of maintaining self-custody is a small price to pay for true freedom. Depending on third parties for control over your assets is essentially sacrificing freedom for convenience.
I take the liberty of saying these thoughts out loud again and again, as it could be important for others who think like me and need to know about this fact.
nostr:nprofile1qqsfxrxw7y3h9hf0zczhelz57rdajse4mz63kn38xu3kkqx2kuv0ekgpz3mhxue69uhhyetvv9ujuerpd46hxtnfduq3vamnwvaz7tmzd96xxmmfdejhytnnda3kjctvqyvhwumn8ghj7erpwd5zumt0vd4kjmn809hh2tnrdaksrej4w0 is here on Nostr. Please support him with zaps. I am just a user of his work.
Zaps on this note will go 100% to nostr:nprofile1qqsfxrxw7y3h9hf0zczhelz57rdajse4mz63kn38xu3kkqx2kuv0ekgpz3mhxue69uhhyetvv9ujuerpd46hxtnfduq3vamnwvaz7tmzd96xxmmfdejhytnnda3kjctvqyvhwumn8ghj7erpwd5zumt0vd4kjmn809hh2tnrdaksrej4w0
ws://xiqz1bc7xmiw9kz8n8j6epbwnww59nibd9f7175cwd1jz6kmcdko/
https://github.com/pubky/pkdns
You can now reach my WOT-Relay with PKDNS. FUCK ICANN!
nostr:nprofile1qqsfxrxw7y3h9hf0zczhelz57rdajse4mz63kn38xu3kkqx2kuv0ekgpz3mhxue69uhhyetvv9ujuerpd46hxtnfduq3vamnwvaz7tmzd96xxmmfdejhytnnda3kjctvqyvhwumn8ghj7erpwd5zumt0vd4kjmn809hh2tnrdaksrej4w0 is here on Nostr. Please support him with zaps. I am just a user of his work.
Zaps on this note will go 100% to nostr:nprofile1qqsfxrxw7y3h9hf0zczhelz57rdajse4mz63kn38xu3kkqx2kuv0ekgpz3mhxue69uhhyetvv9ujuerpd46hxtnfduq3vamnwvaz7tmzd96xxmmfdejhytnnda3kjctvqyvhwumn8ghj7erpwd5zumt0vd4kjmn809hh2tnrdaksrej4w0
If your container opens a port to the outside, then you can use an Nginx proxy to serve this port from 127.0.0.1 on a domain.
In this example here, a Haven relay is running on port 3355 in a Docker container. The port is exposed to the outside. My Nginx server then serves this port with SSL and a domain.
location / {
proxy_pass http://127.0.0.1:3355;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
Let me get a full example.....
Full example (with Letsencypt SSL cert) of my hosted Haven relay:
server {
http2 on;
listen 443 ssl;
listen [::]:443 ssl;
server_name h.codingarena.top;
server_tokens off;
root /home/user/h.codingarena.top;
ssl_certificate /etc/nginx/ssl/h.codingarena.top/xxx/server.crt;
ssl_certificate_key /etc/nginx/ssl/h.codingarena.top/xxx/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/dhparams.pem;
index index.html index.htm index.php;
charset utf-8;
location / {
proxy_pass http://127.0.0.1:3355;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/h.codingarena.top-error.log error;
error_page 404 /index.php;
location ~ /\.(?!well-known).* {
deny all;
}
}
If your container opens a port to the outside, then you can use an Nginx proxy to serve this port from 127.0.0.1 on a domain.
In this example here, a Haven relay is running on port 3355 in a Docker container. The port is exposed to the outside. My Nginx server then serves this port with SSL and a domain.
location / {
proxy_pass http://127.0.0.1:3355;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
Let me get a full example.....
Well, sometimes the zap goes through. Sometimes not. My channel to WoS ist stable and balanced. Something is wrong :-D
SSL/TLS is not yet possible. But the developer seems to be working on it.
With just one CLI command, I created a SEED and then pushed a dns.zone file.
If SSL were still possible, that would be awesome.
ws://xiqz1bc7xmiw9kz8n8j6epbwnww59nibd9f7175cwd1jz6kmcdko/
https://github.com/pubky/pkdns
You can now reach my WOT-Relay with PKDNS. FUCK ICANN!
wow, direkt ausprobieren...
It’s a CORS issue. It’s already fixed in Khatru, but I haven’t had time to update Haven yet. I also want to clean up my changes and add caching to these CORS headers directly in khatru. If nostr:npub1utx00neqgqln72j22kej3ux7803c2k986henvvha4thuwfkper4s7r50e8
doesn’t get to it first, I’ll try to update Haven this weekend. For now, you can enforce the CORS headers in Nginx at the location level (see below). However, I don’t recommend this from a security perspective.
https://haven.accioly.social/7b1004156efc88dd8b1125a3aa50b08cdc4e6b0d0ee68c34e05d2dd80d8b266f.svg
With CORS headers in place, Cloudflare works smoothly on top of Nginx/Docker. Just be careful not to serve videos through Cloudflare as it’s against their ToS. I’ve been there before with my personal Mastodon instance and migrating media to a proper CDN wasn't one of my top 10 favourite activities.
CC: nostr:npub1pt0kw36ue3w2g4haxq3wgm6a2fhtptmzsjlc2j2vphtcgle72qesgpjyc6 , nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr
Ok, but a daft question, shouldn't the backend itself make CORS headers configurable? nostr:npub1utx00neqgqln72j22kej3ux7803c2k986henvvha4thuwfkper4s7r50e8
In my repo, I don't even want to install Nginx proxies, because every server operator should be able to configure and start those proxies themselves.
Of course it works with the header-configs from nostr:npub1a6we08n7zsv2na689whc9hykpq4q6sj3kaauk9c2dm8vj0adlajq7w0tyc, but it doesn't look great to open it at location level.
But I can see from the comments that we are apparently working on Haven. Super cool.
Yes, thanks, I was misguided by that PATH and thought I had to use /blossom. In fact, I also have the CORS errors. Let's see the changes.
You can give people the best tools, but if they don't want to use them, that's not our problem. Everyone is free to play in their own sandbox or not.
Ethereum users are like people who, despite bugs and microtransactions, still play the latest Ubisoft release because they are hoping for the next patch. With indie games like Bitcoin, it's more about the game concept and not the fancy graphics - here you have freedom and a clear vision.
I think my VPN IP was blocked yesterday or throttled :-D Today it was faster with mod download.
The image now has only 17 MB 🫂🫂🫂
But I tried the blossom server with it: https://blossom.hzrd149.com/
nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr This service does not support Blossom Servers with a "/path" like "/blossom" right. It cuts the path.
Haven Blossom server is reachable over the path "/blossom".