update readme

.changeset/light-falcons-search.md

@@ -0,0 +1,5 @@
+---
+"nsite-ts": patch
+---
+
+bump dependnecies

.env.example

@@ -9,7 +9,7 @@ LOOKUP_RELAYS=wss://user.kindpag.es,wss://purplepag.es
 SUBSCRIPTION_RELAYS=wss://nos.lol,wss://relay.damus.io
 
 # A list of fallback blossom servers
-BLOSSOM_SERVERS=https://cdn.satellite.earth
+BLOSSOM_SERVERS=https://nostr.download,https://cdn.satellite.earth
 
 # The max file size to serve
 MAX_FILE_SIZE='2 MB'

Dockerfile

@@ -29,14 +29,13 @@ RUN chown -R nsite:nsite /app
 
 # Setup nginx
 COPY nginx/nginx.conf /etc/nginx/nginx.conf
-COPY nginx/default.conf /etc/nginx/conf.d/default.conf
+COPY nginx/http.conf /etc/nginx/conf.d/default.conf
 
 # setup nsite
 COPY --from=prod-deps /app/node_modules /app/node_modules
 COPY --from=build ./app/build ./build
 
 COPY ./public ./public
-COPY tor-and-i2p.pac proxy.pac
 
 VOLUME [ "/var/cache/nginx" ]
 

Dockerfile-screenshots

@@ -16,7 +16,7 @@ COPY supervisord.conf /etc/supervisord.conf
 
 # Setup nginx
 COPY nginx/nginx.conf /etc/nginx/nginx.conf
-COPY nginx/default.conf /etc/nginx/conf.d/default.conf
+COPY nginx/http.conf /etc/nginx/conf.d/default.conf
 RUN chown nsite:nsite -R /etc/nginx
 
 # install google chrome for screenshots. copied from (https://pptr.dev/troubleshooting#running-puppeteer-in-docker)
@@ -53,7 +53,6 @@ COPY --from=prod-deps /app/node_modules /app/node_modules
 COPY --from=build ./app/build ./build
 
 COPY ./public ./public
-COPY tor-and-i2p.pac proxy.pac
 
 VOLUME [ "/var/cache/nginx" ]
 VOLUME [ "/screenshots" ]

README.md

@@ -14,33 +14,114 @@ Once the service is running you can access the cached version at `http://localho
 
 If you need to test, you can directly access the ts server at `http://localhost:3000`
 
-## Connecting to Tor and I2P relays
+## Running with docker
 
-nsite-ts supports `ALL_PROXY` and other proxy env variables [here](https://www.npmjs.com/package/proxy-from-env#environment-variables)
-
-Install Tor ([Documentation](https://community.torproject.org/onion-services/setup/install/)) and I2Pd ([Documentation](https://i2pd.readthedocs.io/en/latest/user-guide/install/))
-
-Create a proxy.pac file
-
-```txt
-// SPDX-License-Identifier: CC0-1.0
-
-function FindProxyForURL(url, host)
-{
-  if (shExpMatch(host, "*.i2p"))
-  {
-    return "PROXY 127.0.0.1:4444; SOCKS5 127.0.0.1:4447";
-  }
-  if (shExpMatch(host, "*.onion"))
-  {
-    return "SOCKS5 127.0.0.1:9050";
-  }
-  return "DIRECT";
-}
-```
-
-Start server with `PAC_PROXY` variable
+The `ghcr.io/hzrd149/nsite-ts` image can be used to run a http instance locally
 
 ```sh
-PAC_PROXY=file://$(pwd)/proxy.pac node .
+docker run --rm -it --name nsite -p 8080:80 ghcr.io/hzrd149/nsite-ts
+```
+
+## Manual nginx setup
+
+Before manually setting up nginx and nsite-ts you need a few things installed
+ - [nginx](https://nginx.org/)
+ - [nodejs](https://nodejs.org/en/download/package-manager) (dep packages [here](https://deb.nodesource.com/))
+ - [pnpm](https://pnpm.io/) run `npm i -g pnpm` to install
+
+Next your going to need to clone the nsite-ts repo and set it up
+
+```sh
+git clone https://github.com/hzrd149/nsite-ts
+cd nsite-ts
+
+# install dependencies
+pnpm install
+
+# build app
+pnpm build
+```
+
+Then create a new `.env` file for configuration
+
+```sh
+cp .env.example .env
+```
+
+Next copy and setup the systemd service
+
+```sh
+sudo cp contrib/nsite.service /etx/systemd/system/nsite.service
+
+# edit the service and set the working directory path
+sudo nano /etx/systemd/system/nsite.service
+
+# reload systemd service
+sudo systemctl daemon-reload
+
+# start service
+sudo systemctl start nsite
+```
+
+Then once nsite-ts is running, next you need to configure nginx
+
+Start by modifying the `/etx/nginx/nginx.conf` file and adding a `proxy_cache_path` to the `http` section
+
+```sh
+sudo nano /etc/nginx/nginx.conf
+```
+
+```diff
+http {
++  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=request_cache:10m max_size=10g inactive=60m use_temp_path=off;
+}
+```
+
+Next modify the default site config (usually `/etx/nginx/sites-enabled/default` or `/etc/nginx/conf.d/default.conf`) to be one of
+ - [nginx/http.conf](./nginx/http.conf)
+ - [nginx/tls.conf](./nginx/tls.conf)
+ - [nginx/tls-and-tor.conf](./nginx/tls-and-tor.conf)
+
+Once that is done you can restart nginx and you should have a new nsite server running on port 80
+
+## Tor setup
+
+First you need to install tor (`sudo apt install tor` on debian systems) or [Documentation](https://community.torproject.org/onion-services/setup/install/)
+
+Then able the tor service
+
+```sh
+sudo systemctl enable tor
+sudo systemctl start tor
+```
+
+### Setup hidden service
+
+Modify the torrc file to enable `HiddenServiceDir` and `HiddenServicePort`
+
+```
+HiddenServiceDir /var/lib/tor/hidden_service/
+HiddenServicePort 80 127.0.0.1:8080
+```
+
+Then restart tor
+
+```sh
+sudo systemctl restart tor
+```
+
+Next get the onion address using `cat /var/lib/tor/hidden_service/hostname` and set the `ONION_HOST` variable in the `.env` file
+
+```sh
+# don't forget to start with http://
+ONION_HOST="http://q457mvdt5smqj726m4lsqxxdyx7r3v7gufzt46zbkop6mkghpnr7z3qd.onion"
+```
+
+### Connecting to Tor and I2P relays and blossom servers
+
+Install Tor ([Documentation](https://community.torproject.org/onion-services/setup/install/)) and optionally I2Pd ([Documentation](https://i2pd.readthedocs.io/en/latest/user-guide/install/)) and then add the `TOR_PROXY` and `I2P_PROXY` variables to the `.env` file
+
+```sh
+TOR_PROXY=127.0.0.1:9050
+I2P_PROXY=127.0.0.1:4447
 ```

contrib/nsite.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=nsite Server
+After=network.target
+
+[Service]
+Type=simple
+WorkingDirectory=/<path-to>/nsite-ts
+ExecStart=/usr/bin/node .
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target

nginx/http.conf

@@ -10,9 +10,6 @@ server {
 		proxy_cache_key $host$uri;
 		proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
 
-		add_header X-Cache $upstream_cache_status;
-		add_header X-Cache-Status $upstream_status;
-
 		expires 30d;
 		add_header Cache-Control "public, no-transform";
 

nginx/tls-and-tor.conf

@@ -0,0 +1,56 @@
+# tor .onion server
+server {
+	listen 80;
+	listen [::]:80;
+	server_name *.onion;
+
+	location / {
+		proxy_cache request_cache;
+		proxy_cache_valid 200 60m;
+		proxy_cache_valid 404 10m;
+		proxy_cache_key $host$uri;
+		proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+
+		expires 30d;
+		add_header Cache-Control "public, no-transform";
+
+		proxy_set_header Host $host;
+		proxy_pass http://127.0.0.1:3000;
+	}
+}
+
+# redirect http to https
+server {
+	listen 80;
+	listen [::]:80;
+	server_name _;
+	return 307 https://$host$request_uri;
+}
+
+# http server
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	server_name nsite;
+
+	ssl_certificate /path/to/certificate/fullchain1.pem;
+	ssl_certificate_key /path/to/certificate/privkey1.pem;
+
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_prefer_server_ciphers on;
+	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+	location / {
+		proxy_cache request_cache;
+		proxy_cache_valid 200 60m;
+		proxy_cache_valid 404 10m;
+		proxy_cache_key $host$uri;
+		proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+
+		expires 30d;
+		add_header Cache-Control "public, no-transform";
+
+		proxy_set_header Host $host;
+		proxy_pass http://127.0.0.1:3000;
+	}
+}

nginx/tls.conf

@@ -0,0 +1,35 @@
+# redirect http to https
+server {
+	listen 80;
+	listen [::]:80;
+	server_name _;
+	return 307 https://$host$request_uri;
+}
+
+# nginx config for tls
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	server_name nsite;
+
+	ssl_certificate /path/to/certificate/fullchain1.pem;
+	ssl_certificate_key /path/to/certificate/privkey1.pem;
+
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_prefer_server_ciphers on;
+	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+
+	location / {
+		proxy_cache request_cache;
+		proxy_cache_valid 200 60m;
+		proxy_cache_valid 404 10m;
+		proxy_cache_key $host$uri;
+		proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+
+		expires 30d;
+		add_header Cache-Control "public, no-transform";
+
+		proxy_set_header Host $host;
+		proxy_pass http://127.0.0.1:3000;
+	}
+}

package.json

@@ -21,41 +21,41 @@
     "@keyv/redis": "^3.0.1",
     "@keyv/sqlite": "^4.0.1",
     "@koa/cors": "^5.0.0",
-    "blossom-client-sdk": "^1.1.1",
-    "dotenv": "^16.4.5",
-    "follow-redirects": "^1.15.6",
-    "keyv": "^5.0.1",
+    "blossom-client-sdk": "^2.1.0",
+    "dotenv": "^16.4.7",
+    "follow-redirects": "^1.15.9",
+    "keyv": "^5.2.2",
     "koa": "^2.15.3",
     "koa-morgan": "^1.0.1",
     "koa-send": "^5.0.1",
     "koa-static": "^5.0.0",
-    "mime": "^4.0.4",
-    "nostr-tools": "^2.7.2",
-    "pac-proxy-agent": "^7.0.2",
-    "proxy-agent": "^6.4.0",
-    "puppeteer": "^23.5.0",
-    "websocket-polyfill": "^1.0.0",
+    "mime": "^4.0.6",
+    "nostr-tools": "^2.10.4",
+    "pac-proxy-agent": "^7.1.0",
+    "proxy-agent": "^6.5.0",
+    "puppeteer": "^23.11.0",
+    "websocket-polyfill": "1.0.0",
     "ws": "^8.18.0",
     "xbytes": "^1.9.1"
   },
   "devDependencies": {
-    "@changesets/cli": "^2.27.8",
-    "@swc-node/register": "^1.9.0",
-    "@swc/core": "^1.5.0",
-    "@types/better-sqlite3": "^7.6.9",
+    "@changesets/cli": "^2.27.11",
+    "@swc-node/register": "^1.10.9",
+    "@swc/core": "^1.10.1",
+    "@types/better-sqlite3": "^7.6.12",
     "@types/follow-redirects": "^1.14.4",
-    "@types/koa": "^2.14.0",
+    "@types/koa": "^2.15.0",
     "@types/koa-morgan": "^1.0.8",
     "@types/koa-send": "^4.1.6",
     "@types/koa-static": "^4.0.4",
     "@types/koa__cors": "^5.0.0",
     "@types/koa__router": "^12.0.4",
-    "@types/node": "^20.11.19",
+    "@types/node": "^20.17.10",
     "@types/proxy-from-env": "^1.0.4",
-    "@types/ws": "^8.5.10",
-    "nodemon": "^3.0.3",
-    "prettier": "^3.3.3",
-    "typescript": "^5.3.3"
+    "@types/ws": "^8.5.13",
+    "nodemon": "^3.1.9",
+    "prettier": "^3.4.2",
+    "typescript": "^5.7.2"
   },
   "resolutions": {
     "websocket-polyfill": "1.0.0"

tor-and-i2p.pac

@@ -1,11 +0,0 @@
-// SPDX-License-Identifier: CC0-1.0
-
-function FindProxyForURL(url, host) {
-  if (shExpMatch(host, "*.i2p")) {
-    return "PROXY 127.0.0.1:4444; SOCKS5 127.0.0.1:4447";
-  }
-  if (shExpMatch(host, "*.onion")) {
-    return "SOCKS5 127.0.0.1:9050";
-  }
-  return "DIRECT";
-}