What is Nostr?
rodbishop / Rod
npub1r0d…fsft
2024-10-10 03:05:10

Nostr Addresses at Your Domain

Tldr

  • Nostr identities can be linked to a third-party service
  • You can set up that verification at your own domain, and
  • You can also set up your own Lightning Address at your own domain
  • These both require files in the .well-known directory on your domain
  • You can set these up together, quickly and for free, with Sveltekit and Vercel
  • Now I am identified and can receive payments with my username “rb” at my own domain “rodbishop.nz”

Getting .Well-Known

For your npub

The first step in setting up a Nostr profile is to get your keys. I wrote about it in this article, Mining Your Vanity Pubkey.

These keys represent your identity and are issued by you, not a third-party issuer. This is good for personal ownership, but creates an issue around identification.

If you have an ID issued by an issuer, I can ask the issuer to confirm that you are who you say you are. But with a Nostr npub, which has no issuer, how do I confirm that an npub which claims to be yours, is in fact yours?

Nostr allows you to link your npub to a username and to a third-party service of your choice to help in confirming that your npub is really yours (It is documented in NIP-05).

Normal users can use a service like nostrplebs.com and to set up a username very quickly and easily. However, it is also possible to set up your own identification that relates your username to your npub using any domain you own.

In my view having your username tied to your own domain is better branding, and more self-ownership, and so that’s what I’ll set up using my domain rodbishop.nz.

For your lightning address

Nostr has integrated payments which allow people to send you Bitcoin over the Lightning network the same way they would send you an email. I wrote about it in Setting up Payments on Nostr.

The path I took in setting up my lightning address was to use Alby, and with an Alby Account you automatically get a Lightning Address at getalby.com.

Normal users can use that Lightning Address just fine. However, it is also possible to set up your own Lightning Address which will forward payments to your Lightning Wallet using any domain you own.

Similar to with NIP-05, my view is having your Lightning Address tied to your own domain is better branding, and so again that’s what I’ll set up.

Both of these tasks use the .well-known folder on your web server.

Preparing .Well-Known with Sveltekit

There are many ways to do this. NVK published a very simple method using Github pages which is free and which you can read about on his blog.

For me, I will set up .well-known using Sveltekit and Vercel. I have been learning Sveltekit and Nostr together, thanks to fantastic tutorials by Jeff G on his Youtube.

Using Sveltekit and Vercel to set up Nostr NIP-05 and Lightning URLs on your own domain is easy and free.

Create a new project

To start, create a new Sveltekit project with NodeJS and Node Package Manager using the code documented on the Sveltekit website.

npm create svelte@latest my-app
cd my-app
npm install
npm run dev -- --open

Sveltekit contains many convenient short-cuts for web hosting, and one of them is the file structure. The structure contains an /src folder to contain javascript files to build complex applications, and a /static folder to contain other simple static files which need to be hosted at the domain. It is this /static folder you’ll be using for now.

NIP-05 identification with nostr.json

For your NIP-05 identification, you need to create the folder and file for /.well-known/nostr.json as follows–

static 
└── .well-known 
    └── nostr.json

In that file, you will use some JSON to link a username to a hex-format public key, which will enable Nostr apps to confirm that the username relates to the key. In my case, I create a link between the username “rb” and the public key formatted in hex format “1bda7e1…“–

{
   "names": {
   "rb": "1bda7e1f7396bda2d1ef99033da8fd2dc362810790df9be62f591038bb97c4d9"
   }
}

That’s it!

Lightning Address forwarding with lnurlp

For your Lightning Address, you need to create the folder and file for /.well-known/lnurlp/your-username as follows, replacing the “your-username” text with your username (in my case, “rb”) –

static 
└── .well-known 
    └── lnurlp
        └── your-username

In that file, you create a link between the username on your domain, and the provider of your Lightning service (in my case, Alby). Alby provides a helpful guide on how to do this, which you can read on the Alby site.

  • Visit the Alby page for your Lightning Address which Alby hosts
  • Copy that text across to the new file you have created

That’s it! These files are now ready and can be hosted anywhere.

Hosting .well-known with Vercel

I chose Vercel to host with because it was very easy to use, and provides all the hosting I need for free. To deploy, you first create a Github repository for my Sveltekit project, and then you set up Vercel to deploy every push by default.

At a high level –

  1. Set up a Github repository
  2. Push your project to Github
  3. Sign up for Vercel
  4. Link your Vercel to your Github, and Vercel will then show all your Git repositories
  5. Import your project from Github, and Vercel will deploy it to a Vercel.com domain

Once your project has deployed to Vercel, you will be given a deployment URL, and you can test to see that your static .well-known files are successfully online.

Now that the files are deployed, you need to link them to your domain. At a high level –

  1. Get your domain (buy one if you need to)
  2. In Vercel, navigate to your project’s settings and add your domain. Vercel will provide DNS records for you to add to your domain registrar
  3. In your domain’s DNS settings add those records as an A record to your root domain

Your .well-known files are now hosted in Vercel and pointed at your domain.

Setting up CORS in Vercel

You need to tell Vercel to allow third-party applications to access those files, by enabling CORS (“Cross-Origin Resource Sharing”). Vercel has good CORS documentation on their website.

To set this up, return to your project, and in the root folder create a new file named vercel.json. This file will tell Vercel to allow third-party applications to access your nostr.json file. Add the following to it

{
"headers": [
	{
		"source": "/.well-known/nostr.json",
		"headers": [
			{ "key": "Access-Control-Allow-Origin", "value": "*" },
			{ "key": "Access-Control-Allow-Methods", "value": "GET, OPTIONS" },
			{ "key": "Access-Control-Allow-Headers", "value": "Content-Type" }
		]
	}
]
}

Then–

  • Push to Github
  • Vercel will deploy the push automatically by default

That’s it. Your .well-known files are able to be reached by every Nostr app.

Testing it with your Nostr profile

Now that this is hosted at your domain, you can connect your Nostr profile. In any Nostr client, visit your profile page and edit, then update your NIP-05 and Lightning Address fields.

Once your client has refreshed, give it a test

  • Your NIP-05 identity should show a “success” type icon, rather than a “fail” type icon (what icons depends on the client you’re using, but think “green tick” rather than “red cross”)

  • Your Lightning Address should simply work–get someone to send you a payment to your new Address and it should go through successfully and appear in your wallet.

    Things I Did Wrong

Initially, my NIP-05 verification didn’t work. I had done two things wrong.

Wrong form of pubkey

The first mistake I made was in the NIP-05 nostr.json file I used the wrong format of public key. The public key that you mostly use in clients is your “npub” which starts with “npub1…” However, the public key this file needs is formatted in hex and starts with “1…”.

If you don’t have your hex formatted pubkey, you can use a site like https://nostrtool.com/ –enter your pubkey in npub format, and it will return it in hex format.

Redirects caused CORS issues

The second mistake was caused by a URL redirect. Your .well known files need to be served at the root of your domain, not at a www prefix (e.g. for me https://rodbishop.nz, not https://www.rodishop.nz). For this to work, you need to ensure that requests to your root domain aren’t redirected to www.

In Vercel domain configuration, you can configure your redirects. By default, it will redirect traffic to www, and this is wrong for our purposes. To correct it, visit your domain settings, click “Edit” and look for “Redirect to”. The correct setting is “No Redirect”.

The issue is caused because when applications go looking for your nostr.json, they need to receive a clean “Success” (200) response from your server prior to accessing the file. If you are redirecting to www, then the server gives a “Redirect” (300) response instead.

In case you think your CORS is failing, take a look at the server http response code to see if there is a redirect. I used as follows–

curl -X OPTIONS -i [https://rodbishop.nz/.well-known/nostr.json](https://rodbishop.nz/.well-known/nostr.json) \ -H "Origin: [https://anotherdomain.com](https://anotherdomain.com/)" \ -H "Access-Control-Request-Method: GET"
  • Initially the response was “HTTP/2 308” which means a redirect was in place (and so the process was failing)
  • Once I resolved the redirect issue at Vercel, the response was “HTTP/2 204” which means success, and from that point, Nostr apps recognised the NIP-05 successfully

What’s Next

Over the last three blogs I have

  • Mined a Nostr pubkey and backed up the mnemonic
  • Set up Nostr payments with a Lightning wallet plus all the bells and whistles
  • Set up NIP-05 and Lighting Address at my own domain

At this point I am up and running with a great Nostr profile and able to fully engage with the network.

But there are still many rabbit holes to explore. The next place I will explore deeply is running my own relay, and if I have some success I will be back to blog about it soon.

I’m looking forward to sharing what I learn as I explore what’s possible on Nostr.

Author Public Key
npub1r0d8u8mnj6769500nypnm28a9hpk9qg8jr0ehe30tygr3wuhcnvs4rfsft