Serve the authority's NIP-05 lookup on the relay's own domain so
`name@relay.example` resolves, without giving the authority a second
vhost/cert. Live on us-east: relay.floonet.dev now answers
/.well-known/nostr.json from the co-located authority (127.0.0.1:8193)
while the WebSocket relay and NIP-11 stay untouched.
* deploy/us-east/colocated-authority.conf
The nginx opt-in: an exact-match `location = /.well-known/nostr.json`
proxied to the authority ahead of the relay's WebSocket catch-all.
Only the READ path is exposed; registration and the rest of /api/*
stay on the authority's own domain. Sets X-Real-IP (the per-IP rate
limiter keys off it). Same proxy shape as nm.floonet.dev.conf.
* README.md — "Co-locating names on the relay domain": the Caddy/compose
stack is co-located by default (single FLOONET_DOMAIN); a split nginx
deploy opts in with the snippet. Documents FLOONET_AUTHORITY_COLOCATED.
* deploy/Caddyfile, .env.example — note the single-domain stack is
co-located by default and point split deploys at the snippet.
The box vhost mirrors this snippet exactly; applied with nginx -t + reload
(no restart), firewalld untouched.