docs: update home, server, relay, and donate pages, add relay impleme…

…ntation pages, and remove metatdata from images (#1)

.github/FUNDING.yml

@@ -1,4 +1,3 @@
 # These are supported funding model platforms
-
 github: [christianchiarulli, jchiarulli]
 patreon: chrisatmachine

README.md

@@ -26,10 +26,10 @@ You'll learn how to:
 
 - Set up remote access using SSH
 
-- Configure nginx
-
 - Set up a firewall
 
+- Configure Nginx
+
 - Obtain and set up an SSL/TLS certificate
 
 - Build the relay software

docs/contact.md

@@ -0,0 +1,39 @@
+# Contact
+
+## NODE-TEC
+
+🦩 npub:
+
+```bash
+npub1809mpa7748df7kext899m2yatetky9w78zz72x7jgaxarvxyfvtqwvfpz8
+```
+
+📧 Email:
+
+[[email protected]](mailto:[email protected] "[email protected]")
+
+🔐 PGP Fingerprint:
+
+```bash
+04BD 8C20 598F A5FD DE19 BECD 8F24 69F7 1314 FAD7
+```
+
+## Developers
+
+🦩 Chris' npub:
+
+```bash
+npub1ygzj9skr9val9yqxkf67yf9jshtyhvvl0x76jp5er09nsc0p3j6qr260k2
+```
+
+🦩 J's npub:
+
+```bash
+npub1zn559gr2vwyex2s2mt2s7x5r5ryjeyy0zwy2zx3ckp6ktwpe4p4spgt84e
+```
+
+🦩 Nick's npub:
+
+```bash
+npub1te6nugpy7utp9ls620awmj5zw0nedwhh3rjj2gx6vnzms2rvz5jq9kkh4n
+```

docs/donate/index.md

@@ -1,20 +1,19 @@
 # Donate Bitcoin
 
-If you find this guide helpful, please consider donating some sats. Your support is greatly appreciated.
+If you find these guides helpful, please consider donating some sats. Your support is greatly appreciated.
 
-- **Zap me on nostr:**
+- **Zap me on Nostr:**
 
-```
+```bash
 npub1ygzj9skr9val9yqxkf67yf9jshtyhvvl0x76jp5er09nsc0p3j6qr260k2
 ```
 
 - **Bitcoin:**
 
-```
+```bash
 bc1q6hqtxr5hnhu9asze30a8w02g65nztlw8y27p7q
 ```
 
 - **Lightning:**
 
-[Tip with lightning](https://getalby.com/p/chrisatmachine)
-
+[Tip with Lightning](https://getalby.com/p/chrisatmachine)

docs/faq.md

@@ -1,7 +1,3 @@
-Ask me questions on nostr and maybe I'll answer them here.
+# FAQ
 
-pubkey: 
-
-```
-npub1ygzj9skr9val9yqxkf67yf9jshtyhvvl0x76jp5er09nsc0p3j6qr260k2
-```
+If your question wasn't answered here, reach out to us on [Nostr](https://nostr.com "Nostr"). We'll update this page with the answers.

docs/implementations.md

@@ -1,13 +1,21 @@
 # Relay Implementations
 
-There are many different relay implementations available. For this guide we'll be using [nostr-rs-relay](https://github.com/scsibug/nostr-rs-relay).
+There are many different relay implementations available. This guide will demonstrate how to set up multiple implementations. The implementation you choose depends on your use case.
 
-Here are some other implementations:
+Implementations:
 
-- [nostream](https://github.com/Cameri/nostream)
+- [Khatru Pyramid](https://github.com/github-tijlxyz/khatru-pyramid/tree/main "Khatru Pyramid")
 
-- [strfry](https://github.com/hoytech/strfry)
+- [Nostream](https://github.com/Cameri/nostream "Nostream")
 
-After following this guide you should have enough knowledge to setup any of these implementations.
+- [nostr-rs-relay](https://github.com/scsibug/nostr-rs-relay/tree/master "nostr-rs-relay")
 
+- [strfry](https://github.com/hoytech/strfry/tree/master "strfry")
 
+- [WoT Relay](https://github.com/bitvora/wot-relay/tree/master "WoT Relay")
+
+- [relay29 Khatru29](https://github.com/fiatjaf/relay29/tree/v0.4.0/examples/groups.fiatjaf.com "relay29 Khatru29")
+
+- [relay29 strfry29](https://github.com/fiatjaf/relay29/tree/v0.4.0/strfry29 "relay29 strfry29")
+
+After following this guide, you should have enough knowledge to setup any of these implementations.

docs/index.md

@@ -1,11 +1,37 @@
 # Relay Runner
 
-This site will help you setup a relay for personal or public use. Relays are servers that transmit notes and other stuff to clients on the [nostr](https://nostr.com/) network and may (or may not) store them as well.
+This site will help you setup a relay for personal or public use. Relays are servers that transmit notes and other stuff to clients on the [Nostr](https://nostr.com/ "Nostr") network and may (or may not) store them as well.
 
-## Why run a personal relay?
+## Why Run a Personal Relay?
 
 Running a personal relay is a great way to keep your notes and other data under your control. You can use it as an archive for all of your data or maybe as a dedicated relay for a personal website.
 
-## Why run a public relay?
+## Why Run a Public Relay?
 
-Running a public relay is a great way to decentralize and help the nostr network grow. You also have the option to monetize your relay by charging clients for access.
+Running a public relay is a great way to decentralize and help the Nostr network grow. You also have the option to monetize your relay by charging clients for access.
+
+## What You'll Learn
+
+The guides will walk you through the process of setting up various relay implementations from scratch.
+
+You'll learn how to:
+
+- Get a server
+
+- Get a domain name
+
+- Set up remote access using SSH
+
+- Set up a firewall
+
+- Configure Nginx
+
+- Obtain and set up an SSL/TLS certificate
+
+- Build the relay software
+
+- Install the relay software
+
+- Configure your relay
+
+- Set up a systemd service for your relay

docs/relay/khatru-pyramid.md

@@ -0,0 +1 @@
+# Khatru Pyramid

docs/relay/khatru-pyramid/configuration.md

@@ -0,0 +1 @@
+# Configuration

docs/relay/khatru-pyramid/install.md

@@ -0,0 +1 @@
+# Install

docs/relay/khatru-pyramid/service.md

@@ -0,0 +1 @@
+# Service

docs/relay/khatru-pyramid/test.md

@@ -0,0 +1 @@
+# Test your Relay

docs/relay/nostr-rs-relay.md

@@ -0,0 +1 @@
+# nostr-rs-relay

docs/relay/config.md → docs/relay/nostr-rs-relay/configuration.md

@@ -1,7 +1,5 @@
 # Configuration
 
-Update the `nostr-rs-relay` config file with your information and preferences:
-
 ```bash
 mkdir /etc/nostr-rs-relay
 cd /etc/nostr-rs-relay
@@ -26,7 +24,7 @@ Here are some important settings:
 
 - `data_directory` - The directory where your relay will store data. We'll set this to `/var/lib/nostr-rs-relay/data`.
 
-- `max_conn` - Maximum number of SQLite reader connections.  Recommend setting this to approx the number of CPU cores.
+- `max_conn` - Maximum number of SQLite reader connections. Recommend setting this to approx the number of CPU cores.
 
 - `address` - The address your relay will listen on. We'll set this to `127.0.0.1`.
 

docs/relay/install.md → docs/relay/nostr-rs-relay/install.md

@@ -12,13 +12,13 @@ apt install build-essential cmake protobuf-compiler pkg-config libssl-dev
 
 We'll also need to install `git` and `rust` to clone and compile the repository.
 
-git:
+Install git by running:
 
 ```bash
 apt install git
 ```
 
-rust:
+Install rust by running:
 
 ```bash
 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

docs/relay/service.md → docs/relay/nostr-rs-relay/service.md

@@ -4,14 +4,18 @@ A service is a long-running process that can be started and stopped. It can be u
 
 ## Create User
 
-Create a new user called `nostr` to run the relay service. Creating a new user is a good practice to isolate the service from the rest of the system.
+Create a new user called `nostr` to run the relay service:
 
 ```bash
 sudo adduser --disabled-login nostr
 ```
 
+Creating a new user is a good practice to isolate the service from the rest of the system.
+
 ## Change ownership for data directory
 
+Change ownership of the relay data directory:
+
 ```bash
 chown -R nostr:nostr /var/lib/nostr-rs-relay
 ```

docs/relay/nostr-rs-relay/websocket-connection.md

@@ -0,0 +1,111 @@
+# WebSocket Connection
+
+Replace the contents of `/etc/nginx/conf.d/relay_relayrunner_xyz.conf` with the following configuration where `relay_relayrunner_xyz.conf` should be replaced by whatever name you used for your Nginx config file:
+
+```nginx title="relay_relayrunner_xyz.conf"
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+upstream nostr_rs_relay_websocket { # can replace with a unique upstream WebSocket name that you choose
+    server 127.0.0.1:8080;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name relay.relayrunner.xyz; # replace with your domain
+
+    location / {
+        proxy_pass http://nostr_rs_relay_websocket; # can replace with your unique upstream WebSocket name
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        try_files $uri $uri/ =404;
+    }
+
+    # Only return Nginx in server header
+    server_tokens off;
+
+    #### SSL Configuration ####
+    # Test configuration:
+    # https://www.ssllabs.com/ssltest/analyze.html
+    # https://cryptcheck.fr/
+    ssl_certificate /etc/letsencrypt/live/relay.relayrunner.xyz/fullchain.pem; # replace with your domain
+    ssl_certificate_key /etc/letsencrypt/live/relay.relayrunner.xyz/privkey.pem; # replace with your domain
+    # Verify chain of trust of OCSP response using Root CA and Intermediate certs
+    ssl_trusted_certificate /etc/letsencrypt/live/relay.relayrunner.xyz/chain.pem; # replace with your domain
+
+    ssl_protocols TLSv1.3 TLSv1.2;
+
+    # For more information on the security of different cipher suites, you can refer to the following link:
+    # https://ciphersuite.info/
+    # Compilation of the top cipher suites 2024:
+    # https://ssl-config.mozilla.org/#server=nginx
+    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305";
+
+    # Perfect Forward Secrecy (PFS) is frequently compromised without this
+    ssl_prefer_server_ciphers on;
+
+    ssl_session_tickets off;
+
+    # Enable SSL session caching for improved performance
+    # Try setting ssl_session_timeout to 1d if performance is bad
+    ssl_session_timeout 10m;
+    ssl_session_cache shared:SSL:10m;
+
+    # By default, the buffer size is 16k, which corresponds to minimal overhead when sending big responses.
+    # To minimize Time To First Byte it may be beneficial to use smaller values
+    ssl_buffer_size 8k;
+
+    # OCSP stapling
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    #### Security Headers ####
+    # Test configuration:
+    # https://securityheaders.com/
+    # https://observatory.mozilla.org/
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
+
+    add_header X-Frame-Options DENY;
+
+    # Avoid MIME type sniffing
+    add_header X-Content-Type-Options "nosniff" always;
+
+    add_header Referrer-Policy "no-referrer" always;
+
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
+
+    #### Content-Security-Policy (CSP) ####
+    add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;" always;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name relay.relayrunner.xyz; # replace with your domain
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/relay.relayrunner.xyz; # replace with the directory you used to store the challenge files in
+        allow all;
+    }
+
+    location / {
+        return 301 https://relay.relayrunner.xyz$request_uri; # replace with your domain
+    }
+}
+```
+
+Be sure to replace `relay.relayrunner.xyz` with your domain name and `/var/www/relay.relayrunner.xyz` with the directory you used to store the challenge files in.
+
+You can also replace `nostr_rs_relay_websocket` with a unique upstream WebSocket name that you choose.
+
+The proxy headers specified in the `location` block above, the SSL/TLS directives, and the security headers specified above can be changed to meet the specific needs of your relay. There are even more strict values that can be set especially for the `Permissions-Policy` and `Content-Security-Policy` headers depending on your requirements. Be sure to test any changes you make are compatible with the nostr-rs-relay implementation.

docs/relay/nostream.md

@@ -0,0 +1 @@
+# Nostream

docs/relay/nostream/configuration.md

@@ -0,0 +1 @@
+# Configuration

docs/relay/nostream/install.md

@@ -0,0 +1 @@
+# Install

docs/relay/nostream/service.md

@@ -0,0 +1 @@
+# Service

docs/relay/nostream/test.md

@@ -0,0 +1 @@
+# Test your Relay

docs/relay/relay29-khatru29.md

@@ -0,0 +1 @@
+# relay29 Khatru29

docs/relay/relay29-khatru29/configuration.md

@@ -0,0 +1 @@
+# Configuration

docs/relay/relay29-khatru29/install.md

@@ -0,0 +1 @@
+# Install

docs/relay/relay29-khatru29/service.md

@@ -0,0 +1 @@
+# Service

docs/relay/relay29-khatru29/test.md

@@ -0,0 +1 @@
+# Test your Relay

docs/relay/relay29-strfry29.md

@@ -0,0 +1 @@
+# relay29 strfry29

docs/relay/relay29-strfry29/configuration.md

@@ -0,0 +1 @@
+# Configuration

docs/relay/relay29-strfry29/install.md

@@ -0,0 +1 @@
+# Install

docs/relay/relay29-strfry29/service.md

@@ -0,0 +1 @@
+# Service

docs/relay/relay29-strfry29/test.md

@@ -0,0 +1 @@
+# Test your Relay

docs/relay/strfry.md

@@ -0,0 +1 @@
+# strfry

docs/relay/strfry/configuration.md

@@ -0,0 +1 @@
+# Configuration

docs/relay/strfry/install.md

@@ -0,0 +1 @@
+# Install

docs/relay/strfry/service.md

@@ -0,0 +1 @@
+# Service

docs/relay/strfry/test.md

@@ -0,0 +1 @@
+# Test your Relay

docs/relay/wot-relay.md

@@ -0,0 +1 @@
+# WoT Relay

docs/relay/wot-relay/configuration.md

@@ -0,0 +1 @@
+# Configuration

docs/relay/wot-relay/install.md

@@ -0,0 +1 @@
+# Install

docs/relay/wot-relay/service.md

@@ -0,0 +1 @@
+# Service

docs/relay/wot-relay/test.md

@@ -0,0 +1 @@
+# Test your Relay