Deploy floonet-strfry
Summary. floonet-strfry is stock strfry at a pinned upstream ref plus a Floonet spec laid on top: the write-policy plugin, the bundled name authority, and a TLS proxy, shipped as one unit. Three deploy paths, easiest first.
1. Docker Compose (recommended)
One command brings up the whole unit: relay, name authority, and reverse proxy with automatic TLS.
git clone <floonet-strfry repo>
cd floonet-strfry
cp .env.example .env # edit: your domain, contact, and (optionally) prices
docker compose up -d
The .env file is the only thing you edit. Containers run non-root with a read-only filesystem except the data volume, and the upstream strfry ref is pinned so you always build a known tree.
Verify it is up:
curl -H 'Accept: application/nostr+json' https://relay.yourdomain/ # NIP-11
curl https://relay.yourdomain/api/v1/health # name authority
2. apply-spec (build strfry yourself, add the Floonet layer)
If you already run strfry or want it on bare metal, deploy/strfry/apply-spec.sh builds stock strfry at the pinned ref and lays the Floonet conf, plugin, and name authority on top:
./deploy/strfry/apply-spec.sh
strfry core stays stock; the spec only adds config and the plugin. This is the “stock + spec” pattern: upgrades track upstream strfry directly.
3. From source
Build strfry per its upstream docs (make setup-golpe && make), then:
- Install
strfry.conffromdeploy/strfry/strfry.conf(see Configuration). - Install the write-policy plugin and point
relay.writePolicy.pluginat it. - Run the bundled name authority (its own small service with its own SQLite; see The bundled name authority).
- Front both with a TLS reverse proxy that forwards
X-Real-IP(see Hardening).
After deploying
- Confirm the whitelist: publish an allowed kind (it persists) and a kind
1note (it is dropped). This is the primary acceptance test. - Check the NIP-11 document reads as a neutral Floonet relay with no payment wording.
- Add the relay to your wallet and send yourself a payment end to end.