# Co-located Floonet name authority — the FLOONET_AUTHORITY_COLOCATED=on toggle. # # Serve NIP-05 names on the RELAY's own domain (so `name@relay.example` # resolves) WITHOUT giving the authority its own vhost/cert. This is only # needed for a split deploy where the relay and the authority live on separate # subdomains behind nginx (the deploy/us-east/ pattern: relay.floonet.dev + # nm.floonet.dev). The Docker Compose / Caddy stack is already co-located on a # single FLOONET_DOMAIN, so it does not need this file. # # ENABLE (== FLOONET_AUTHORITY_COLOCATED=on): include this inside the relay's # `:443` server block, BEFORE its `location /` WebSocket catch-all, e.g. # # include /etc/nginx/snippets/floonet-colocated-authority.conf; # # then `nginx -t && nginx -s reload`. DISABLE by removing the include. # # Only the exact-match READ lookup is exposed; registration and the rest of # /api/* stay on the authority's own domain. The `location =` exact match wins # over the relay catch-all regardless of file order, but keep it above # `location /` for readability. # # Port 8193 is this box's authority bind (FLOONET_NAMES_BIND); the compose # stack uses 8191 — match your own. X-Real-IP is SECURITY-CRITICAL: the # authority keys ALL per-IP rate limiting off it, so a missing value collapses # every client into one bucket and defeats the limiter. location = /.well-known/nostr.json { proxy_pass http://127.0.0.1:8193; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; }