• How to Run Your Own Nostr Relay on Android with Cloudflare Domain
  • Prerequisites
  • Setting Up Citrine
  • Installing Required Tools
  • Cloudflare Authentication
  • Creating the Tunnel
  • Preventing Android from Killing the Tunnel
  • Updating Your Outbox Model Relays
    • Decoding npub (Public Key)
    • Create a kind 10002 event with your relay list:
  • How to securely create NIP-49 encypted private key

§How to Run Your Own Nostr Relay on Android with Cloudflare Domain

§Prerequisites

1. Install Citrine on your Android device:

   • Visit https://github.com/greenart7c3/Citrine/releases
   • Download the latest release using:
     • zap.store
     • Obtainium
     • F-Droid
     • Or download the APK directly
   • Note: You may need to enable “Install from Unknown Sources” in your Android settings

2. Domain Requirements:

   • Purchase a domain if you don’t have one
   • Transfer your domain to Cloudflare if it’s not already there (for free SSL certificates and cloudflared support)

3. Tools to use:

   • nak (the nostr army knife):
     • Download from https://github.com/fiatjaf/nak/releases
     • Installation steps:
       • For Linux/macOS:

         # Download the appropriate version for your system
         wget https://github.com/fiatjaf/nak/releases/latest/download/nak-linux-amd64  # for Linux
         # or
         wget https://github.com/fiatjaf/nak/releases/latest/download/nak-darwin-amd64  # for macOS
         
         # Make it executable
         chmod +x nak-*
         
         # Move to a directory in your PATH
         sudo mv nak-* /usr/local/bin/nak
         

       • For Windows:

         # Download the Windows version
         curl -L -o nak.exe https://github.com/fiatjaf/nak/releases/latest/download/nak-windows-amd64.exe
         
         # Move to a directory in your PATH (e.g., C:\Windows)
         move nak.exe C:\Windows\nak.exe
         

     • Verify installation:

       nak --version
       

§Setting Up Citrine

1. Open the Citrine app
2. Start the server
3. You’ll see it running on ws://127.0.0.1:4869 (local network only)
4. Go to settings and paste your npub into “Accept events signed by” inbox and press the + button. This prevents others from publishing events to your personal relay.

§Installing Required Tools

1. Install Termux from Google Play Store
2. Open Termux and run:

�NOSTR_NORM0�

§Cloudflare Authentication

1. Run the authentication command: �NOSTR_NORM1�
2. Follow the instructions:
   • Copy the provided URL to your browser
   • Log in to your Cloudflare account
   • If the URL expires, copy it again after logging in

§Creating the Tunnel

1. Create a new tunnel: �NOSTR_NORM2�

   • Choose any name you prefer for your tunnel
   • Copy the tunnel ID after creating the tunnel

2. Create and configure the tunnel config: �NOSTR_NORM3�

3. Add this configuration (replace the placeholders with your values): �NOSTR_NORM4�

   • Note: In nano editor:
     • CTRL+O and Enter to save
     • CTRL+X to exit
   • Note: Check the credentials file path in the logs

4. Validate your configuration: �NOSTR_NORM5�

5. Start the tunnel: �NOSTR_NORM6�

§Preventing Android from Killing the Tunnel

Run these commands to maintain tunnel stability: �NOSTR_NORM7�

Tip: You can open multiple Termux sessions by swiping from the left edge of the screen while keeping your tunnel process running.

§Updating Your Outbox Model Relays

Once your relay is running and accessible via your domain, you’ll want to update your relay list in the Nostr network. This ensures other clients know about your relay and can connect to it.

§Decoding npub (Public Key)

Private keys (nsec) and public keys (npub) are encoded in bech32 format, which includes:

• A prefix (like nsec1, npub1 etc.)
• The encoded data
• A checksum

This format makes keys:

• Easy to distinguish
• Hard to copy incorrectly

However, most tools require these keys in hexadecimal (hex) format.

To decode an npub string to its hex format:

�NOSTR_NORM8�

Change it with your own npub.

�NOSTR_NORM9�

Copy the pubkey value in quotes.

§Create a kind 10002 event with your relay list:

• Include your new relay with write permissions
• Include other relays you want to read from and write to, omit 3rd parameter to make it both read and write

Example format:

�NOSTR_NORM10�

Save it to a file called event.json

Note: Add or remove any relays you want. To check your existing 10002 relays:

• Visit https://nostr.band/?q=by%3Anpub1dejts0qlva8mqzjlrxqkc2tmvs2t7elszky5upxaf3jha9qs9m5q605uc4+++kind%3A10002

• nostr.band is an indexing service, it probably has your relay list.

• Replace nostr:npub1xxx in the URL with your own npub

• Click “VIEW JSON” from the menu to see the raw event

• Or use the nak tool if you know the relays

  nak req -k 10002 -a <your-pubkey> wss://relay1.com wss://relay2.com
  

  Replace <your-pubkey> with your public key in hex format (you can get it using nak decode <your-npub>)

2. Sign and publish the event:
   • Use a Nostr client that supports kind 10002 events
   • Or use the nak command-line tool:

   nak event --sec ncryptsec1... wss://relay1.com wss://relay2.com $(cat event.json)
   

Important Security Notes:

1. Never share your nsec (private key) with anyone
2. Consider using NIP-49 encrypted keys for better security
3. Never paste your nsec or private key into the terminal. The command will be saved in your shell history, exposing your private key. To clear the command history:
   • For bash: use history -c
   • For zsh: use fc -W to write history to file, then fc -p to read it back
   • Or manually edit your shell history file (e.g., ~/.zsh_history or ~/.bash_history)
4. if you’re using zsh, use fc -p to prevent the next command from being saved to history
5. Or temporarily disable history before running sensitive commands:

�NOSTR_NORM11�

§How to securely create NIP-49 encypted private key

�NOSTR_NORM12�

On a Windows command line, to read from stdin and use the variables in nak commands, you can use a combination of set /p to read input and then use those variables in your command. Here’s an example:

�NOSTR_NORM13�

If your key starts with ncryptsec1, the nak tool will securely prompt you for a password when using the --sec parameter, unless the command is used with a pipe < > or |.

�NOSTR_NORM14�

3. Verify the event was published:
   • Check if your relay list is visible on other relays
   • Use the nak tool to fetch your kind 10002 events:

nak req -k 10002 -a <your-pubkey> wss://relay1.com wss://relay2.com

4. Testing your relay:
   • Try connecting to your relay using different Nostr clients
   • Verify you can both read from and write to your relay
   • Check if events are being properly stored and retrieved
   • Tip: Use multiple Nostr clients to test different aspects of your relay

Note: If anyone in the community has a more efficient method of doing things like updating outbox relays, please share your insights in the comments. Your expertise would be greatly appreciated!