Censorship-resistant podcast. Bookmark our alternative access methods in case this domain goes down.

Revolution Now

Nostr Relay Setup Guide

This guide walks through setting up strfry — a fast, lightweight Nostr relay — on a Linux server with a domain name and TLS certificate.

On This Page

  1. 1. Prerequisites
  2. 2. Install strfry
  3. 3. Configure the Relay
  4. 4. Nginx Reverse Proxy + TLS
  5. 5. Systemd Service
  6. 6. Whitelist Rev Now's Pubkey
  7. 7. Test Your Relay
  8. 8. Monitoring & Maintenance

1. Prerequisites

  • A Linux server (Ubuntu 22.04+ or Debian 12+ recommended)
  • A domain name pointed at your server's IP (e.g. relay.yourdomain.com)
  • SSH access with sudo privileges
  • Ports 80 and 443 open in your firewall

💡 Tip

Budget VPS providers like Hetzner, BuyVM, or 1984 Hosting offer suitable servers for $3–5/month. Avoid providers known for censoring content.

2. Install strfry

Terminal
# Install build dependencies
sudo apt update
sudo apt install -y git build-essential cmake libssl-dev zlib1g-dev \
  liblmdb-dev libflatbuffers-dev libsecp256k1-dev

# Clone strfry
git clone https://github.com/hoytech/strfry.git
cd strfry

# Build
git submodule update --init
make setup-golpe
make -j$(nproc)

# Install
sudo cp strfry /usr/local/bin/
sudo mkdir -p /etc/strfry
sudo cp strfry.conf /etc/strfry/

3. Configure the Relay

/etc/strfry/strfry.conf (key settings)
# Database location
db = "/var/lib/strfry/data/"

# Bind to localhost (nginx will proxy)
relay {
    bind = "127.0.0.1"
    port = 7777

    info {
        name = "Rev Now Community Relay"
        description = "A relay supporting censorship-resistant media"
        contact = "admin@yourdomain.com"
    }
}

# Event limits
relay {
    maxWebsocketPayloadSize = 131072   # 128 KB
    maxFilterLimit = 500
}
Terminal
# Create data directory
sudo mkdir -p /var/lib/strfry/data
sudo chown -R nobody:nogroup /var/lib/strfry

4. Nginx Reverse Proxy + TLS

Terminal
# Install nginx and certbot
sudo apt install -y nginx certbot python3-certbot-nginx

# Get TLS certificate
sudo certbot --nginx -d relay.yourdomain.com
/etc/nginx/sites-available/nostr-relay
upstream strfry_backend {
    server 127.0.0.1:7777;
}

server {
    listen 443 ssl http2;
    server_name relay.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/relay.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/relay.yourdomain.com/privkey.pem;

    location / {
        proxy_pass http://strfry_backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_read_timeout 86400s;
        proxy_send_timeout 86400s;
    }
}

server {
    listen 80;
    server_name relay.yourdomain.com;
    return 301 https://$host$request_uri;
}
Terminal
sudo ln -s /etc/nginx/sites-available/nostr-relay /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

5. Systemd Service

/etc/systemd/system/strfry.service
[Unit]
Description=strfry Nostr Relay
After=network.target

[Service]
Type=simple
User=nobody
ExecStart=/usr/local/bin/strfry relay
WorkingDirectory=/etc/strfry
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
Terminal
sudo systemctl daemon-reload
sudo systemctl enable strfry
sudo systemctl start strfry

# Check it's running
sudo systemctl status strfry

6. Whitelist Rev Now's Pubkey

If you're running a community relay (not a public relay), you can restrict which pubkeys can publish to your relay. strfry supports write policy plugins:

/etc/strfry/write-policy.sh
#!/bin/bash
# Simple write policy: allow only whitelisted pubkeys
# Rev Now's hex pubkey (convert npub to hex at nostr.com/tools)
ALLOWED_PUBKEYS=(
  "YOUR_HEX_PUBKEY_HERE"
  # Add more pubkeys as needed
)

# Read event JSON from stdin
EVENT=$(cat)
PUBKEY=$(echo "$EVENT" | jq -r '.event.pubkey')

for pk in "${ALLOWED_PUBKEYS[@]}"; do
  if [ "$PUBKEY" = "$pk" ]; then
    echo '{"action":"accept"}'
    exit 0
  fi
done

echo '{"action":"reject","msg":"Not on whitelist"}'

Find Rev Now's npub on our Access page. Convert it to hex format using a tool like nostr.com/tools ↗.

7. Test Your Relay

Terminal
# Test WebSocket connection
websocat wss://relay.yourdomain.com

# Or use wscat (Node.js)
npx wscat -c wss://relay.yourdomain.com

# Send a REQ to test
# Type this into the WebSocket connection:
["REQ","test",{"limit":5}]

# You should see EOSE (end of stored events):
["EOSE","test"]

You can also test from browser-based tools:

8. Monitoring & Maintenance

Terminal
# Check logs
sudo journalctl -u strfry -f

# Check database size
du -sh /var/lib/strfry/data/

# Check connected clients
ss -tnp | grep :7777 | wc -l

# Update strfry
cd ~/strfry
git pull
make -j$(nproc)
sudo cp strfry /usr/local/bin/
sudo systemctl restart strfry

⚠ Warning

Back up your relay database regularly. A corrupt LMDB database can lose all stored events. Use strfry export to dump events to a JSON Lines file for backup.

Nostr Troubleshooting

WebSocket errors, TLS issues, event rejection, relay sync →

← Back to Overview

Relay types, software options, connecting to Rev Now