laantungir/c-relay
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 7 Wiki Activity

Compare commits

base: laantungir:v0.2.13
Branches Tags
laantungir:master
laantungir:v1.0.8 laantungir:v1.0.7 laantungir:v1.0.6 laantungir:v1.0.5 laantungir:v1.0.4 laantungir:v1.0.3 laantungir:v0.8.6 laantungir:v1.0.0 laantungir:v0.8.5 laantungir:v0.8.4 laantungir:v0.8.3 laantungir:v0.8.2 laantungir:v0.8.1 laantungir:v0.8.0 laantungir:v0.7.43 laantungir:v0.7.42 laantungir:v0.7.41 laantungir:v0.7.40 laantungir:v0.7.39 laantungir:v0.7.38 laantungir:v0.7.37 laantungir:v0.7.36 laantungir:v0.7.35 laantungir:v0.7.34 laantungir:v0.7.33 laantungir:v0.7.32 laantungir:v0.7.31 laantungir:v0.7.30 laantungir:v0.7.29 laantungir:v0.7.28 laantungir:v0.7.27 laantungir:v0.7.26 laantungir:v0.7.25 laantungir:v0.7.24 laantungir:v0.7.23 laantungir:v0.7.22 laantungir:v0.7.21 laantungir:v0.7.20 laantungir:v0.7.19 laantungir:v0.7.18 laantungir:v0.7.17 laantungir:v0.7.16 laantungir:v0.7.15 laantungir:v0.7.14 laantungir:v0.7.13 laantungir:v0.7.12 laantungir:v0.7.11 laantungir:v0.7.10 laantungir:v0.7.9 laantungir:v0.7.8 laantungir:v0.7.7 laantungir:v0.7.6 laantungir:v0.7.5 laantungir:v0.7.4 laantungir:v0.7.3 laantungir:v0.7.2 laantungir:v0.7.1 laantungir:v0.7.0 laantungir:v0.6.0 laantungir:v0.5.0 laantungir:v0.4.13 laantungir:v0.4.12 laantungir:v0.4.11 laantungir:v0.4.10 laantungir:v0.4.9 laantungir:v0.4.8 laantungir:v0.4.7 laantungir:v0.4.6 laantungir:v0.4.5 laantungir:v0.4.4 laantungir:v0.4.3 laantungir:v0.4.2 laantungir:v0.4.1 laantungir:v0.4.0 laantungir:v0.3.19 laantungir:v0.3.18 laantungir:v0.3.17 laantungir:v0.3.16 laantungir:v0.3.15 laantungir:v0.3.14 laantungir:v0.3.13 laantungir:v0.3.12 laantungir:v0.3.11 laantungir:v0.3.10 laantungir:v0.3.9 laantungir:v0.3.8 laantungir:v0.3.7 laantungir:v0.3.6 laantungir:v0.3.5 laantungir:v0.3.4 laantungir:v0.3.3 laantungir:v0.3.2 laantungir:v0.3.1 laantungir:v0.3.0 laantungir:v0.2.18 laantungir:v0.2.17 laantungir:v0.2.16 laantungir:v0.2.15 laantungir:v0.2.14 laantungir:v0.2.13 laantungir:v0.2.12 laantungir:v0.2.11 laantungir:v0.2.10 laantungir:v0.2.9 laantungir:v0.2.8 laantungir:v0.2.7 laantungir:v0.2.6 laantungir:v0.2.5 laantungir:v0.2.4 laantungir:v0.2.3 laantungir:v0.2.2 laantungir:v0.2.1 laantungir:v0.2.0 laantungir:v0.1.1 laantungir:v0.1.0 laantungir:v0.0.4 laantungir:v0.0.3 laantungir:v0.0.2 laantungir:v0.0.1
..
compare: laantungir:v0.3.4
Branches Tags
laantungir:master
laantungir:v1.0.8 laantungir:v1.0.7 laantungir:v1.0.6 laantungir:v1.0.5 laantungir:v1.0.4 laantungir:v1.0.3 laantungir:v0.8.6 laantungir:v1.0.0 laantungir:v0.8.5 laantungir:v0.8.4 laantungir:v0.8.3 laantungir:v0.8.2 laantungir:v0.8.1 laantungir:v0.8.0 laantungir:v0.7.43 laantungir:v0.7.42 laantungir:v0.7.41 laantungir:v0.7.40 laantungir:v0.7.39 laantungir:v0.7.38 laantungir:v0.7.37 laantungir:v0.7.36 laantungir:v0.7.35 laantungir:v0.7.34 laantungir:v0.7.33 laantungir:v0.7.32 laantungir:v0.7.31 laantungir:v0.7.30 laantungir:v0.7.29 laantungir:v0.7.28 laantungir:v0.7.27 laantungir:v0.7.26 laantungir:v0.7.25 laantungir:v0.7.24 laantungir:v0.7.23 laantungir:v0.7.22 laantungir:v0.7.21 laantungir:v0.7.20 laantungir:v0.7.19 laantungir:v0.7.18 laantungir:v0.7.17 laantungir:v0.7.16 laantungir:v0.7.15 laantungir:v0.7.14 laantungir:v0.7.13 laantungir:v0.7.12 laantungir:v0.7.11 laantungir:v0.7.10 laantungir:v0.7.9 laantungir:v0.7.8 laantungir:v0.7.7 laantungir:v0.7.6 laantungir:v0.7.5 laantungir:v0.7.4 laantungir:v0.7.3 laantungir:v0.7.2 laantungir:v0.7.1 laantungir:v0.7.0 laantungir:v0.6.0 laantungir:v0.5.0 laantungir:v0.4.13 laantungir:v0.4.12 laantungir:v0.4.11 laantungir:v0.4.10 laantungir:v0.4.9 laantungir:v0.4.8 laantungir:v0.4.7 laantungir:v0.4.6 laantungir:v0.4.5 laantungir:v0.4.4 laantungir:v0.4.3 laantungir:v0.4.2 laantungir:v0.4.1 laantungir:v0.4.0 laantungir:v0.3.19 laantungir:v0.3.18 laantungir:v0.3.17 laantungir:v0.3.16 laantungir:v0.3.15 laantungir:v0.3.14 laantungir:v0.3.13 laantungir:v0.3.12 laantungir:v0.3.11 laantungir:v0.3.10 laantungir:v0.3.9 laantungir:v0.3.8 laantungir:v0.3.7 laantungir:v0.3.6 laantungir:v0.3.5 laantungir:v0.3.4 laantungir:v0.3.3 laantungir:v0.3.2 laantungir:v0.3.1 laantungir:v0.3.0 laantungir:v0.2.18 laantungir:v0.2.17 laantungir:v0.2.16 laantungir:v0.2.15 laantungir:v0.2.14 laantungir:v0.2.13 laantungir:v0.2.12 laantungir:v0.2.11 laantungir:v0.2.10 laantungir:v0.2.9 laantungir:v0.2.8 laantungir:v0.2.7 laantungir:v0.2.6 laantungir:v0.2.5 laantungir:v0.2.4 laantungir:v0.2.3 laantungir:v0.2.2 laantungir:v0.2.1 laantungir:v0.2.0 laantungir:v0.1.1 laantungir:v0.1.0 laantungir:v0.0.4 laantungir:v0.0.3 laantungir:v0.0.2 laantungir:v0.0.1

9 Commits
v0.2.13 ... v0.3.4

Author SHA1 Message Date
Your Name
2e8eda5c67 v0.3.3 - Fix function naming consistency: rename find_existing_nrdb_files to find_existing_db_files 
- Update function declaration in config.h
- Update function definition in config.c
- Update function calls in config.c and main.c
- Maintain consistency with .db file extension naming convention

This resolves the inconsistency between database file extension (.db) and function names (nrdb)
 2025-09-07 06:58:50 -04:00
Your Name
74a4dc2533 v0.3.2 - Implement -p/--port CLI option for first-time startup port override 
- Add cli_options_t structure for extensible command line options
- Implement port override in create_default_config_event()
- Update main() with robust CLI parsing and validation
- Add comprehensive help text documenting first-time only behavior
- Ensure CLI options only affect initial configuration event creation
- Maintain event-based configuration architecture for ongoing operation
- Include comprehensive error handling and input validation
- Add documentation in CLI_PORT_OVERRIDE_IMPLEMENTATION.md

Tested: First-time startup uses CLI port, subsequent startups use database config
 2025-09-07 06:54:56 -04:00
Your Name
be7ae2b580 v0.3.1 - Implement database location and extension changes 
- Change database extension from .nrdb to .db for standard SQLite convention
- Modify make_and_restart_relay.sh to run executable from build/ directory
- Database files now created in build/ directory alongside executable
- Enhanced --preserve-database flag with backup/restore functionality
- Updated source code references in config.c and main.c
- Port auto-increment functionality remains fully functional
 2025-09-07 06:15:49 -04:00
Your Name
c1de1bb480 v0.3.0 - Complete deployment documentation and examples - Added comprehensive deployment guide, automated deployment scripts, nginx SSL proxy setup, backup automation, and monitoring tools. Includes VPS deployment, cloud platform guides, and practical examples for production deployment of event-based configuration system. 2025-09-06 20:19:12 -04:00
Your Name
a02c1204ce v0.2.18 - Clean up configuration system: remove active_config VIEW, database_location field, fix double slash in paths, and ensure database_path reflects actual path used 2025-09-06 11:01:50 -04:00
Your Name
258779e234 v0.2.17 - Add --database-path parameter with metadata storage 
- Add --database-path/-D command line parameter for database override
- Store actual database and config file paths as metadata in config tables
- Fix circular dependency by making command line overrides runtime-only
- Support multiple relay instances with separate databases and configurations
- Clean path normalization removes redundant ./ prefixes
- New fields: database_location and config_location for tracking actual usage
 2025-09-06 10:39:11 -04:00
Your Name
342defca6b v0.2.16 - fixed config bugs 2025-09-06 10:24:42 -04:00
Your Name
580aec7d57 v0.2.15 - Add --database-path command line parameter for database location override 
- Added -D/--database-path parameter to specify custom database file location
- Fixed port override timing to apply after configuration system initialization
- Updated help message with examples showing database path usage
- Supports both absolute and relative paths for database location
- Enables running multiple relay instances with separate databases
- Resolves database path issues when running from /usr/local/bin
 2025-09-06 10:07:28 -04:00
Your Name
54b91af76c v0.2.14 - database path 2025-09-06 09:59:14 -04:00
38 changed files with 6943 additions and 2352 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -7,3 +7,4 @@ Trash/
src/version.h
dev-config/
db/
copy_executable_local.sh

5
.roo/commands/push.md Normal file
View File

@@ -0,0 +1,5 @@
---
description: "Brief description of what this command does"
---
Run build_and_push.sh, and supply a good git commit message.

145
CLI_PORT_OVERRIDE_IMPLEMENTATION.md Normal file
View File

@@ -0,0 +1,145 @@
# CLI Port Override Implementation
## Overview
This document describes the implementation of the `-p <port>` command line option for the C Nostr Relay, which allows overriding the default relay port during first-time startup only.
## Design Principles
1. **First-time startup only**: Command line options only affect the initial configuration event creation
2. **Event-based persistence**: After first startup, all configuration is managed through database events
3. **Proper encapsulation**: All configuration logic is contained within `config.c`
4. **Extensible design**: The CLI options structure can easily accommodate future command line options
## Implementation Details
### Files Modified
#### `src/config.h`
- Added `cli_options_t` structure to encapsulate command line options
- Updated `first_time_startup_sequence()` function signature
#### `src/config.c`
- Updated `first_time_startup_sequence()` to accept CLI options parameter
- Updated `create_default_config_event()` to accept CLI options parameter
- Implemented port override logic in DEFAULT_CONFIG_VALUES array processing
#### `src/default_config_event.h`
- Updated function signature for `create_default_config_event()`
- Added proper header include for `cli_options_t` definition
#### `src/main.c`
- Added command line parsing for `-p <port>` and `--port <port>`
- Updated help text to document the new option
- Added proper error handling for invalid port values
- Updated function call to pass CLI options to configuration system
### CLI Options Structure
```c
typedef struct {
int port_override; // -1 = not set, >0 = port value
// Future CLI options can be added here
} cli_options_t;
```
### Command Line Usage
```bash
# First-time startup with port override
./c_relay_x86 -p 9090
./c_relay_x86 --port 9090
# Show help (includes new option)
./c_relay_x86 --help
# Show version
./c_relay_x86 --version
```
### Error Handling
The implementation includes robust error handling for:
- Missing port argument: `./c_relay_x86 -p`
- Invalid port format: `./c_relay_x86 -p invalid_port`
- Out-of-range ports: `./c_relay_x86 -p 0` or `./c_relay_x86 -p 99999`
## Behavior Verification
### First-Time Startup
When no database exists:
1. Command line is parsed and `-p <port>` is processed
2. CLI options are passed to `first_time_startup_sequence()`
3. Port override is applied in `create_default_config_event()`
4. Configuration event is created with overridden port value
5. Relay starts on the specified port
6. Port setting is persisted in database for future startups
### Subsequent Startups
When database already exists:
1. Command line is still parsed (for consistency)
2. Existing relay path is taken
3. Configuration is loaded from database events
4. CLI options are ignored
5. Relay starts on port from database configuration
## Testing Results
### Test 1: First-time startup with port override
```bash
./c_relay_x86 -p 9090
```
**Result**: ✅ Relay starts on port 9090, configuration stored in database
### Test 2: Subsequent startup ignores CLI options
```bash
./c_relay_x86 -p 7777
```
**Result**: ✅ Relay starts on port 9090 (from database), ignores `-p 7777`
### Test 3: Error handling
```bash
./c_relay_x86 -p invalid_port
./c_relay_x86 -p
```
**Result**: ✅ Proper error messages and help text displayed
### Test 4: Help text
```bash
./c_relay_x86 --help
```
**Result**: ✅ Displays updated help with `-p, --port PORT` option
## Database Verification
The port setting is correctly stored in the database:
```sql
SELECT json_extract(tags, '$') FROM events WHERE kind = 33334;
```
Shows the overridden port value in the configuration event tags.
## Future Extensions
The `cli_options_t` structure is designed to be easily extended:
```c
typedef struct {
int port_override; // -1 = not set, >0 = port value
char* description_override; // Future: relay description override
int max_connections_override; // Future: connection limit override
// Add more options as needed
} cli_options_t;
```
## Key Design Benefits
1. **Separation of Concerns**: Main function handles CLI parsing, config system handles application
2. **First-time Only**: Prevents confusion about configuration precedence
3. **Event-based Architecture**: Maintains consistency with the relay's event-based configuration system
4. **Extensible**: Easy to add new command line options in the future
5. **Robust**: Comprehensive error handling and validation
6. **Documented**: Clear help text explains behavior to users
## Summary
The `-p <port>` command line option implementation successfully provides a way to override the default relay port during first-time startup while maintaining the event-based configuration architecture for ongoing operation. The implementation is robust, well-tested, and ready for production use.

333
README.md
View File

@@ -1,13 +1,273 @@
A nostr relay in C with sqlite on the back end.
# C Nostr Relay - Event-Based Configuration System
A high-performance Nostr relay implemented in C with SQLite backend, featuring a revolutionary **zero-configuration** approach using event-based configuration management.
## 🌟 Key Features
- **🔧 Zero Configuration**: No config files or command line arguments needed
- **🔑 Event-Based Config**: All settings stored as kind 33334 Nostr events
- **🚀 Real-Time Updates**: Configuration changes applied instantly via WebSocket
- **🛡️ Cryptographic Security**: Configuration events cryptographically signed and validated
- **📊 SQLite Backend**: High-performance event storage with optimized schema
- **🔄 Auto Key Generation**: Secure admin and relay keypairs generated on first startup
- **💾 Database Per Relay**: Each relay instance uses `<relay_pubkey>.nrdb` database naming
## 🚀 Quick Start
### 1. Build the Relay
```bash
git clone <repository-url>
cd c-relay
git submodule update --init --recursive
make
```
### 2. Start the Relay
```bash
./build/c_relay_x86
```
**That's it!** No configuration files, no command line arguments needed.
### 3. Save Your Admin Keys (IMPORTANT!)
On first startup, the relay will display:
```
=================================================================
IMPORTANT: SAVE THIS ADMIN PRIVATE KEY SECURELY!
=================================================================
Admin Private Key: f8491814ea288260dad2ab52c09b3b037e75e83e8b24feb9bdc328423922be44
Admin Public Key: 07fc2cdd8bdc0c60eefcc9e37e67fef88206bc84fadb894c283b006554ac687b
Relay Private Key: a1b2c3d4e5f6...
Relay Public Key: 1a2b3c4d5e6f...
Database: dc9a93fd0ffba7041f6df0602e5021913a42fcaf6dbf40f43ecdc011177b4d94.nrdb
=================================================================
```
⚠️ **Save the admin private key securely** - it's needed to update relay configuration and is only displayed once!
## 📋 System Requirements
- **OS**: Linux, macOS, or Windows (WSL)
- **Dependencies**:
- SQLite 3
- libwebsockets
- OpenSSL/LibreSSL
- libsecp256k1
- libcurl
- zlib
## 🏗️ Event-Based Configuration System
### How It Works
Traditional Nostr relays require configuration files, environment variables, or command line arguments. This relay uses a **revolutionary approach**:
1. **First-Time Startup**: Generates cryptographically secure admin and relay keypairs
2. **Database Creation**: Creates `<relay_pubkey>.nrdb` database file
3. **Default Configuration**: Creates initial kind 33334 configuration event with sensible defaults
4. **Real-Time Updates**: Administrators send new kind 33334 events to update configuration
5. **Instant Application**: Changes are applied immediately without restart
### Configuration Updates
To update relay configuration, send a signed kind 33334 event:
```json
{
"kind": 33334,
"content": "C Nostr Relay Configuration",
"tags": [
["d", "<relay_pubkey>"],
["relay_description", "My awesome Nostr relay"],
["max_subscriptions_per_client", "25"],
["pow_min_difficulty", "16"],
["nip40_expiration_enabled", "true"]
],
"created_at": 1234567890,
"pubkey": "<admin_pubkey>",
"id": "...",
"sig": "..."
}
```
Send this event to your relay via WebSocket, and changes are applied instantly.
### Configurable Parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `relay_description` | Relay description (NIP-11) | "C Nostr Relay" |
| `relay_contact` | Admin contact info | "" |
| `max_subscriptions_per_client` | Max subscriptions per client | "25" |
| `max_total_subscriptions` | Total subscription limit | "5000" |
| `pow_min_difficulty` | NIP-13 PoW difficulty | "0" |
| `pow_mode` | PoW validation mode | "optional" |
| `nip40_expiration_enabled` | Enable NIP-40 expiration | "true" |
| `nip40_expiration_strict` | Strict expiration mode | "false" |
| `max_message_length` | Max message size | "65536" |
| `max_event_tags` | Max tags per event | "2000" |
| `max_content_length` | Max content length | "65536" |
## 🔧 Deployment
### Manual Installation
```bash
# Build the relay
make
# Run directly
./build/c_relay_x86
```
### SystemD Service (Recommended)
```bash
# Install as system service
sudo systemd/install-service.sh
# Start the service
sudo systemctl start c-relay
# Enable auto-start on boot
sudo systemctl enable c-relay
# View logs
sudo journalctl -u c-relay -f
```
See [`systemd/README.md`](systemd/README.md) for detailed deployment documentation.
### Docker (Coming Soon)
Docker support is planned for future releases.
## 📊 Database Schema
The relay uses an optimized SQLite schema (version 4) with these key features:
- **Event-based storage**: All Nostr events in single `events` table
- **JSON tags support**: Native JSON storage for event tags
- **Performance optimized**: Multiple indexes for fast queries
- **Subscription logging**: Optional detailed subscription analytics
- **Auto-cleanup**: Automatic ephemeral event cleanup
- **Replaceable events**: Proper handling of replaceable/addressable events
## 🛡️ Security Features
- **Cryptographic validation**: All configuration events cryptographically verified
- **Admin-only config**: Only authorized admin pubkey can update configuration
- **Signature verification**: Uses `nostr_verify_event_signature()` for validation
- **Event structure validation**: Complete event structure validation
- **Secure key generation**: Uses `/dev/urandom` for cryptographically secure keys
- **No secrets storage**: Admin private key never stored on disk
## 🔌 Network Configuration
- **Default Port**: 8888 (WebSocket)
- **Protocol**: WebSocket with Nostr message format
- **Endpoints**:
- `ws://localhost:8888` - WebSocket relay
- `http://localhost:8888` - NIP-11 relay information (HTTP GET)
## 🏃‍♂️ Usage Examples
### Connect with a Nostr Client
```javascript
const relay = new WebSocket('ws://localhost:8888');
relay.send(JSON.stringify(["REQ", "sub1", {"kinds": [1], "limit": 10}]));
```
### Update Configuration (using `nostrtool` or similar)
```bash
# Create configuration event with nostrtool
nostrtool event --kind 33334 --content "Updated config" \
--tag d <relay_pubkey> \
--tag relay_description "My updated relay" \
--private-key <admin_private_key>
# Send to relay
nostrtool send ws://localhost:8888 <event_json>
```
## 📈 Monitoring and Analytics
### View Relay Status
```bash
# Check if relay is running
ps aux | grep c_relay
# Check network port
netstat -tln | grep 8888
# View recent logs
tail -f relay.log
```
### Database Analytics
```bash
# Connect to relay database
sqlite3 <relay_pubkey>.nrdb
# View relay statistics
SELECT * FROM event_stats;
# View configuration events
SELECT * FROM configuration_events;
# View recent events
SELECT * FROM recent_events LIMIT 10;
```
## 🧪 Testing
### Run Error Handling Tests
```bash
# Comprehensive test suite
tests/event_config_tests.sh
# Quick validation tests
tests/quick_error_tests.sh
```
### Manual Testing
```bash
# Test WebSocket connection
wscat -c ws://localhost:8888
# Test NIP-11 information
curl http://localhost:8888
```
## 🔧 Development
### Build from Source
```bash
git clone <repository-url>
cd c-relay
git submodule update --init --recursive
make clean && make
```
### Debug Build
```bash
make debug
gdb ./build/c_relay_x86
```
### Contributing
1. Fork the repository
2. Create a feature branch
3. Make changes with tests
4. Submit a pull request
## 📜 Supported NIPs
<!--
NOTE FOR ASSISTANTS: When updating the NIPs checklist below, ONLY change [ ] to [x] to mark as complete.
Do NOT modify the formatting, add emojis, or change the text. Keep the simple format consistent.
-->
### [NIPs](https://github.com/nostr-protocol/nips)
- [x] NIP-01: Basic protocol flow implementation
- [x] NIP-09: Event deletion
- [x] NIP-11: Relay information document
@@ -17,6 +277,67 @@ Do NOT modify the formatting, add emojis, or change the text. Keep the simple fo
- [x] NIP-33: Parameterized Replaceable Events
- [x] NIP-40: Expiration Timestamp
- [ ] NIP-42: Authentication of clients to relays
- [ ] NIP-45: Counting results.
- [ ] NIP-50: Keywords filter.
- [ ] NIP-45: Counting results
- [ ] NIP-50: Keywords filter
- [ ] NIP-70: Protected Events
## 🆘 Troubleshooting
### Common Issues
**Relay won't start**
```bash
# Check for port conflicts
netstat -tln | grep 8888
# Check permissions
ls -la build/c_relay_x86
# Check dependencies
ldd build/c_relay_x86
```
**Lost admin private key**
- If you lose the admin private key, you cannot update configuration
- You must delete the database file and restart (loses all events)
- The relay will generate new keys on first startup
**Database corruption**
```bash
# Check database integrity
sqlite3 <relay_pubkey>.nrdb "PRAGMA integrity_check;"
# If corrupted, remove database (loses all events)
rm <relay_pubkey>.nrdb*
./build/c_relay_x86 # Will create fresh database
```
**Configuration not updating**
- Ensure configuration events are properly signed
- Check that admin pubkey matches the one from first startup
- Verify WebSocket connection is active
- Check relay logs for validation errors
## 📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
## 🤝 Support
- **Issues**: Report bugs and feature requests on GitHub
- **Documentation**: See `docs/` directory for technical details
- **Deployment**: See `systemd/README.md` for production deployment
- **Community**: Join the Nostr development community
## 🚀 Future Roadmap
- [ ] Docker containerization
- [ ] NIP-42 authentication support
- [ ] Advanced analytics dashboard
- [ ] Clustering support for high availability
- [ ] Performance optimizations
- [ ] Additional NIP implementations
---
**The C Nostr Relay represents the future of Nostr infrastructure - zero configuration, event-based management, and cryptographically secure administration.**

BIN
db/c_nostr_relay.db
View File

Binary file not shown.

BIN
db/c_nostr_relay.db-shm
View File

Binary file not shown.

BIN
db/c_nostr_relay.db-wal
View File

Binary file not shown.

280
docs/config_schema_design.md
View File

@@ -1,280 +0,0 @@
# Database Configuration Schema Design
## Overview
This document outlines the database configuration schema additions for the C Nostr Relay startup config file system. The design follows the Ginxsom admin system approach with signed Nostr events and database storage.
## Schema Version Update
- Current Version: 2
- Target Version: 3
- Update: Add server configuration management tables
## Core Configuration Tables
### 1. `server_config` Table
```sql
-- Server configuration table - core configuration storage
CREATE TABLE server_config (
key TEXT PRIMARY KEY, -- Configuration key (unique identifier)
value TEXT NOT NULL, -- Configuration value (stored as string)
description TEXT, -- Human-readable description
config_type TEXT DEFAULT 'user' CHECK (config_type IN ('system', 'user', 'runtime')),
data_type TEXT DEFAULT 'string' CHECK (data_type IN ('string', 'integer', 'boolean', 'json')),
validation_rules TEXT, -- JSON validation rules (optional)
is_sensitive INTEGER DEFAULT 0, -- 1 if value should be masked in logs
requires_restart INTEGER DEFAULT 0, -- 1 if change requires server restart
created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),
updated_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now'))
);
```
**Configuration Types:**
- `system`: Core system settings (admin keys, security)
- `user`: User-configurable settings (relay info, features)
- `runtime`: Dynamic runtime values (statistics, cache)
**Data Types:**
- `string`: Text values
- `integer`: Numeric values
- `boolean`: True/false values (stored as "true"/"false")
- `json`: JSON object/array values
### 2. `config_history` Table
```sql
-- Configuration change history table
CREATE TABLE config_history (
id INTEGER PRIMARY KEY AUTOINCREMENT,
config_key TEXT NOT NULL, -- Key that was changed
old_value TEXT, -- Previous value (NULL for new keys)
new_value TEXT NOT NULL, -- New value
changed_by TEXT DEFAULT 'system', -- Who made the change (system/admin/user)
change_reason TEXT, -- Optional reason for change
changed_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),
FOREIGN KEY (config_key) REFERENCES server_config(key)
);
```
### 3. `config_validation_log` Table
```sql
-- Configuration validation errors log
CREATE TABLE config_validation_log (
id INTEGER PRIMARY KEY AUTOINCREMENT,
config_key TEXT NOT NULL,
attempted_value TEXT,
validation_error TEXT NOT NULL,
error_source TEXT DEFAULT 'validation', -- validation/parsing/constraint
attempted_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now'))
);
```
### 4. Configuration File Cache Table
```sql
-- Cache for file-based configuration events
CREATE TABLE config_file_cache (
file_path TEXT PRIMARY KEY, -- Full path to config file
file_hash TEXT NOT NULL, -- SHA256 hash of file content
event_id TEXT, -- Nostr event ID from file
event_pubkey TEXT, -- Admin pubkey that signed event
loaded_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),
validation_status TEXT CHECK (validation_status IN ('valid', 'invalid', 'unverified')),
validation_error TEXT -- Error details if invalid
);
```
## Indexes and Performance
```sql
-- Performance indexes for configuration tables
CREATE INDEX idx_server_config_type ON server_config(config_type);
CREATE INDEX idx_server_config_updated ON server_config(updated_at DESC);
CREATE INDEX idx_config_history_key ON config_history(config_key);
CREATE INDEX idx_config_history_time ON config_history(changed_at DESC);
CREATE INDEX idx_config_validation_key ON config_validation_log(config_key);
CREATE INDEX idx_config_validation_time ON config_validation_log(attempted_at DESC);
```
## Triggers
### Update Timestamp Trigger
```sql
-- Trigger to update timestamp on configuration changes
CREATE TRIGGER update_config_timestamp
AFTER UPDATE ON server_config
BEGIN
UPDATE server_config SET updated_at = strftime('%s', 'now') WHERE key = NEW.key;
END;
```
### Configuration History Trigger
```sql
-- Trigger to log configuration changes to history
CREATE TRIGGER log_config_changes
AFTER UPDATE ON server_config
WHEN OLD.value != NEW.value
BEGIN
INSERT INTO config_history (config_key, old_value, new_value, changed_by, change_reason)
VALUES (NEW.key, OLD.value, NEW.value, 'system', 'configuration update');
END;
```
## Default Configuration Values
### Core System Settings
```sql
INSERT OR IGNORE INTO server_config (key, value, description, config_type, data_type, requires_restart) VALUES
-- Administrative settings
('admin_pubkey', '', 'Authorized admin public key (hex)', 'system', 'string', 1),
('admin_enabled', 'false', 'Enable admin interface', 'system', 'boolean', 1),
-- Server core settings
('relay_port', '8888', 'WebSocket server port', 'user', 'integer', 1),
('database_path', 'db/c_nostr_relay.db', 'SQLite database file path', 'user', 'string', 1),
('max_connections', '100', 'Maximum concurrent connections', 'user', 'integer', 1),
-- NIP-11 Relay Information
('relay_name', 'C Nostr Relay', 'Relay name for NIP-11', 'user', 'string', 0),
('relay_description', 'High-performance C Nostr relay with SQLite storage', 'Relay description', 'user', 'string', 0),
('relay_contact', '', 'Contact information', 'user', 'string', 0),
('relay_pubkey', '', 'Relay public key', 'user', 'string', 0),
('relay_software', 'https://git.laantungir.net/laantungir/c-relay.git', 'Software URL', 'user', 'string', 0),
('relay_version', '0.2.0', 'Software version', 'user', 'string', 0),
-- NIP-13 Proof of Work
('pow_enabled', 'true', 'Enable NIP-13 Proof of Work validation', 'user', 'boolean', 0),
('pow_min_difficulty', '0', 'Minimum PoW difficulty required', 'user', 'integer', 0),
('pow_mode', 'basic', 'PoW validation mode (basic/full/strict)', 'user', 'string', 0),
-- NIP-40 Expiration Timestamp
('expiration_enabled', 'true', 'Enable NIP-40 expiration handling', 'user', 'boolean', 0),
('expiration_strict', 'true', 'Reject expired events on submission', 'user', 'boolean', 0),
('expiration_filter', 'true', 'Filter expired events from responses', 'user', 'boolean', 0),
('expiration_grace_period', '300', 'Grace period for clock skew (seconds)', 'user', 'integer', 0),
-- Subscription limits
('max_subscriptions_per_client', '20', 'Max subscriptions per client', 'user', 'integer', 0),
('max_total_subscriptions', '5000', 'Max total concurrent subscriptions', 'user', 'integer', 0),
('subscription_id_max_length', '64', 'Maximum subscription ID length', 'user', 'integer', 0),
-- Event processing limits
('max_event_tags', '100', 'Maximum tags per event', 'user', 'integer', 0),
('max_content_length', '8196', 'Maximum content length', 'user', 'integer', 0),
('max_message_length', '16384', 'Maximum message length', 'user', 'integer', 0),
-- Performance settings
('default_limit', '500', 'Default query limit', 'user', 'integer', 0),
('max_limit', '5000', 'Maximum query limit', 'user', 'integer', 0);
```
### Runtime Statistics
```sql
INSERT OR IGNORE INTO server_config (key, value, description, config_type, data_type) VALUES
-- Runtime statistics (updated by server)
('server_start_time', '0', 'Server startup timestamp', 'runtime', 'integer'),
('total_events_processed', '0', 'Total events processed', 'runtime', 'integer'),
('total_subscriptions_created', '0', 'Total subscriptions created', 'runtime', 'integer'),
('current_connections', '0', 'Current active connections', 'runtime', 'integer'),
('database_size_bytes', '0', 'Database file size in bytes', 'runtime', 'integer');
```
## Configuration Views
### Active Configuration View
```sql
CREATE VIEW active_config AS
SELECT
key,
value,
description,
config_type,
data_type,
requires_restart,
updated_at
FROM server_config
WHERE config_type IN ('system', 'user')
ORDER BY config_type, key;
```
### Runtime Statistics View
```sql
CREATE VIEW runtime_stats AS
SELECT
key,
value,
description,
updated_at
FROM server_config
WHERE config_type = 'runtime'
ORDER BY key;
```
### Configuration Change Summary
```sql
CREATE VIEW recent_config_changes AS
SELECT
ch.config_key,
sc.description,
ch.old_value,
ch.new_value,
ch.changed_by,
ch.change_reason,
ch.changed_at
FROM config_history ch
JOIN server_config sc ON ch.config_key = sc.key
ORDER BY ch.changed_at DESC
LIMIT 50;
```
## Validation Rules Format
Configuration validation rules are stored as JSON strings in the `validation_rules` column:
```json
{
"type": "integer",
"min": 1,
"max": 65535,
"required": true
}
```
```json
{
"type": "string",
"pattern": "^[0-9a-fA-F]{64}$",
"required": false,
"description": "64-character hex string"
}
```
```json
{
"type": "boolean",
"required": true
}
```
## Migration Strategy
1. **Phase 1**: Add configuration tables to existing schema
2. **Phase 2**: Populate with current hardcoded values
3. **Phase 3**: Update application code to read from database
4. **Phase 4**: Add file-based configuration loading
5. **Phase 5**: Remove hardcoded defaults and environment variable fallbacks
## Integration Points
- **Startup**: Load configuration from file → database → apply to application
- **Runtime**: Read configuration values from database cache
- **Updates**: Write changes to database → optionally update file
- **Validation**: Validate all configuration changes before applying
- **History**: Track all configuration changes for audit purposes

421
docs/configuration_guide.md Normal file
View File

@@ -0,0 +1,421 @@
# Configuration Management Guide
Comprehensive guide for managing the C Nostr Relay's event-based configuration system.
## Table of Contents
- [Overview](#overview)
- [Configuration Events](#configuration-events)
- [Parameter Reference](#parameter-reference)
- [Configuration Examples](#configuration-examples)
- [Security Considerations](#security-considerations)
- [Troubleshooting](#troubleshooting)
## Overview
The C Nostr Relay uses a revolutionary **event-based configuration system** where all settings are stored as kind 33334 Nostr events in the database. This provides several advantages:
### Benefits
- **Real-time updates**: Configuration changes applied instantly without restart
- **Cryptographic security**: All changes must be cryptographically signed by admin
- **Audit trail**: Complete history of all configuration changes
- **Version control**: Each configuration change is timestamped and signed
- **Zero files**: No configuration files to manage, backup, or version control
### How It Works
1. **Admin keypair**: Generated on first startup, used to sign configuration events
2. **Configuration events**: Kind 33334 Nostr events with relay settings in tags
3. **Real-time processing**: New configuration events processed via WebSocket
4. **Immediate application**: Changes applied to running system without restart
## Configuration Events
### Event Structure
Configuration events follow the standard Nostr event format with kind 33334:
```json
{
"id": "event_id_computed_from_content",
"kind": 33334,
"pubkey": "admin_public_key_hex",
"created_at": 1699123456,
"content": "C Nostr Relay Configuration",
"tags": [
["d", "relay_public_key_hex"],
["relay_description", "My Nostr Relay"],
["max_subscriptions_per_client", "25"],
["pow_min_difficulty", "16"]
],
"sig": "signature_computed_with_admin_private_key"
}
```
### Required Tags
- **`d` tag**: Must contain the relay's public key (identifies which relay this config is for)
### Event Properties
- **Kind**: Must be exactly `33334`
- **Content**: Should be descriptive (e.g., "C Nostr Relay Configuration")
- **Pubkey**: Must be the admin public key generated at first startup
- **Signature**: Must be valid signature from admin private key
## Parameter Reference
### Basic Relay Information
#### `relay_description`
- **Description**: Human-readable relay description (shown in NIP-11)
- **Default**: `"C Nostr Relay"`
- **Format**: String, max 512 characters
- **Example**: `"My awesome Nostr relay for the community"`
#### `relay_contact`
- **Description**: Admin contact information (email, npub, etc.)
- **Default**: `""` (empty)
- **Format**: String, max 256 characters
- **Example**: `"admin@example.com"` or `"npub1..."`
#### `relay_software`
- **Description**: Software identifier for NIP-11
- **Default**: `"c-relay"`
- **Format**: String, max 64 characters
- **Example**: `"c-relay v1.0.0"`
#### `relay_version`
- **Description**: Software version string
- **Default**: Auto-detected from build
- **Format**: Semantic version string
- **Example**: `"1.0.0"`
### Client Connection Limits
#### `max_subscriptions_per_client`
- **Description**: Maximum subscriptions allowed per WebSocket connection
- **Default**: `"25"`
- **Range**: `1` to `100`
- **Impact**: Prevents individual clients from overwhelming the relay
- **Example**: `"50"` (allows up to 50 subscriptions per client)
#### `max_total_subscriptions`
- **Description**: Maximum total subscriptions across all clients
- **Default**: `"5000"`
- **Range**: `100` to `50000`
- **Impact**: Global limit to protect server resources
- **Example**: `"10000"` (allows up to 10,000 total subscriptions)
### Message and Event Limits
#### `max_message_length`
- **Description**: Maximum WebSocket message size in bytes
- **Default**: `"65536"` (64KB)
- **Range**: `1024` to `1048576` (1MB)
- **Impact**: Prevents large messages from consuming resources
- **Example**: `"131072"` (128KB)
#### `max_event_tags`
- **Description**: Maximum number of tags allowed per event
- **Default**: `"2000"`
- **Range**: `10` to `10000`
- **Impact**: Prevents events with excessive tags
- **Example**: `"5000"`
#### `max_content_length`
- **Description**: Maximum event content length in bytes
- **Default**: `"65536"` (64KB)
- **Range**: `1` to `1048576` (1MB)
- **Impact**: Limits event content size
- **Example**: `"131072"` (128KB for longer content)
### Proof of Work (NIP-13)
#### `pow_min_difficulty`
- **Description**: Minimum proof-of-work difficulty required for events
- **Default**: `"0"` (no PoW required)
- **Range**: `0` to `40`
- **Impact**: Higher values require more computational work from clients
- **Example**: `"20"` (requires significant PoW)
#### `pow_mode`
- **Description**: How proof-of-work is handled
- **Default**: `"optional"`
- **Values**:
- `"disabled"`: PoW completely ignored
- `"optional"`: PoW verified if present but not required
- `"required"`: All events must meet minimum difficulty
- **Example**: `"required"` (enforce PoW for all events)
### Event Expiration (NIP-40)
#### `nip40_expiration_enabled`
- **Description**: Enable NIP-40 expiration timestamp support
- **Default**: `"true"`
- **Values**: `"true"` or `"false"`
- **Impact**: When enabled, processes expiration tags and removes expired events
- **Example**: `"false"` (disable expiration processing)
#### `nip40_expiration_strict`
- **Description**: Strict mode for expiration handling
- **Default**: `"false"`
- **Values**: `"true"` or `"false"`
- **Impact**: In strict mode, expired events are immediately rejected
- **Example**: `"true"` (reject expired events immediately)
#### `nip40_expiration_filter`
- **Description**: Filter expired events from query results
- **Default**: `"true"`
- **Values**: `"true"` or `"false"`
- **Impact**: When enabled, expired events are filtered from responses
- **Example**: `"false"` (include expired events in results)
#### `nip40_expiration_grace_period`
- **Description**: Grace period in seconds before expiration takes effect
- **Default**: `"300"` (5 minutes)
- **Range**: `0` to `86400` (24 hours)
- **Impact**: Allows some flexibility in expiration timing
- **Example**: `"600"` (10 minute grace period)
## Configuration Examples
### Basic Relay Setup
```json
{
"kind": 33334,
"content": "Basic Relay Configuration",
"tags": [
["d", "relay_pubkey_here"],
["relay_description", "Community Nostr Relay"],
["relay_contact", "admin@community-relay.com"],
["max_subscriptions_per_client", "30"],
["max_total_subscriptions", "8000"]
]
}
```
### High-Security Relay
```json
{
"kind": 33334,
"content": "High Security Configuration",
"tags": [
["d", "relay_pubkey_here"],
["relay_description", "High-Security Nostr Relay"],
["pow_min_difficulty", "24"],
["pow_mode", "required"],
["max_subscriptions_per_client", "10"],
["max_total_subscriptions", "1000"],
["max_message_length", "32768"],
["nip40_expiration_strict", "true"]
]
}
```
### Public Community Relay
```json
{
"kind": 33334,
"content": "Public Community Relay Configuration",
"tags": [
["d", "relay_pubkey_here"],
["relay_description", "Open Community Relay - Welcome Everyone!"],
["relay_contact", "community@relay.example"],
["max_subscriptions_per_client", "50"],
["max_total_subscriptions", "25000"],
["max_content_length", "131072"],
["pow_mode", "optional"],
["pow_min_difficulty", "8"],
["nip40_expiration_enabled", "true"],
["nip40_expiration_grace_period", "900"]
]
}
```
### Private/Corporate Relay
```json
{
"kind": 33334,
"content": "Corporate Internal Relay",
"tags": [
["d", "relay_pubkey_here"],
["relay_description", "Corporate Internal Communications"],
["relay_contact", "it-admin@company.com"],
["max_subscriptions_per_client", "20"],
["max_total_subscriptions", "2000"],
["max_message_length", "262144"],
["nip40_expiration_enabled", "false"],
["pow_mode", "disabled"]
]
}
```
## Security Considerations
### Admin Key Management
#### Secure Storage
```bash
# Store admin private key securely
echo "ADMIN_PRIVKEY=your_admin_private_key_here" > .env
chmod 600 .env
# Or use a password manager
# Never store in version control
echo ".env" >> .gitignore
```
#### Key Rotation
Currently, admin key rotation requires:
1. Stopping the relay
2. Removing the database (loses all events)
3. Restarting (generates new keys)
Future versions will support admin key rotation while preserving events.
### Event Validation
The relay performs comprehensive validation on configuration events:
#### Cryptographic Validation
- **Signature verification**: Uses `nostr_verify_event_signature()`
- **Event structure**: Validates JSON structure with `nostr_validate_event_structure()`
- **Admin authorization**: Ensures events are signed by the authorized admin pubkey
#### Content Validation
- **Parameter bounds checking**: Validates numeric ranges
- **String length limits**: Enforces maximum lengths
- **Enum validation**: Validates allowed values for mode parameters
### Network Security
#### Access Control
```bash
# Limit access with firewall
sudo ufw allow from 192.168.1.0/24 to any port 8888
# Or use specific IPs
sudo ufw allow from 203.0.113.10 to any port 8888
```
#### TLS/SSL Termination
```nginx
# nginx configuration for HTTPS termination
server {
listen 443 ssl;
server_name relay.example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location / {
proxy_pass http://127.0.0.1:8888;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
```
## Troubleshooting
### Configuration Not Applied
#### Check Event Signature
```javascript
// Verify event signature with nostrtool or similar
const event = { /* your configuration event */ };
const isValid = nostrTools.verifySignature(event);
```
#### Verify Admin Pubkey
```bash
# Check current admin pubkey in database
sqlite3 relay.nrdb "SELECT DISTINCT pubkey FROM events WHERE kind = 33334 ORDER BY created_at DESC LIMIT 1;"
# Compare with expected admin pubkey from first startup
grep "Admin Public Key" relay.log
```
#### Check Event Structure
```bash
# View the exact event stored in database
sqlite3 relay.nrdb "SELECT json_pretty(json_object(
'kind', kind,
'pubkey', pubkey,
'created_at', created_at,
'content', content,
'tags', json(tags),
'sig', sig
)) FROM events WHERE kind = 33334 ORDER BY created_at DESC LIMIT 1;"
```
### Configuration Validation Errors
#### Invalid Parameter Values
```bash
# Check relay logs for validation errors
journalctl -u c-relay | grep "Configuration.*invalid\|Invalid.*configuration"
# Common issues:
# - Numeric values outside valid ranges
# - Invalid enum values (e.g., pow_mode)
# - String values exceeding length limits
```
#### Missing Required Tags
```bash
# Ensure 'd' tag is present with relay pubkey
sqlite3 relay.nrdb "SELECT tags FROM events WHERE kind = 33334 ORDER BY created_at DESC LIMIT 1;" | grep '"d"'
```
### Performance Impact
#### Monitor Configuration Changes
```bash
# Track configuration update frequency
sqlite3 relay.nrdb "SELECT datetime(created_at, 'unixepoch') as date,
COUNT(*) as config_updates
FROM events WHERE kind = 33334
GROUP BY date(created_at, 'unixepoch')
ORDER BY date DESC;"
```
#### Resource Usage After Changes
```bash
# Monitor system resources after configuration updates
top -p $(pgrep c_relay)
# Check for memory leaks
ps aux | grep c_relay | awk '{print $6}' # RSS memory
```
### Emergency Recovery
#### Reset to Default Configuration
If configuration becomes corrupted or causes issues:
```bash
# Create emergency configuration event
nostrtool event \
--kind 33334 \
--content "Emergency Reset Configuration" \
--tag d YOUR_RELAY_PUBKEY \
--tag max_subscriptions_per_client 25 \
--tag max_total_subscriptions 5000 \
--tag pow_mode optional \
--tag pow_min_difficulty 0 \
--private-key YOUR_ADMIN_PRIVKEY \
| nostrtool send ws://localhost:8888
```
#### Database Recovery
```bash
# If database is corrupted, backup and recreate
cp relay.nrdb relay.nrdb.backup
rm relay.nrdb*
./build/c_relay_x86 # Creates fresh database with new keys
```
---
This configuration guide covers all aspects of managing the C Nostr Relay's event-based configuration system. The system provides unprecedented flexibility and security for Nostr relay administration while maintaining simplicity and real-time responsiveness.

94
docs/default_config_event_template.md Normal file
View File

@@ -0,0 +1,94 @@
# Default Configuration Event Template
This document contains the template for the `src/default_config_event.h` file that will be created during implementation.
## File: `src/default_config_event.h`
```c
#ifndef DEFAULT_CONFIG_EVENT_H
#define DEFAULT_CONFIG_EVENT_H
/*
* Default Configuration Event Template
*
* This header contains the default configuration values for the C Nostr Relay.
* These values are used to create the initial kind 33334 configuration event
* during first-time startup.
*
* IMPORTANT: These values should never be accessed directly by other parts
* of the program. They are only used during initial configuration event creation.
*/
// Default configuration key-value pairs
static const struct {
const char* key;
const char* value;
} DEFAULT_CONFIG_VALUES[] = {
// Authentication
{"auth_enabled", "false"},
// Server Core Settings
{"relay_port", "8888"},
{"max_connections", "100"},
// NIP-11 Relay Information (relay keys will be populated at runtime)
{"relay_description", "High-performance C Nostr relay with SQLite storage"},
{"relay_contact", ""},
{"relay_software", "https://git.laantungir.net/laantungir/c-relay.git"},
{"relay_version", "v1.0.0"},
// NIP-13 Proof of Work (pow_min_difficulty = 0 means PoW disabled)
{"pow_min_difficulty", "0"},
{"pow_mode", "basic"},
// NIP-40 Expiration Timestamp
{"nip40_expiration_enabled", "true"},
{"nip40_expiration_strict", "true"},
{"nip40_expiration_filter", "true"},
{"nip40_expiration_grace_period", "300"},
// Subscription Limits
{"max_subscriptions_per_client", "25"},
{"max_total_subscriptions", "5000"},
{"max_filters_per_subscription", "10"},
// Event Processing Limits
{"max_event_tags", "100"},
{"max_content_length", "8196"},
{"max_message_length", "16384"},
// Performance Settings
{"default_limit", "500"},
{"max_limit", "5000"}
};
// Number of default configuration values
#define DEFAULT_CONFIG_COUNT (sizeof(DEFAULT_CONFIG_VALUES) / sizeof(DEFAULT_CONFIG_VALUES[0]))
// Function to create default configuration event
cJSON* create_default_config_event(const unsigned char* admin_privkey_bytes,
const char* relay_privkey_hex,
const char* relay_pubkey_hex);
#endif /* DEFAULT_CONFIG_EVENT_H */
```
## Usage Notes
1. **Isolation**: These default values are completely isolated from the rest of the program
2. **Single Access Point**: Only accessed during `create_default_config_event()`
3. **Runtime Keys**: Relay keys are added at runtime, not stored as defaults
4. **No Direct Access**: Other parts of the program should never include this header directly
5. **Clean Separation**: Keeps default configuration separate from configuration logic
## Function Implementation
The `create_default_config_event()` function will:
1. Create a new cJSON event object with kind 33334
2. Add all default configuration values as tags
3. Add runtime-generated relay keys as tags
4. Use `nostr_core_lib` to sign the event with admin private key
5. Return the complete signed event ready for database storage
This approach ensures clean separation between default values and the configuration system logic.

600
docs/deployment_guide.md Normal file
View File

@@ -0,0 +1,600 @@
# Deployment Guide - C Nostr Relay
Complete deployment guide for the C Nostr Relay with event-based configuration system across different environments and platforms.
## Table of Contents
- [Deployment Overview](#deployment-overview)
- [Production Deployment](#production-deployment)
- [Cloud Deployments](#cloud-deployments)
- [Container Deployment](#container-deployment)
- [Reverse Proxy Setup](#reverse-proxy-setup)
- [Monitoring Setup](#monitoring-setup)
- [Security Hardening](#security-hardening)
- [Backup and Recovery](#backup-and-recovery)
## Deployment Overview
The C Nostr Relay's event-based configuration system simplifies deployment:
### Key Deployment Benefits
- **Zero Configuration**: No config files to manage or transfer
- **Self-Contained**: Single binary + auto-generated database
- **Portable**: Database contains all relay state and configuration
- **Secure**: Admin keys generated locally, never transmitted
- **Scalable**: Efficient SQLite backend with WAL mode
### Deployment Requirements
- **CPU**: 1 vCPU minimum, 2+ recommended
- **RAM**: 512MB minimum, 2GB+ recommended
- **Storage**: 100MB for binary + database growth (varies by usage)
- **Network**: Port 8888 (configurable via events)
- **OS**: Linux (recommended), macOS, Windows (WSL)
## Production Deployment
### Server Preparation
#### System Updates
```bash
# Ubuntu/Debian
sudo apt update && sudo apt upgrade -y
# CentOS/RHEL
sudo yum update -y
# Install required packages
sudo apt install -y build-essential git sqlite3 libsqlite3-dev \
libwebsockets-dev libssl-dev libsecp256k1-dev libcurl4-openssl-dev \
zlib1g-dev systemd
```
#### User and Directory Setup
```bash
# Create dedicated system user
sudo useradd --system --home-dir /opt/c-relay --shell /bin/false c-relay
# Create application directory
sudo mkdir -p /opt/c-relay
sudo chown c-relay:c-relay /opt/c-relay
```
### Build and Installation
#### Automated Installation (Recommended)
```bash
# Clone repository
git clone https://github.com/your-org/c-relay.git
cd c-relay
git submodule update --init --recursive
# Build
make clean && make
# Install as systemd service
sudo systemd/install-service.sh
```
#### Manual Installation
```bash
# Build relay
make clean && make
# Install binary
sudo cp build/c_relay_x86 /opt/c-relay/
sudo chown c-relay:c-relay /opt/c-relay/c_relay_x86
sudo chmod +x /opt/c-relay/c_relay_x86
# Install systemd service
sudo cp systemd/c-relay.service /etc/systemd/system/
sudo systemctl daemon-reload
```
### Service Management
#### Start and Enable Service
```bash
# Start the service
sudo systemctl start c-relay
# Enable auto-start on boot
sudo systemctl enable c-relay
# Check status
sudo systemctl status c-relay
```
#### Capture Admin Keys (CRITICAL)
```bash
# View startup logs to get admin keys
sudo journalctl -u c-relay --since "5 minutes ago" | grep -A 10 "IMPORTANT: SAVE THIS ADMIN PRIVATE KEY"
# Or check the full log
sudo journalctl -u c-relay --no-pager | grep "Admin Private Key"
```
⚠️ **CRITICAL**: Save the admin private key immediately - it's only shown once and is needed for all configuration updates!
### Firewall Configuration
#### UFW (Ubuntu)
```bash
# Allow relay port
sudo ufw allow 8888/tcp
# Allow SSH (ensure you don't lock yourself out)
sudo ufw allow 22/tcp
# Enable firewall
sudo ufw enable
```
#### iptables
```bash
# Allow relay port
sudo iptables -A INPUT -p tcp --dport 8888 -j ACCEPT
# Save rules (Ubuntu/Debian)
sudo iptables-save > /etc/iptables/rules.v4
```
## Cloud Deployments
### AWS EC2
#### Instance Setup
```bash
# Launch Ubuntu 22.04 LTS instance (t3.micro or larger)
# Security Group: Allow port 8888 from 0.0.0.0/0 (or restricted IPs)
# Connect via SSH
ssh -i your-key.pem ubuntu@your-instance-ip
# Use the simple deployment script
git clone https://github.com/your-org/c-relay.git
cd c-relay
sudo examples/deployment/simple-vps/deploy.sh
```
#### Elastic IP (Recommended)
```bash
# Associate Elastic IP to ensure consistent public IP
# Configure DNS A record to point to Elastic IP
```
#### EBS Volume for Data
```bash
# Attach EBS volume for persistent storage
sudo mkfs.ext4 /dev/xvdf
sudo mkdir /data
sudo mount /dev/xvdf /data
sudo chown c-relay:c-relay /data
# Update systemd service to use /data
sudo sed -i 's/WorkingDirectory=\/opt\/c-relay/WorkingDirectory=\/data/' /etc/systemd/system/c-relay.service
sudo systemctl daemon-reload
```
### Google Cloud Platform
#### Compute Engine Setup
```bash
# Create VM instance (e2-micro or larger)
gcloud compute instances create c-relay-instance \
--image-family=ubuntu-2204-lts \
--image-project=ubuntu-os-cloud \
--machine-type=e2-micro \
--tags=nostr-relay
# Configure firewall
gcloud compute firewall-rules create allow-nostr-relay \
--allow tcp:8888 \
--source-ranges 0.0.0.0/0 \
--target-tags nostr-relay
# SSH and deploy
gcloud compute ssh c-relay-instance
git clone https://github.com/your-org/c-relay.git
cd c-relay
sudo examples/deployment/simple-vps/deploy.sh
```
#### Persistent Disk
```bash
# Create and attach persistent disk
gcloud compute disks create relay-data --size=50GB
gcloud compute instances attach-disk c-relay-instance --disk=relay-data
# Format and mount
sudo mkfs.ext4 /dev/sdb
sudo mkdir /data
sudo mount /dev/sdb /data
sudo chown c-relay:c-relay /data
```
### DigitalOcean
#### Droplet Creation
```bash
# Create Ubuntu 22.04 droplet (Basic plan, $6/month minimum)
# Enable monitoring and backups
# SSH into droplet
ssh root@your-droplet-ip
# Deploy relay
git clone https://github.com/your-org/c-relay.git
cd c-relay
examples/deployment/simple-vps/deploy.sh
```
#### Block Storage
```bash
# Attach block storage volume
# Format and mount as /data
sudo mkfs.ext4 /dev/sda
sudo mkdir /data
sudo mount /dev/sda /data
echo '/dev/sda /data ext4 defaults,nofail,discard 0 2' >> /etc/fstab
```
## Automated Deployment Examples
The `examples/deployment/` directory contains ready-to-use scripts:
### Simple VPS Deployment
```bash
# Clone repository and run automated deployment
git clone https://github.com/your-org/c-relay.git
cd c-relay
sudo examples/deployment/simple-vps/deploy.sh
```
### SSL Proxy Setup
```bash
# Set up nginx reverse proxy with SSL
sudo examples/deployment/nginx-proxy/setup-ssl-proxy.sh \
-d relay.example.com -e admin@example.com
```
### Monitoring Setup
```bash
# Set up continuous monitoring
sudo examples/deployment/monitoring/monitor-relay.sh \
-c -i 60 -e admin@example.com
```
### Backup Setup
```bash
# Set up automated backups
sudo examples/deployment/backup/backup-relay.sh \
-s my-backup-bucket -e admin@example.com
```
## Reverse Proxy Setup
### Nginx Configuration
#### Basic WebSocket Proxy
```nginx
# /etc/nginx/sites-available/nostr-relay
server {
listen 80;
server_name relay.yourdomain.com;
location / {
proxy_pass http://127.0.0.1:8888;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket timeouts
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
}
```
#### HTTPS with Let's Encrypt
```bash
# Install certbot
sudo apt install -y certbot python3-certbot-nginx
# Obtain certificate
sudo certbot --nginx -d relay.yourdomain.com
# Auto-renewal (crontab)
echo "0 12 * * * /usr/bin/certbot renew --quiet" | sudo crontab -
```
#### Enhanced HTTPS Configuration
```nginx
server {
listen 443 ssl http2;
server_name relay.yourdomain.com;
# SSL configuration
ssl_certificate /etc/letsencrypt/live/relay.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/relay.yourdomain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# Security headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
# Rate limiting (optional)
limit_req_zone $remote_addr zone=relay:10m rate=10r/s;
limit_req zone=relay burst=20 nodelay;
location / {
proxy_pass http://127.0.0.1:8888;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket timeouts
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
# Buffer settings
proxy_buffering off;
}
}
# Redirect HTTP to HTTPS
server {
listen 80;
server_name relay.yourdomain.com;
return 301 https://$server_name$request_uri;
}
```
### Apache Configuration
#### WebSocket Proxy with mod_proxy_wstunnel
```apache
# Enable required modules
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_wstunnel
sudo a2enmod ssl
# /etc/apache2/sites-available/nostr-relay.conf
<VirtualHost *:443>
ServerName relay.yourdomain.com
# SSL configuration
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/relay.yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/relay.yourdomain.com/privkey.pem
# WebSocket proxy
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / ws://127.0.0.1:8888/
ProxyPassReverse / ws://127.0.0.1:8888/
# Fallback for HTTP requests
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://127.0.0.1:8888/$1" [P,L]
# Security headers
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options DENY
</VirtualHost>
<VirtualHost *:80>
ServerName relay.yourdomain.com
Redirect permanent / https://relay.yourdomain.com/
</VirtualHost>
```
## Monitoring Setup
### System Monitoring
#### Basic Monitoring Script
```bash
#!/bin/bash
# /usr/local/bin/relay-monitor.sh
LOG_FILE="/var/log/relay-monitor.log"
DATE=$(date '+%Y-%m-%d %H:%M:%S')
# Check if relay is running
if ! pgrep -f "c_relay_x86" > /dev/null; then
echo "[$DATE] ERROR: Relay process not running" >> $LOG_FILE
systemctl restart c-relay
fi
# Check port availability
if ! netstat -tln | grep -q ":8888"; then
echo "[$DATE] ERROR: Port 8888 not listening" >> $LOG_FILE
fi
# Check database file
RELAY_DB=$(find /opt/c-relay -name "*.nrdb" | head -1)
if [[ -n "$RELAY_DB" ]]; then
DB_SIZE=$(du -h "$RELAY_DB" | cut -f1)
echo "[$DATE] INFO: Database size: $DB_SIZE" >> $LOG_FILE
fi
# Check memory usage
MEM_USAGE=$(ps aux | grep c_relay_x86 | grep -v grep | awk '{print $6}')
if [[ -n "$MEM_USAGE" ]]; then
echo "[$DATE] INFO: Memory usage: ${MEM_USAGE}KB" >> $LOG_FILE
fi
```
#### Cron Job Setup
```bash
# Add to crontab
echo "*/5 * * * * /usr/local/bin/relay-monitor.sh" | sudo crontab -
# Make script executable
sudo chmod +x /usr/local/bin/relay-monitor.sh
```
### Log Aggregation
#### Centralized Logging with rsyslog
```bash
# /etc/rsyslog.d/50-c-relay.conf
if $programname == 'c-relay' then /var/log/c-relay.log
& stop
```
### External Monitoring
#### Prometheus Integration
```yaml
# /etc/prometheus/prometheus.yml
scrape_configs:
- job_name: 'c-relay'
static_configs:
- targets: ['localhost:8888']
metrics_path: '/metrics' # If implemented
scrape_interval: 30s
```
## Security Hardening
### System Hardening
#### Service User Restrictions
```bash
# Restrict service user
sudo usermod -s /bin/false c-relay
sudo usermod -d /opt/c-relay c-relay
# Set proper permissions
sudo chmod 700 /opt/c-relay
sudo chown -R c-relay:c-relay /opt/c-relay
```
#### File System Restrictions
```bash
# Mount data directory with appropriate options
echo "/dev/sdb /opt/c-relay ext4 defaults,noexec,nosuid,nodev 0 2" >> /etc/fstab
```
### Network Security
#### Fail2Ban Configuration
```ini
# /etc/fail2ban/jail.d/c-relay.conf
[c-relay-dos]
enabled = true
port = 8888
filter = c-relay-dos
logpath = /var/log/c-relay.log
maxretry = 10
findtime = 60
bantime = 300
```
#### DDoS Protection
```bash
# iptables rate limiting
sudo iptables -A INPUT -p tcp --dport 8888 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 8888 -j DROP
```
### Database Security
#### Encryption at Rest
```bash
# Use encrypted filesystem
sudo cryptsetup luksFormat /dev/sdb
sudo cryptsetup luksOpen /dev/sdb relay-data
sudo mkfs.ext4 /dev/mapper/relay-data
```
## Backup and Recovery
### Automated Backup
#### Database Backup Script
```bash
#!/bin/bash
# /usr/local/bin/backup-relay.sh
BACKUP_DIR="/backup/c-relay"
DATE=$(date +%Y%m%d_%H%M%S)
RELAY_DB=$(find /opt/c-relay -name "*.nrdb" | head -1)
mkdir -p "$BACKUP_DIR"
if [[ -n "$RELAY_DB" ]]; then
# SQLite backup
sqlite3 "$RELAY_DB" ".backup $BACKUP_DIR/relay_backup_$DATE.nrdb"
# Compress backup
gzip "$BACKUP_DIR/relay_backup_$DATE.nrdb"
# Cleanup old backups (keep 30 days)
find "$BACKUP_DIR" -name "relay_backup_*.nrdb.gz" -mtime +30 -delete
echo "Backup completed: relay_backup_$DATE.nrdb.gz"
else
echo "No relay database found!"
exit 1
fi
```
#### Cron Schedule
```bash
# Daily backup at 2 AM
echo "0 2 * * * /usr/local/bin/backup-relay.sh" | sudo crontab -
```
### Cloud Backup
#### AWS S3 Sync
```bash
# Install AWS CLI
sudo apt install -y awscli
# Configure AWS credentials
aws configure
# Sync backups to S3
aws s3 sync /backup/c-relay/ s3://your-backup-bucket/c-relay/ --delete
```
### Disaster Recovery
#### Recovery Procedures
```bash
# 1. Restore from backup
gunzip backup/relay_backup_20231201_020000.nrdb.gz
cp backup/relay_backup_20231201_020000.nrdb /opt/c-relay/
# 2. Fix permissions
sudo chown c-relay:c-relay /opt/c-relay/*.nrdb
# 3. Restart service
sudo systemctl restart c-relay
# 4. Verify recovery
sudo journalctl -u c-relay --since "1 minute ago"
```
---
This deployment guide provides comprehensive coverage for deploying the C Nostr Relay across various environments while taking full advantage of the event-based configuration system's simplicity and security features.

358
docs/event_based_config_implementation_plan.md Normal file
View File

@@ -0,0 +1,358 @@
# Event-Based Configuration System Implementation Plan
## Overview
This document provides a detailed implementation plan for transitioning the C Nostr Relay from command line arguments and file-based configuration to a pure event-based configuration system using kind 33334 Nostr events stored directly in the database.
## Implementation Phases
### Phase 0: File Structure Preparation ✅ COMPLETED
#### 0.1 Backup and Prepare Files ✅ COMPLETED
**Actions:**
1. ✅ Rename `src/config.c` to `src/config.c.old` - DONE
2. ✅ Rename `src/config.h` to `src/config.h.old` - DONE
3. ✅ Create new empty `src/config.c` and `src/config.h` - DONE
4. ✅ Create new `src/default_config_event.h` - DONE
### Phase 1: Database Schema and Core Infrastructure ✅ COMPLETED
#### 1.1 Update Database Naming System ✅ COMPLETED
**File:** `src/main.c`, new `src/config.c`, new `src/config.h`
```c
// New functions implemented: ✅
char* get_database_name_from_relay_pubkey(const char* relay_pubkey);
int create_database_with_relay_pubkey(const char* relay_pubkey);
```
**Changes Completed:**
- ✅ Create completely new `src/config.c` and `src/config.h` files
- ✅ Rename old files to `src/config.c.old` and `src/config.h.old`
- ✅ Modify `init_database()` to use relay pubkey for database naming
- ✅ Use `nostr_core_lib` functions for all keypair generation
- ✅ Database path: `./<relay_pubkey>.nrdb`
- ✅ Remove all database path command line argument handling
#### 1.2 Configuration Event Storage ✅ COMPLETED
**File:** new `src/config.c`, new `src/default_config_event.h`
```c
// Configuration functions implemented: ✅
int store_config_event_in_database(const cJSON* event);
cJSON* load_config_event_from_database(const char* relay_pubkey);
```
**Changes Completed:**
- ✅ Create new `src/default_config_event.h` for default configuration values
- ✅ Add functions to store/retrieve kind 33334 events from events table
- ✅ Use `nostr_core_lib` functions for all event validation
- ✅ Clean separation: default config values isolated in header file
- ✅ Remove existing config table dependencies
### Phase 2: Event Processing Integration ✅ COMPLETED
#### 2.1 Real-time Configuration Processing ✅ COMPLETED
**File:** `src/main.c` (event processing functions)
**Integration Points:** ✅ IMPLEMENTED
```c
// In existing event processing loop: ✅ IMPLEMENTED
// Added kind 33334 event detection in main event loop
if (kind_num == 33334) {
if (handle_configuration_event(event, error_message, sizeof(error_message)) == 0) {
// Configuration event processed successfully
}
}
// Configuration event processing implemented: ✅
int process_configuration_event(const cJSON* event);
int handle_configuration_event(cJSON* event, char* error_message, size_t error_size);
```
#### 2.2 Configuration Application System ⚠️ PARTIALLY COMPLETED
**File:** `src/config.c`
**Status:** Configuration access functions implemented, field handlers need completion
```c
// Configuration access implemented: ✅
const char* get_config_value(const char* key);
int get_config_int(const char* key, int default_value);
int get_config_bool(const char* key, int default_value);
// Field handlers need implementation: ⏳ IN PROGRESS
// Need to implement specific apply functions for runtime changes
```
### Phase 3: First-Time Startup System ✅ COMPLETED
#### 3.1 Key Generation and Initial Setup ✅ COMPLETED
**File:** new `src/config.c`, `src/default_config_event.h`
**Status:** ✅ FULLY IMPLEMENTED with secure /dev/urandom + nostr_core_lib validation
```c
int first_time_startup_sequence() {
// 1. Generate admin keypair using nostr_core_lib
unsigned char admin_privkey_bytes[32];
char admin_privkey[65], admin_pubkey[65];
if (nostr_generate_private_key(admin_privkey_bytes) != 0) {
return -1;
}
nostr_bytes_to_hex(admin_privkey_bytes, 32, admin_privkey);
unsigned char admin_pubkey_bytes[32];
if (nostr_ec_public_key_from_private_key(admin_privkey_bytes, admin_pubkey_bytes) != 0) {
return -1;
}
nostr_bytes_to_hex(admin_pubkey_bytes, 32, admin_pubkey);
// 2. Generate relay keypair using nostr_core_lib
unsigned char relay_privkey_bytes[32];
char relay_privkey[65], relay_pubkey[65];
if (nostr_generate_private_key(relay_privkey_bytes) != 0) {
return -1;
}
nostr_bytes_to_hex(relay_privkey_bytes, 32, relay_privkey);
unsigned char relay_pubkey_bytes[32];
if (nostr_ec_public_key_from_private_key(relay_privkey_bytes, relay_pubkey_bytes) != 0) {
return -1;
}
nostr_bytes_to_hex(relay_pubkey_bytes, 32, relay_pubkey);
// 3. Create database with relay pubkey name
if (create_database_with_relay_pubkey(relay_pubkey) != 0) {
return -1;
}
// 4. Create initial configuration event using defaults from header
cJSON* config_event = create_default_config_event(admin_privkey_bytes, relay_privkey, relay_pubkey);
// 5. Store configuration event in database
store_config_event_in_database(config_event);
// 6. Print admin private key for user to save
printf("=== SAVE THIS ADMIN PRIVATE KEY ===\n");
printf("Admin Private Key: %s\n", admin_privkey);
printf("===================================\n");
return 0;
}
```
#### 3.2 Database Detection Logic ✅ COMPLETED
**File:** `src/main.c`
**Status:** ✅ FULLY IMPLEMENTED
```c
// Implemented functions: ✅
char** find_existing_nrdb_files(void);
char* extract_pubkey_from_filename(const char* filename);
int is_first_time_startup(void);
int first_time_startup_sequence(void);
int startup_existing_relay(const char* relay_pubkey);
```
### Phase 4: Legacy System Removal ✅ PARTIALLY COMPLETED
#### 4.1 Remove Command Line Arguments ✅ COMPLETED
**File:** `src/main.c`
**Status:** ✅ COMPLETED
- ✅ All argument parsing logic removed except --help and --version
-`--port`, `--config-dir`, `--config-file`, `--database-path` handling removed
- ✅ Environment variable override systems removed
- ✅ Clean help and version functions implemented
#### 4.2 Remove Configuration File System ✅ COMPLETED
**File:** `src/config.c`
**Status:** ✅ COMPLETED - New file created from scratch
- ✅ All legacy file-based configuration functions removed
- ✅ XDG configuration directory logic removed
- ✅ Pure event-based system implemented
#### 4.3 Remove Legacy Database Tables ⏳ PENDING
**File:** `src/sql_schema.h`
**Status:** ⏳ NEEDS COMPLETION
```sql
-- Still need to remove these tables:
DROP TABLE IF EXISTS config;
DROP TABLE IF EXISTS config_history;
DROP TABLE IF EXISTS config_file_cache;
DROP VIEW IF EXISTS active_config;
```
### Phase 5: Configuration Management
#### 5.1 Configuration Field Mapping
**File:** `src/config.c`
```c
// Map configuration tags to current system
static const config_field_handler_t config_handlers[] = {
{"auth_enabled", 0, apply_auth_enabled},
{"relay_port", 1, apply_relay_port}, // requires restart
{"max_connections", 0, apply_max_connections},
{"relay_description", 0, apply_relay_description},
{"relay_contact", 0, apply_relay_contact},
{"relay_pubkey", 1, apply_relay_pubkey}, // requires restart
{"relay_privkey", 1, apply_relay_privkey}, // requires restart
{"pow_min_difficulty", 0, apply_pow_difficulty},
{"nip40_expiration_enabled", 0, apply_expiration_enabled},
{"max_subscriptions_per_client", 0, apply_max_subscriptions},
{"max_event_tags", 0, apply_max_event_tags},
{"max_content_length", 0, apply_max_content_length},
{"default_limit", 0, apply_default_limit},
{"max_limit", 0, apply_max_limit},
// ... etc
};
```
#### 5.2 Startup Configuration Loading
**File:** `src/main.c`
```c
int startup_existing_relay(const char* relay_pubkey) {
// 1. Open database
if (init_database_with_pubkey(relay_pubkey) != 0) {
return -1;
}
// 2. Load configuration event from database
cJSON* config_event = load_config_event_from_database(relay_pubkey);
if (!config_event) {
log_error("No configuration event found in database");
return -1;
}
// 3. Apply all configuration from event
if (apply_configuration_from_event(config_event) != 0) {
return -1;
}
// 4. Continue with normal startup
return start_relay_services();
}
```
## Implementation Order - PROGRESS STATUS
### Step 1: Core Infrastructure ✅ COMPLETED
1. ✅ Implement database naming with relay pubkey
2. ✅ Add key generation functions using `nostr_core_lib`
3. ✅ Create configuration event storage/retrieval functions
4. ✅ Test basic event creation and storage
### Step 2: Event Processing Integration ✅ MOSTLY COMPLETED
1. ✅ Add kind 33334 event detection to event processing loop
2. ✅ Implement configuration event validation
3. ⚠️ Create configuration application handlers (basic access implemented, runtime handlers pending)
4. ⏳ Test real-time configuration updates (infrastructure ready)
### Step 3: First-Time Startup ✅ COMPLETED
1. ✅ Implement first-time startup detection
2. ✅ Add automatic key generation and database creation
3. ✅ Create default configuration event generation
4. ✅ Test complete first-time startup flow
### Step 4: Legacy Removal ⚠️ MOSTLY COMPLETED
1. ✅ Remove command line argument parsing
2. ✅ Remove configuration file system
3. ⏳ Remove legacy database tables (pending)
4. ✅ Update all references to use event-based config
### Step 5: Testing and Validation ⚠️ PARTIALLY COMPLETED
1. ✅ Test complete startup flow (first time and existing)
2. ⏳ Test configuration updates via events (infrastructure ready)
3. ⚠️ Test error handling and recovery (basic error handling implemented)
4. ⏳ Performance testing and optimization (pending)
## Migration Strategy
### For Existing Installations
Since the new system uses a completely different approach:
1. **No Automatic Migration**: The new system starts fresh
2. **Manual Migration**: Users can manually copy configuration values
3. **Documentation**: Provide clear migration instructions
4. **Coexistence**: Old and new systems use different database names
### Migration Steps for Users
1. Stop existing relay
2. Note current configuration values
3. Start new relay (generates keys and new database)
4. Create kind 33334 event with desired configuration using admin private key
5. Send event to relay to update configuration
## Testing Requirements
### Unit Tests
- Key generation functions
- Configuration event creation and validation
- Database naming logic
- Configuration application handlers
### Integration Tests
- Complete first-time startup flow
- Configuration update via events
- Error handling scenarios
- Database operations
### Performance Tests
- Startup time comparison
- Configuration update response time
- Memory usage analysis
## Security Considerations
1. **Admin Private Key**: Never stored, only printed once
2. **Event Validation**: All configuration events must be signed by admin
3. **Database Security**: Relay database contains relay private key
4. **Key Generation**: Use `nostr_core_lib` for cryptographically secure generation
## Files to Modify
### Major Changes
- `src/main.c` - Startup logic, event processing, argument removal
- `src/config.c` - Complete rewrite for event-based configuration
- `src/config.h` - Update function signatures and structures
- `src/sql_schema.h` - Remove config tables
### Minor Changes
- `Makefile` - Remove any config file generation
- `systemd/` - Update service files if needed
- Documentation updates
## Backwards Compatibility
**Breaking Changes:**
- Command line arguments removed (except --help, --version)
- Configuration files no longer used
- Database naming scheme changed
- Configuration table removed
**Migration Required:** This is a breaking change that requires manual migration for existing installations.
## Success Criteria - CURRENT STATUS
1.**Zero Command Line Arguments**: Relay starts with just `./c-relay`
2.**Automatic First-Time Setup**: Generates keys and database automatically
3. ⚠️ **Real-Time Configuration**: Infrastructure ready, handlers need completion
4.**Single Database File**: All configuration and data in one `.nrdb` file
5. ⚠️ **Admin Control**: Event processing implemented, signature validation ready
6. ⚠️ **Clean Codebase**: Most legacy code removed, database tables cleanup pending
## Risk Mitigation
1. **Backup Strategy**: Document manual backup procedures for relay database
2. **Key Loss Recovery**: Document recovery procedures if admin key is lost
3. **Testing Coverage**: Comprehensive test suite before deployment
4. **Rollback Plan**: Keep old version available during transition period
5. **Documentation**: Comprehensive user and developer documentation
This implementation plan provides a clear path from the current system to the new event-based configuration architecture while maintaining security and reliability.

493
docs/file_config_design.md
View File

@@ -1,493 +0,0 @@
# File-Based Configuration Architecture Design
## Overview
This document outlines the XDG-compliant file-based configuration system for the C Nostr Relay, following the Ginxsom admin system approach using signed Nostr events.
## XDG Base Directory Specification Compliance
### File Location Strategy
**Primary Location:**
```
$XDG_CONFIG_HOME/c-relay/c_relay_config_event.json
```
**Fallback Location:**
```
$HOME/.config/c-relay/c_relay_config_event.json
```
**System-wide Fallback:**
```
/etc/c-relay/c_relay_config_event.json
```
### Directory Structure
```
$XDG_CONFIG_HOME/c-relay/
├── c_relay_config_event.json # Main configuration file
├── backup/ # Configuration backups
│ ├── c_relay_config_event.json.bak
│ └── c_relay_config_event.20241205.json
└── validation/ # Validation logs
└── config_validation.log
```
## Configuration File Format
### Signed Nostr Event Structure
The configuration file contains a signed Nostr event (kind 33334) with relay configuration:
```json
{
"kind": 33334,
"created_at": 1704067200,
"tags": [
["relay_name", "C Nostr Relay"],
["relay_description", "High-performance C Nostr relay with SQLite storage"],
["relay_port", "8888"],
["database_path", "db/c_nostr_relay.db"],
["admin_pubkey", ""],
["admin_enabled", "false"],
["pow_enabled", "true"],
["pow_min_difficulty", "0"],
["pow_mode", "basic"],
["expiration_enabled", "true"],
["expiration_strict", "true"],
["expiration_filter", "true"],
["expiration_grace_period", "300"],
["max_subscriptions_per_client", "20"],
["max_total_subscriptions", "5000"],
["max_connections", "100"],
["relay_contact", ""],
["relay_pubkey", ""],
["relay_software", "https://git.laantungir.net/laantungir/c-relay.git"],
["relay_version", "0.2.0"],
["max_event_tags", "100"],
["max_content_length", "8196"],
["max_message_length", "16384"],
["default_limit", "500"],
["max_limit", "5000"]
],
"content": "C Nostr Relay configuration event",
"pubkey": "admin_public_key_hex_64_chars",
"id": "computed_event_id_hex_64_chars",
"sig": "computed_signature_hex_128_chars"
}
```
### Event Kind Definition
**Kind 33334**: C Nostr Relay Configuration Event
- Parameterized replaceable event
- Must be signed by authorized admin pubkey
- Contains relay configuration as tags
- Validation required on load
## Configuration Loading Architecture
### Loading Priority Chain
1. **Command Line Arguments** (highest priority)
2. **File-based Configuration** (signed Nostr event)
3. **Database Configuration** (persistent storage)
4. **Environment Variables** (compatibility mode)
5. **Hardcoded Defaults** (fallback)
### Loading Process Flow
```mermaid
flowchart TD
A[Server Startup] --> B[Get Config File Path]
B --> C{File Exists?}
C -->|No| D[Check Database Config]
C -->|Yes| E[Load & Parse JSON]
E --> F[Validate Event Structure]
F --> G{Valid Event?}
G -->|No| H[Log Error & Use Database]
G -->|Yes| I[Verify Event Signature]
I --> J{Signature Valid?}
J -->|No| K[Log Error & Use Database]
J -->|Yes| L[Extract Configuration Tags]
L --> M[Apply to Database]
M --> N[Apply to Application]
D --> O[Load from Database]
H --> O
K --> O
O --> P[Apply Environment Variable Overrides]
P --> Q[Apply Command Line Overrides]
Q --> N
N --> R[Server Ready]
```
## C Implementation Architecture
### Core Data Structures
```c
// Configuration file management
typedef struct {
char file_path[512];
char file_hash[65]; // SHA256 hash
time_t last_modified;
time_t last_loaded;
int validation_status; // 0=valid, 1=invalid, 2=unverified
char validation_error[256];
} config_file_info_t;
// Configuration event structure
typedef struct {
char event_id[65];
char pubkey[65];
char signature[129];
long created_at;
int kind;
cJSON* tags;
char* content;
} config_event_t;
// Configuration management context
typedef struct {
config_file_info_t file_info;
config_event_t event;
int loaded_from_file;
int loaded_from_database;
char admin_pubkey[65];
time_t load_timestamp;
} config_context_t;
```
### Core Function Signatures
```c
// XDG path resolution
int get_config_file_path(char* path, size_t path_size);
int create_config_directories(const char* config_path);
// File operations
int load_config_from_file(const char* config_path, config_context_t* ctx);
int save_config_to_file(const char* config_path, const config_event_t* event);
int backup_config_file(const char* config_path);
// Event validation
int validate_config_event_structure(const cJSON* event);
int verify_config_event_signature(const config_event_t* event, const char* admin_pubkey);
int validate_config_tag_values(const cJSON* tags);
// Configuration extraction and application
int extract_config_from_tags(const cJSON* tags, config_context_t* ctx);
int apply_config_to_database(const config_context_t* ctx);
int apply_config_to_globals(const config_context_t* ctx);
// File monitoring and updates
int monitor_config_file_changes(const char* config_path);
int reload_config_on_change(config_context_t* ctx);
// Error handling and logging
int log_config_validation_error(const char* config_key, const char* error);
int log_config_load_event(const config_context_t* ctx, const char* source);
```
## Configuration Validation Rules
### Event Structure Validation
1. **Required Fields**: `kind`, `created_at`, `tags`, `content`, `pubkey`, `id`, `sig`
2. **Kind Validation**: Must be exactly 33334
3. **Timestamp Validation**: Must be reasonable (not too old, not future)
4. **Tags Format**: Array of string arrays `[["key", "value"], ...]`
5. **Signature Verification**: Must be signed by authorized admin pubkey
### Configuration Value Validation
```c
typedef struct {
char* key;
char* data_type; // "string", "integer", "boolean", "json"
char* validation_rule; // JSON validation rule
int required;
char* default_value;
} config_validation_rule_t;
static config_validation_rule_t validation_rules[] = {
{"relay_port", "integer", "{\"min\": 1, \"max\": 65535}", 1, "8888"},
{"pow_min_difficulty", "integer", "{\"min\": 0, \"max\": 64}", 1, "0"},
{"expiration_grace_period", "integer", "{\"min\": 0, \"max\": 86400}", 1, "300"},
{"admin_pubkey", "string", "{\"pattern\": \"^[0-9a-fA-F]{64}$\"}", 0, ""},
{"pow_enabled", "boolean", "{}", 1, "true"},
// ... more rules
};
```
### Security Validation
1. **Admin Pubkey Verification**: Only configured admin pubkeys can create config events
2. **Event ID Verification**: Event ID must match computed hash
3. **Signature Verification**: Signature must be valid for the event and pubkey
4. **Timestamp Validation**: Prevent replay attacks with old events
5. **File Permission Checks**: Config files should have appropriate permissions
## File Management Features
### Configuration File Operations
**File Creation:**
- Generate initial configuration file with default values
- Sign with admin private key
- Set appropriate file permissions (600 - owner read/write only)
**File Updates:**
- Create backup of existing file
- Validate new configuration
- Atomic file replacement (write to temp, then rename)
- Update file metadata cache
**File Monitoring:**
- Watch for file system changes using inotify (Linux)
- Reload configuration automatically when file changes
- Validate changes before applying
- Log all configuration reload events
### Backup and Recovery
**Automatic Backups:**
```
$XDG_CONFIG_HOME/c-relay/backup/
├── c_relay_config_event.json.bak # Last working config
├── c_relay_config_event.20241205-143022.json # Timestamped backups
└── c_relay_config_event.20241204-091530.json
```
**Recovery Process:**
1. Detect corrupted or invalid config file
2. Attempt to load from `.bak` backup
3. If backup fails, generate default configuration
4. Log recovery actions for audit
## Integration with Database Schema
### File-Database Synchronization
**On File Load:**
1. Parse and validate file-based configuration
2. Extract configuration values from event tags
3. Update database `server_config` table
4. Record file metadata in `config_file_cache` table
5. Log configuration changes in `config_history` table
**Configuration Priority Resolution:**
```c
char* get_config_value(const char* key, const char* default_value) {
// Priority: CLI args > File config > DB config > Env vars > Default
char* value = NULL;
// 1. Check command line overrides (if implemented)
value = get_cli_override(key);
if (value) return value;
// 2. Check database (updated from file)
value = get_database_config(key);
if (value) return value;
// 3. Check environment variables (compatibility)
value = get_env_config(key);
if (value) return value;
// 4. Return default
return strdup(default_value);
}
```
## Error Handling and Recovery
### Validation Error Handling
```c
typedef enum {
CONFIG_ERROR_NONE = 0,
CONFIG_ERROR_FILE_NOT_FOUND = 1,
CONFIG_ERROR_PARSE_FAILED = 2,
CONFIG_ERROR_INVALID_STRUCTURE = 3,
CONFIG_ERROR_SIGNATURE_INVALID = 4,
CONFIG_ERROR_UNAUTHORIZED = 5,
CONFIG_ERROR_VALUE_INVALID = 6,
CONFIG_ERROR_IO_ERROR = 7
} config_error_t;
typedef struct {
config_error_t error_code;
char error_message[256];
char config_key[64];
char invalid_value[128];
time_t error_timestamp;
} config_error_info_t;
```
### Graceful Degradation
**File Load Failure:**
1. Log detailed error information
2. Fall back to database configuration
3. Continue operation with last known good config
4. Set service status to "degraded" mode
**Validation Failure:**
1. Log validation errors with specific details
2. Skip invalid configuration items
3. Use default values for failed items
4. Continue with partial configuration
**Permission Errors:**
1. Log permission issues
2. Attempt to use fallback locations
3. Generate temporary config if needed
4. Alert administrator via logs
## Configuration Update Process
### Safe Configuration Updates
**Atomic Update Process:**
1. Create backup of current configuration
2. Write new configuration to temporary file
3. Validate new configuration completely
4. If valid, rename temporary file to active config
5. Update database with new values
6. Apply changes to running server
7. Log successful update
**Rollback Process:**
1. Detect invalid configuration at startup
2. Restore from backup file
3. Log rollback event
4. Continue with previous working configuration
### Hot Reload Support
**File Change Detection:**
```c
int monitor_config_file_changes(const char* config_path) {
// Use inotify on Linux to watch file changes
int inotify_fd = inotify_init();
int watch_fd = inotify_add_watch(inotify_fd, config_path, IN_MODIFY | IN_MOVED_TO);
// Monitor in separate thread
// On change: validate -> apply -> log
return 0;
}
```
**Runtime Configuration Updates:**
- Reload configuration on file change
- Apply non-restart-required changes immediately
- Queue restart-required changes for next restart
- Notify operators of configuration changes
## Security Considerations
### Access Control
**File Permissions:**
- Config files: 600 (owner read/write only)
- Directories: 700 (owner access only)
- Backup files: 600 (owner read/write only)
**Admin Key Management:**
- Admin private keys never stored in config files
- Only admin pubkeys stored for verification
- Support for multiple admin pubkeys
- Key rotation support
### Signature Validation
**Event Signature Verification:**
```c
int verify_config_event_signature(const config_event_t* event, const char* admin_pubkey) {
// 1. Reconstruct event for signing (without id and sig)
// 2. Compute event ID and verify against stored ID
// 3. Verify signature using admin pubkey
// 4. Check admin pubkey authorization
return NOSTR_SUCCESS;
}
```
**Anti-Replay Protection:**
- Configuration events must be newer than current
- Event timestamps validated against reasonable bounds
- Configuration history prevents replay attacks
## Implementation Phases
### Phase 1: Basic File Support
- XDG path resolution
- File loading and parsing
- Basic validation
- Database integration
### Phase 2: Security Features
- Event signature verification
- Admin pubkey management
- File permission checks
- Error handling
### Phase 3: Advanced Features
- Hot reload support
- Automatic backups
- Configuration utilities
- Interactive setup
### Phase 4: Monitoring & Management
- Configuration change monitoring
- Advanced validation rules
- Configuration audit logging
- Management utilities
## Configuration Generation Utilities
### Interactive Setup Script
```bash
#!/bin/bash
# scripts/setup_config.sh - Interactive configuration setup
create_initial_config() {
echo "=== C Nostr Relay Initial Configuration ==="
# Collect basic information
read -p "Relay name [C Nostr Relay]: " relay_name
read -p "Admin public key (hex): " admin_pubkey
read -p "Server port [8888]: " server_port
# Generate signed configuration event
./scripts/generate_config.sh \
--admin-key "$admin_pubkey" \
--relay-name "${relay_name:-C Nostr Relay}" \
--port "${server_port:-8888}" \
--output "$XDG_CONFIG_HOME/c-relay/c_relay_config_event.json"
}
```
### Configuration Validation Utility
```bash
#!/bin/bash
# scripts/validate_config.sh - Validate configuration file
validate_config_file() {
local config_file="$1"
# Check file exists and is readable
# Validate JSON structure
# Verify event signature
# Check configuration values
# Report validation results
}
```
This comprehensive file-based configuration design provides a robust, secure, and maintainable system that follows industry standards while integrating seamlessly with the existing C Nostr Relay architecture.

128
docs/startup_config_analysis.md Normal file
View File

@@ -0,0 +1,128 @@
# Startup Configuration Design Analysis
## Review of startup_config_design.md
### Key Design Principles Identified
1. **Zero Command Line Arguments**: Complete elimination of CLI arguments for true "quick start"
2. **Event-Based Configuration**: Configuration stored as Nostr event (kind 33334) in events table
3. **Self-Contained Database**: Database named after relay pubkey (`<pubkey>.nrdb`)
4. **First-Time Setup**: Automatic key generation and initial configuration creation
5. **Configuration Consistency**: Always read from event, never from hardcoded defaults
### Implementation Gaps and Specifications Needed
#### 1. Key Generation Process
**Specification:**
```
First Startup Key Generation:
1. Generate all keys on first startup (admin private/public, relay private/public)
2. Use nostr_core_lib for key generation entropy
3. Keys are encoded in hex format
4. Print admin private key to stdout for user to save (never stored)
5. Store admin public key, relay private key, and relay public key in configuration event
6. Admin can later change the 33334 event to alter stored keys
```
#### 2. Database Naming and Location
**Specification:**
```
Database Naming:
1. Database is named using relay pubkey: ./<relay_pubkey>.nrdb
2. Database path structure: ./<relay_pubkey>.nrdb
3. If database creation fails, program quits (can't run without database)
4. c_nostr_relay.db should never exist in new system
```
#### 3. Configuration Event Structure (Kind 33334)
**Specification:**
```
Event Structure:
- Kind: 33334 (parameterized replaceable event)
- Event validation: Use nostr_core_lib to validate event
- Event content field: "C Nostr Relay Configuration" (descriptive text)
- Configuration update mechanism: TBD
- Complete tag structure provided in configuration section below
```
#### 4. Configuration Change Monitoring
**Configuration Monitoring System:**
```
Every event that is received is checked to see if it is a kind 33334 event from the admin pubkey.
If so, it is processed as a configuration update.
```
#### 5. Error Handling and Recovery
**Specification:**
```
Error Recovery Priority:
1. Try to load latest valid config event
2. Generate new default configuration event if none exists
3. Exit with error if all recovery attempts fail
Note: There is only ever one configuration event (parameterized replaceable event),
so no fallback to previous versions.
```
### Design Clarifications
**Key Management:**
- Admin private key is never stored, only printed once at first startup
- Single admin system (no multi-admin support)
- No key rotation support
**Configuration Management:**
- No configuration versioning/timestamping
- No automatic backup of configuration events
- Configuration events are not broadcastable to other relays
- Future: Auth system to restrict admin access to configuration events
---
## Complete Current Configuration Structure
Based on analysis of [`src/config.c`](src/config.c:753-795), here is the complete current configuration structure that will be converted to event tags:
### Complete Event Structure Example
```json
{
"kind": 33334,
"created_at": 1725661483,
"tags": [
["d", "<relay_pubkey>"],
["auth_enabled", "false"],
["relay_port", "8888"],
["max_connections", "100"],
["relay_description", "High-performance C Nostr relay with SQLite storage"],
["relay_contact", ""],
["relay_pubkey", "<relay_public_key>"],
["relay_privkey", "<relay_private_key>"],
["relay_software", "https://git.laantungir.net/laantungir/c-relay.git"],
["relay_version", "v1.0.0"],
["pow_min_difficulty", "0"],
["pow_mode", "basic"],
["nip40_expiration_enabled", "true"],
["nip40_expiration_strict", "true"],
["nip40_expiration_filter", "true"],
["nip40_expiration_grace_period", "300"],
["max_subscriptions_per_client", "25"],
["max_total_subscriptions", "5000"],
["max_filters_per_subscription", "10"],
["max_event_tags", "100"],
["max_content_length", "8196"],
["max_message_length", "16384"],
["default_limit", "500"],
["max_limit", "5000"]
],
"content": "C Nostr Relay Configuration",
"pubkey": "<admin_public_key>",
"id": "<computed_event_id>",
"sig": "<event_signature>"
}
```
**Note:** The `admin_pubkey` tag is omitted as it's redundant with the event's `pubkey` field.

22
docs/startup_config_design.md Normal file
View File

@@ -0,0 +1,22 @@
# Startup and configuration for c_nostr_relay
No command line variables. Quick start.
## First time startup
When the program first starts, it generates a new private and public keys for the program, and for the admin. In the command line it prints out the private key for the admin. It creates a database in the same directory as the application. It names the database after the pubkey of the database <pubkey>.nrdb (This stands for nostr relay db)
Internally, it creates a valid nostr event using the generated admin private key, and saves it to the events table in the db. That nostr configuration event is a type 33334 event, with a d tag that equals the database public key d=<db pubkey>.
The event is populated from internal default values. Then the configuration setup is run by reading the event from the database events table.
Important, the constant values are ALWAYS read and set from the 33334 event in the events table, they are NEVER read from the stored default values. This is important for consistancy.
The config section of the program keeps track of the admin file, and if it ever changes, it does what is needed to implement the change.
## Later startups
The program looks for the database with the name c_nostr_relay.db in the same directory as the program. If it doesn't find it, it assumes a first time startup. If it does find it, it loads the database, and the config section reads the config event and proceedes from there.
## Changing database location?
Changing the location of the databases can be done by creating a sym-link to the new location of the database.

507
docs/user_guide.md Normal file
View File

@@ -0,0 +1,507 @@
# C Nostr Relay - User Guide
Complete guide for deploying, configuring, and managing the C Nostr Relay with event-based configuration system.
## Table of Contents
- [Quick Start](#quick-start)
- [Installation](#installation)
- [Configuration Management](#configuration-management)
- [Administration](#administration)
- [Monitoring](#monitoring)
- [Troubleshooting](#troubleshooting)
- [Advanced Usage](#advanced-usage)
## Quick Start
### 1. Build and Start
```bash
# Clone and build
git clone <repository-url>
cd c-relay
git submodule update --init --recursive
make
# Start relay (zero configuration needed)
./build/c_relay_x86
```
### 2. First Startup - Save Keys
The relay will display admin keys on first startup:
```
=================================================================
IMPORTANT: SAVE THIS ADMIN PRIVATE KEY SECURELY!
=================================================================
Admin Private Key: a018ecc259ff296ef7aaca6cdccbc52cf28104ac7a1f14c27b0b8232e5025ddc
Admin Public Key: 68394d08ab87f936a42ff2deb15a84fbdfbe0996ee0eb20cda064aae673285d1
=================================================================
```
⚠️ **CRITICAL**: Save the admin private key - it's needed for configuration updates and only shown once!
### 3. Connect Clients
Your relay is now available at:
- **WebSocket**: `ws://localhost:8888`
- **NIP-11 Info**: `http://localhost:8888`
## Installation
### System Requirements
- **Operating System**: Linux, macOS, or Windows (WSL)
- **RAM**: Minimum 512MB, recommended 2GB+
- **Disk**: 100MB for binary + database storage (grows with events)
- **Network**: Port 8888 (configurable via events)
### Dependencies
Install required libraries:
**Ubuntu/Debian:**
```bash
sudo apt update
sudo apt install build-essential git sqlite3 libsqlite3-dev libwebsockets-dev libssl-dev libsecp256k1-dev libcurl4-openssl-dev zlib1g-dev
```
**CentOS/RHEL:**
```bash
sudo yum install gcc git sqlite-devel libwebsockets-devel openssl-devel libsecp256k1-devel libcurl-devel zlib-devel
```
**macOS (Homebrew):**
```bash
brew install git sqlite libwebsockets openssl libsecp256k1 curl zlib
```
### Building from Source
```bash
# Clone repository
git clone <repository-url>
cd c-relay
# Initialize submodules
git submodule update --init --recursive
# Build
make clean && make
# Verify build
ls -la build/c_relay_x86
```
### Production Deployment
#### SystemD Service (Recommended)
```bash
# Install as system service
sudo systemd/install-service.sh
# Start service
sudo systemctl start c-relay
# Enable auto-start
sudo systemctl enable c-relay
# Check status
sudo systemctl status c-relay
```
#### Manual Deployment
```bash
# Create dedicated user
sudo useradd --system --home-dir /opt/c-relay --shell /bin/false c-relay
# Install binary
sudo mkdir -p /opt/c-relay
sudo cp build/c_relay_x86 /opt/c-relay/
sudo chown -R c-relay:c-relay /opt/c-relay
# Run as service user
sudo -u c-relay /opt/c-relay/c_relay_x86
```
## Configuration Management
### Event-Based Configuration System
Unlike traditional relays that use config files, this relay stores all configuration as **kind 33334 Nostr events** in the database. This provides:
- **Real-time updates**: Changes applied instantly without restart
- **Cryptographic security**: All config changes must be signed by admin
- **Audit trail**: Complete history of configuration changes
- **No file management**: No config files to manage or version control
### First-Time Configuration
On first startup, the relay:
1. **Generates keypairs**: Creates cryptographically secure admin and relay keys
2. **Creates database**: `<relay_pubkey>.nrdb` file with optimized schema
3. **Stores default config**: Creates initial kind 33334 event with sensible defaults
4. **Displays admin key**: Shows admin private key once for you to save
### Updating Configuration
To change relay configuration, create and send a signed kind 33334 event:
#### Using nostrtool (recommended)
```bash
# Install nostrtool
npm install -g nostrtool
# Update relay description
nostrtool event \
--kind 33334 \
--content "C Nostr Relay Configuration" \
--tag d <relay_pubkey> \
--tag relay_description "My Production Relay" \
--tag max_subscriptions_per_client 50 \
--private-key <admin_private_key> \
| nostrtool send ws://localhost:8888
```
#### Manual Event Creation
```json
{
"kind": 33334,
"content": "C Nostr Relay Configuration",
"tags": [
["d", "<relay_pubkey>"],
["relay_description", "My Production Relay"],
["max_subscriptions_per_client", "50"],
["pow_min_difficulty", "20"]
],
"created_at": 1699123456,
"pubkey": "<admin_pubkey>",
"id": "<computed_event_id>",
"sig": "<signature>"
}
```
Send this to your relay via WebSocket, and changes are applied immediately.
### Configuration Parameters
#### Basic Settings
| Parameter | Description | Default | Example |
|-----------|-------------|---------|---------|
| `relay_description` | Relay description for NIP-11 | "C Nostr Relay" | "My awesome relay" |
| `relay_contact` | Admin contact information | "" | "admin@example.com" |
| `relay_software` | Software identifier | "c-relay" | "c-relay v1.0" |
#### Client Limits
| Parameter | Description | Default | Range |
|-----------|-------------|---------|-------|
| `max_subscriptions_per_client` | Max subscriptions per client | "25" | 1-100 |
| `max_total_subscriptions` | Total relay subscription limit | "5000" | 100-50000 |
| `max_message_length` | Maximum message size (bytes) | "65536" | 1024-1048576 |
| `max_event_tags` | Maximum tags per event | "2000" | 10-10000 |
| `max_content_length` | Maximum event content length | "65536" | 1-1048576 |
#### Proof of Work (NIP-13)
| Parameter | Description | Default | Options |
|-----------|-------------|---------|---------|
| `pow_min_difficulty` | Minimum PoW difficulty | "0" | 0-40 |
| `pow_mode` | PoW validation mode | "optional" | "disabled", "optional", "required" |
#### Event Expiration (NIP-40)
| Parameter | Description | Default | Options |
|-----------|-------------|---------|---------|
| `nip40_expiration_enabled` | Enable expiration handling | "true" | "true", "false" |
| `nip40_expiration_strict` | Strict expiration mode | "false" | "true", "false" |
| `nip40_expiration_filter` | Filter expired events | "true" | "true", "false" |
| `nip40_expiration_grace_period` | Grace period (seconds) | "300" | 0-86400 |
## Administration
### Viewing Current Configuration
```bash
# Find your database
ls -la *.nrdb
# View configuration events
sqlite3 <relay_pubkey>.nrdb "SELECT created_at, tags FROM events WHERE kind = 33334 ORDER BY created_at DESC LIMIT 1;"
# View all configuration history
sqlite3 <relay_pubkey>.nrdb "SELECT datetime(created_at, 'unixepoch') as date, tags FROM events WHERE kind = 33334 ORDER BY created_at DESC;"
```
### Admin Key Management
#### Backup Admin Keys
```bash
# Create secure backup
echo "Admin Private Key: <your_admin_key>" > admin_keys_backup_$(date +%Y%m%d).txt
chmod 600 admin_keys_backup_*.txt
# Store in secure location (password manager, encrypted drive, etc.)
```
#### Key Recovery
If you lose your admin private key:
1. **Stop the relay**: `pkill c_relay` or `sudo systemctl stop c-relay`
2. **Backup events**: `cp <relay_pubkey>.nrdb backup_$(date +%Y%m%d).nrdb`
3. **Remove database**: `rm <relay_pubkey>.nrdb*`
4. **Restart relay**: This creates new database with new keys
5. **⚠️ Note**: All stored events and configuration history will be lost
### Security Best Practices
#### Admin Key Security
- **Never share** the admin private key
- **Store securely** in password manager or encrypted storage
- **Backup safely** to multiple secure locations
- **Monitor** configuration changes in logs
#### Network Security
```bash
# Restrict access with firewall
sudo ufw allow 8888/tcp
# Use reverse proxy for HTTPS (recommended)
# Configure nginx/apache to proxy to ws://localhost:8888
```
#### Database Security
```bash
# Secure database file permissions
chmod 600 <relay_pubkey>.nrdb
chown c-relay:c-relay <relay_pubkey>.nrdb
# Regular backups
cp <relay_pubkey>.nrdb backup/relay_backup_$(date +%Y%m%d_%H%M%S).nrdb
```
## Monitoring
### Service Status
```bash
# Check if relay is running
ps aux | grep c_relay
# SystemD status
sudo systemctl status c-relay
# Network connections
netstat -tln | grep 8888
sudo ss -tlpn | grep 8888
```
### Log Monitoring
```bash
# Real-time logs (systemd)
sudo journalctl -u c-relay -f
# Recent logs
sudo journalctl -u c-relay --since "1 hour ago"
# Error logs only
sudo journalctl -u c-relay -p err
# Configuration changes
sudo journalctl -u c-relay | grep "Configuration updated via kind 33334"
```
### Database Analytics
```bash
# Connect to database
sqlite3 <relay_pubkey>.nrdb
# Event statistics
SELECT event_type, COUNT(*) as count FROM events GROUP BY event_type;
# Recent activity
SELECT datetime(created_at, 'unixepoch') as date, kind, LENGTH(content) as content_size
FROM events
ORDER BY created_at DESC
LIMIT 10;
# Subscription analytics (if logging enabled)
SELECT * FROM subscription_analytics ORDER BY date DESC LIMIT 7;
# Configuration changes
SELECT datetime(created_at, 'unixepoch') as date, tags
FROM configuration_events
ORDER BY created_at DESC;
```
### Performance Monitoring
```bash
# Database size
du -sh <relay_pubkey>.nrdb*
# Memory usage
ps aux | grep c_relay | awk '{print $6}' # RSS memory in KB
# Connection count (approximate)
netstat -an | grep :8888 | grep ESTABLISHED | wc -l
# System resources
top -p $(pgrep c_relay)
```
## Troubleshooting
### Common Issues
#### Relay Won't Start
```bash
# Check port availability
netstat -tln | grep 8888
# If port in use, find process: sudo lsof -i :8888
# Check binary permissions
ls -la build/c_relay_x86
chmod +x build/c_relay_x86
# Check dependencies
ldd build/c_relay_x86
```
#### Configuration Not Updating
1. **Verify signature**: Ensure event is properly signed with admin private key
2. **Check admin pubkey**: Must match the pubkey from first startup
3. **Validate event structure**: Use `nostrtool validate` or similar
4. **Check logs**: Look for validation errors in relay logs
5. **Test WebSocket**: Ensure WebSocket connection is active
```bash
# Test WebSocket connection
wscat -c ws://localhost:8888
# Send test message
{"id":"test","method":"REQ","params":["test",{}]}
```
#### Database Issues
```bash
# Check database integrity
sqlite3 <relay_pubkey>.nrdb "PRAGMA integrity_check;"
# Check schema version
sqlite3 <relay_pubkey>.nrdb "SELECT * FROM schema_info WHERE key = 'version';"
# View database size and stats
sqlite3 <relay_pubkey>.nrdb "PRAGMA page_size; PRAGMA page_count;"
```
#### Performance Issues
```bash
# Analyze slow queries (if any)
sqlite3 <relay_pubkey>.nrdb "PRAGMA compile_options;"
# Check database optimization
sqlite3 <relay_pubkey>.nrdb "PRAGMA optimize;"
# Monitor system resources
iostat 1 5 # I/O statistics
free -h # Memory usage
```
### Recovery Procedures
#### Corrupted Database Recovery
```bash
# Attempt repair
sqlite3 <relay_pubkey>.nrdb ".recover" > recovered.sql
sqlite3 recovered.nrdb < recovered.sql
# If repair fails, start fresh (loses all events)
mv <relay_pubkey>.nrdb <relay_pubkey>.nrdb.corrupted
./build/c_relay_x86 # Creates new database
```
#### Lost Configuration Recovery
If configuration is lost but database is intact:
1. **Find old config**: `sqlite3 <relay_pubkey>.nrdb "SELECT * FROM configuration_events;"`
2. **Create new config event**: Use last known good configuration
3. **Sign and send**: Update with current timestamp and new signature
#### Emergency Restart
```bash
# Quick restart with clean state
sudo systemctl stop c-relay
mv <relay_pubkey>.nrdb <relay_pubkey>.nrdb.backup
sudo systemctl start c-relay
# Check logs for new admin keys
sudo journalctl -u c-relay --since "5 minutes ago" | grep "Admin Private Key"
```
## Advanced Usage
### Custom Event Handlers
The relay supports custom handling for different event types. Configuration changes trigger:
- **Subscription Manager Updates**: When client limits change
- **PoW System Reinitialization**: When PoW settings change
- **Expiration System Updates**: When NIP-40 settings change
- **Relay Info Updates**: When NIP-11 information changes
### API Integration
```javascript
// Connect and send configuration update
const ws = new WebSocket('ws://localhost:8888');
ws.on('open', function() {
const configEvent = {
kind: 33334,
content: "Updated configuration",
tags: [
["d", relayPubkey],
["relay_description", "Updated via API"]
],
created_at: Math.floor(Date.now() / 1000),
pubkey: adminPubkey,
// ... add id and sig
};
ws.send(JSON.stringify(["EVENT", configEvent]));
});
```
### Backup Strategies
#### Automated Backup
```bash
#!/bin/bash
# backup-relay.sh
DATE=$(date +%Y%m%d_%H%M%S)
DB_FILE=$(ls *.nrdb | head -1)
BACKUP_DIR="/backup/c-relay"
mkdir -p $BACKUP_DIR
cp $DB_FILE $BACKUP_DIR/relay_backup_$DATE.nrdb
gzip $BACKUP_DIR/relay_backup_$DATE.nrdb
# Cleanup old backups (keep 30 days)
find $BACKUP_DIR -name "relay_backup_*.nrdb.gz" -mtime +30 -delete
```
#### Configuration Export
```bash
# Export configuration events
sqlite3 <relay_pubkey>.nrdb "SELECT json_object(
'kind', kind,
'content', content,
'tags', json(tags),
'created_at', created_at,
'pubkey', pubkey,
'sig', sig
) FROM events WHERE kind = 33334 ORDER BY created_at;" > config_backup.json
```
### Migration Between Servers
```bash
# Source server
tar czf relay_migration.tar.gz *.nrdb* relay.log
# Target server
tar xzf relay_migration.tar.gz
./build/c_relay_x86 # Will detect existing database and continue
```
---
This user guide provides comprehensive coverage of the C Nostr Relay's event-based configuration system. For additional technical details, see the developer documentation in the `docs/` directory.

70
examples/deployment/README.md Normal file
View File

@@ -0,0 +1,70 @@
# Deployment Examples
This directory contains practical deployment examples and scripts for the C Nostr Relay with event-based configuration.
## Directory Structure
```
examples/deployment/
├── README.md # This file
├── simple-vps/ # Basic VPS deployment
├── nginx-proxy/ # Nginx reverse proxy configurations
├── monitoring/ # Monitoring and alerting examples
└── backup/ # Backup and recovery scripts
```
## Quick Start Examples
### 1. Simple VPS Deployment
For a basic Ubuntu VPS deployment:
```bash
cd examples/deployment/simple-vps
chmod +x deploy.sh
sudo ./deploy.sh
```
### 2. SSL Proxy Setup
For nginx reverse proxy with SSL:
```bash
cd examples/deployment/nginx-proxy
chmod +x setup-ssl-proxy.sh
sudo ./setup-ssl-proxy.sh -d relay.example.com -e admin@example.com
```
### 3. Monitoring Setup
For continuous monitoring:
```bash
cd examples/deployment/monitoring
chmod +x monitor-relay.sh
sudo ./monitor-relay.sh -c -e admin@example.com
```
### 4. Backup Setup
For automated backups:
```bash
cd examples/deployment/backup
chmod +x backup-relay.sh
sudo ./backup-relay.sh -s my-backup-bucket -e admin@example.com
```
## Configuration Examples
All examples assume the event-based configuration system where:
- No config files are needed
- Configuration is stored as kind 33334 events in the database
- Admin keys are generated on first startup
- Database naming uses relay pubkey (`<relay_pubkey>.nrdb`)
## Security Notes
- **Save Admin Keys**: All deployment examples emphasize capturing the admin private key on first startup
- **Firewall Configuration**: Examples include proper firewall rules
- **SSL/TLS**: Production examples include HTTPS configuration
- **User Isolation**: Service runs as dedicated `c-relay` system user
## Support
For detailed documentation, see:
- [`docs/deployment_guide.md`](../../docs/deployment_guide.md) - Comprehensive deployment guide
- [`docs/user_guide.md`](../../docs/user_guide.md) - User guide
- [`docs/configuration_guide.md`](../../docs/configuration_guide.md) - Configuration reference

367
examples/deployment/backup/backup-relay.sh Executable file
View File

@@ -0,0 +1,367 @@
#!/bin/bash
# C Nostr Relay - Backup Script
# Automated backup solution for event-based configuration relay
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Default configuration
RELAY_DIR="/opt/c-relay"
BACKUP_DIR="/backup/c-relay"
RETENTION_DAYS="30"
COMPRESS="true"
REMOTE_BACKUP=""
S3_BUCKET=""
NOTIFICATION_EMAIL=""
LOG_FILE="/var/log/relay-backup.log"
# Functions
print_step() {
echo -e "${BLUE}[STEP]${NC} $1"
echo "$(date '+%Y-%m-%d %H:%M:%S') [STEP] $1" >> "$LOG_FILE"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
echo "$(date '+%Y-%m-%d %H:%M:%S') [SUCCESS] $1" >> "$LOG_FILE"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
echo "$(date '+%Y-%m-%d %H:%M:%S') [WARNING] $1" >> "$LOG_FILE"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
echo "$(date '+%Y-%m-%d %H:%M:%S') [ERROR] $1" >> "$LOG_FILE"
}
show_help() {
echo "Usage: $0 [OPTIONS]"
echo
echo "Options:"
echo " -d, --relay-dir DIR Relay directory (default: /opt/c-relay)"
echo " -b, --backup-dir DIR Backup directory (default: /backup/c-relay)"
echo " -r, --retention DAYS Retention period in days (default: 30)"
echo " -n, --no-compress Don't compress backups"
echo " -s, --s3-bucket BUCKET Upload to S3 bucket"
echo " -e, --email EMAIL Send notification email"
echo " -v, --verify Verify backup integrity"
echo " -h, --help Show this help message"
echo
echo "Examples:"
echo " $0 # Basic backup"
echo " $0 -s my-backup-bucket -e admin@example.com"
echo " $0 -r 7 -n # 7-day retention, no compression"
}
parse_args() {
while [[ $# -gt 0 ]]; do
case $1 in
-d|--relay-dir)
RELAY_DIR="$2"
shift 2
;;
-b|--backup-dir)
BACKUP_DIR="$2"
shift 2
;;
-r|--retention)
RETENTION_DAYS="$2"
shift 2
;;
-n|--no-compress)
COMPRESS="false"
shift
;;
-s|--s3-bucket)
S3_BUCKET="$2"
shift 2
;;
-e|--email)
NOTIFICATION_EMAIL="$2"
shift 2
;;
-v|--verify)
VERIFY="true"
shift
;;
-h|--help)
show_help
exit 0
;;
*)
print_error "Unknown option: $1"
show_help
exit 1
;;
esac
done
}
check_dependencies() {
print_step "Checking dependencies..."
# Check sqlite3
if ! command -v sqlite3 &> /dev/null; then
print_error "sqlite3 not found. Install with: apt install sqlite3"
exit 1
fi
# Check compression tools
if [[ "$COMPRESS" == "true" ]]; then
if ! command -v gzip &> /dev/null; then
print_error "gzip not found for compression"
exit 1
fi
fi
# Check S3 tools if needed
if [[ -n "$S3_BUCKET" ]]; then
if ! command -v aws &> /dev/null; then
print_error "AWS CLI not found. Install with: apt install awscli"
exit 1
fi
fi
print_success "Dependencies verified"
}
find_database() {
print_step "Finding relay database..."
# Look for .nrdb files in relay directory
DB_FILES=($(find "$RELAY_DIR" -name "*.nrdb" 2>/dev/null))
if [[ ${#DB_FILES[@]} -eq 0 ]]; then
print_error "No relay database files found in $RELAY_DIR"
exit 1
elif [[ ${#DB_FILES[@]} -gt 1 ]]; then
print_warning "Multiple database files found:"
printf '%s\n' "${DB_FILES[@]}"
print_warning "Using the first one: ${DB_FILES[0]}"
fi
DB_FILE="${DB_FILES[0]}"
DB_NAME=$(basename "$DB_FILE")
print_success "Found database: $DB_FILE"
}
create_backup_directory() {
print_step "Creating backup directory..."
if [[ ! -d "$BACKUP_DIR" ]]; then
mkdir -p "$BACKUP_DIR"
chmod 700 "$BACKUP_DIR"
print_success "Created backup directory: $BACKUP_DIR"
else
print_success "Using existing backup directory: $BACKUP_DIR"
fi
}
perform_backup() {
local timestamp=$(date +%Y%m%d_%H%M%S)
local backup_name="relay_backup_${timestamp}"
local backup_file="$BACKUP_DIR/${backup_name}.nrdb"
print_step "Creating database backup..."
# Check if database is accessible
if [[ ! -r "$DB_FILE" ]]; then
print_error "Cannot read database file: $DB_FILE"
exit 1
fi
# Get database size
local db_size=$(du -h "$DB_FILE" | cut -f1)
print_step "Database size: $db_size"
# Create SQLite backup using .backup command (hot backup)
if sqlite3 "$DB_FILE" ".backup $backup_file" 2>/dev/null; then
print_success "Database backup created: $backup_file"
else
# Fallback to file copy if .backup fails
print_warning "SQLite backup failed, using file copy method"
cp "$DB_FILE" "$backup_file"
print_success "File copy backup created: $backup_file"
fi
# Verify backup file
if [[ ! -f "$backup_file" ]]; then
print_error "Backup file was not created"
exit 1
fi
# Check backup integrity
if [[ "$VERIFY" == "true" ]]; then
print_step "Verifying backup integrity..."
if sqlite3 "$backup_file" "PRAGMA integrity_check;" | grep -q "ok"; then
print_success "Backup integrity verified"
else
print_error "Backup integrity check failed"
exit 1
fi
fi
# Compress backup
if [[ "$COMPRESS" == "true" ]]; then
print_step "Compressing backup..."
gzip "$backup_file"
backup_file="${backup_file}.gz"
print_success "Backup compressed: $backup_file"
fi
# Set backup file as global variable for other functions
BACKUP_FILE="$backup_file"
BACKUP_NAME="$backup_name"
}
upload_to_s3() {
if [[ -z "$S3_BUCKET" ]]; then
return 0
fi
print_step "Uploading backup to S3..."
local s3_path="s3://$S3_BUCKET/c-relay/$(date +%Y)/$(date +%m)/"
if aws s3 cp "$BACKUP_FILE" "$s3_path" --storage-class STANDARD_IA; then
print_success "Backup uploaded to S3: $s3_path"
else
print_error "Failed to upload backup to S3"
return 1
fi
}
cleanup_old_backups() {
print_step "Cleaning up old backups..."
local deleted_count=0
# Clean local backups
while IFS= read -r -d '' file; do
rm "$file"
((deleted_count++))
done < <(find "$BACKUP_DIR" -name "relay_backup_*.nrdb*" -mtime "+$RETENTION_DAYS" -print0 2>/dev/null)
if [[ $deleted_count -gt 0 ]]; then
print_success "Deleted $deleted_count old local backups"
else
print_success "No old local backups to delete"
fi
# Clean S3 backups if configured
if [[ -n "$S3_BUCKET" ]]; then
local cutoff_date=$(date -d "$RETENTION_DAYS days ago" +%Y-%m-%d)
print_step "Cleaning S3 backups older than $cutoff_date..."
# Note: This is a simplified approach. In production, use S3 lifecycle policies
aws s3 ls "s3://$S3_BUCKET/c-relay/" --recursive | \
awk '$1 < "'$cutoff_date'" {print $4}' | \
while read -r key; do
aws s3 rm "s3://$S3_BUCKET/$key"
print_step "Deleted S3 backup: $key"
done
fi
}
send_notification() {
if [[ -z "$NOTIFICATION_EMAIL" ]]; then
return 0
fi
print_step "Sending notification email..."
local subject="C Nostr Relay Backup - $(date +%Y-%m-%d)"
local backup_size=$(du -h "$BACKUP_FILE" | cut -f1)
local message="Backup completed successfully.
Details:
- Date: $(date)
- Database: $DB_FILE
- Backup File: $BACKUP_FILE
- Backup Size: $backup_size
- Retention: $RETENTION_DAYS days
"
if [[ -n "$S3_BUCKET" ]]; then
message+="\n- S3 Bucket: $S3_BUCKET"
fi
# Try to send email using mail command
if command -v mail &> /dev/null; then
echo -e "$message" | mail -s "$subject" "$NOTIFICATION_EMAIL"
print_success "Notification sent to $NOTIFICATION_EMAIL"
else
print_warning "Mail command not available, skipping notification"
fi
}
show_backup_summary() {
local backup_size=$(du -h "$BACKUP_FILE" | cut -f1)
local backup_count=$(find "$BACKUP_DIR" -name "relay_backup_*.nrdb*" | wc -l)
echo
echo "🎉 Backup Completed Successfully!"
echo
echo "Backup Details:"
echo " Source DB: $DB_FILE"
echo " Backup File: $BACKUP_FILE"
echo " Backup Size: $backup_size"
echo " Compressed: $COMPRESS"
echo " Verified: ${VERIFY:-false}"
echo
echo "Storage:"
echo " Local Backups: $backup_count files in $BACKUP_DIR"
echo " Retention: $RETENTION_DAYS days"
if [[ -n "$S3_BUCKET" ]]; then
echo " S3 Bucket: $S3_BUCKET"
fi
echo
echo "Management Commands:"
echo " List backups: find $BACKUP_DIR -name 'relay_backup_*'"
echo " Restore: See examples/deployment/backup/restore-relay.sh"
echo
}
# Main execution
main() {
echo
echo "==============================================="
echo "💾 C Nostr Relay - Database Backup"
echo "==============================================="
echo
# Initialize log file
mkdir -p "$(dirname "$LOG_FILE")"
touch "$LOG_FILE"
parse_args "$@"
check_dependencies
find_database
create_backup_directory
perform_backup
upload_to_s3
cleanup_old_backups
send_notification
show_backup_summary
print_success "Backup process completed successfully!"
}
# Handle errors
trap 'print_error "Backup failed at line $LINENO"' ERR
# Run main function
main "$@"

460
examples/deployment/monitoring/monitor-relay.sh Executable file
View File

@@ -0,0 +1,460 @@
#!/bin/bash
# C Nostr Relay - Monitoring Script
# Comprehensive monitoring for event-based configuration relay
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
RELAY_DIR="/opt/c-relay"
SERVICE_NAME="c-relay"
RELAY_PORT="8888"
LOG_FILE="/var/log/relay-monitor.log"
ALERT_EMAIL=""
WEBHOOK_URL=""
CHECK_INTERVAL="60"
MAX_MEMORY_MB="1024"
MAX_DB_SIZE_MB="10240"
MIN_DISK_SPACE_MB="1024"
# Counters for statistics
TOTAL_CHECKS=0
FAILED_CHECKS=0
ALERTS_SENT=0
# Functions
print_step() {
echo -e "${BLUE}[INFO]${NC} $1"
log_message "INFO" "$1"
}
print_success() {
echo -e "${GREEN}[OK]${NC} $1"
log_message "OK" "$1"
}
print_warning() {
echo -e "${YELLOW}[WARN]${NC} $1"
log_message "WARN" "$1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
log_message "ERROR" "$1"
}
log_message() {
local level="$1"
local message="$2"
echo "$(date '+%Y-%m-%d %H:%M:%S') [$level] $message" >> "$LOG_FILE"
}
show_help() {
echo "Usage: $0 [OPTIONS]"
echo
echo "Options:"
echo " -d, --relay-dir DIR Relay directory (default: /opt/c-relay)"
echo " -p, --port PORT Relay port (default: 8888)"
echo " -i, --interval SECONDS Check interval (default: 60)"
echo " -e, --email EMAIL Alert email address"
echo " -w, --webhook URL Webhook URL for alerts"
echo " -m, --max-memory MB Max memory usage alert (default: 1024MB)"
echo " -s, --max-db-size MB Max database size alert (default: 10240MB)"
echo " -f, --min-free-space MB Min disk space alert (default: 1024MB)"
echo " -c, --continuous Run continuously (daemon mode)"
echo " -h, --help Show this help message"
echo
echo "Examples:"
echo " $0 # Single check"
echo " $0 -c -i 30 -e admin@example.com # Continuous monitoring"
echo " $0 -w https://hooks.slack.com/... # Webhook notifications"
}
parse_args() {
CONTINUOUS="false"
while [[ $# -gt 0 ]]; do
case $1 in
-d|--relay-dir)
RELAY_DIR="$2"
shift 2
;;
-p|--port)
RELAY_PORT="$2"
shift 2
;;
-i|--interval)
CHECK_INTERVAL="$2"
shift 2
;;
-e|--email)
ALERT_EMAIL="$2"
shift 2
;;
-w|--webhook)
WEBHOOK_URL="$2"
shift 2
;;
-m|--max-memory)
MAX_MEMORY_MB="$2"
shift 2
;;
-s|--max-db-size)
MAX_DB_SIZE_MB="$2"
shift 2
;;
-f|--min-free-space)
MIN_DISK_SPACE_MB="$2"
shift 2
;;
-c|--continuous)
CONTINUOUS="true"
shift
;;
-h|--help)
show_help
exit 0
;;
*)
print_error "Unknown option: $1"
show_help
exit 1
;;
esac
done
}
check_process_running() {
print_step "Checking if relay process is running..."
if pgrep -f "c_relay_x86" > /dev/null; then
print_success "Relay process is running"
return 0
else
print_error "Relay process is not running"
return 1
fi
}
check_port_listening() {
print_step "Checking if port $RELAY_PORT is listening..."
if netstat -tln 2>/dev/null | grep -q ":$RELAY_PORT " || \
ss -tln 2>/dev/null | grep -q ":$RELAY_PORT "; then
print_success "Port $RELAY_PORT is listening"
return 0
else
print_error "Port $RELAY_PORT is not listening"
return 1
fi
}
check_service_status() {
print_step "Checking systemd service status..."
if systemctl is-active --quiet "$SERVICE_NAME"; then
print_success "Service $SERVICE_NAME is active"
return 0
else
local status=$(systemctl is-active "$SERVICE_NAME" 2>/dev/null || echo "unknown")
print_error "Service $SERVICE_NAME status: $status"
return 1
fi
}
check_memory_usage() {
print_step "Checking memory usage..."
local memory_kb=$(ps aux | grep "c_relay_x86" | grep -v grep | awk '{sum+=$6} END {print sum}')
if [[ -z "$memory_kb" ]]; then
print_warning "Could not determine memory usage"
return 1
fi
local memory_mb=$((memory_kb / 1024))
if [[ $memory_mb -gt $MAX_MEMORY_MB ]]; then
print_error "High memory usage: ${memory_mb}MB (limit: ${MAX_MEMORY_MB}MB)"
return 1
else
print_success "Memory usage: ${memory_mb}MB"
return 0
fi
}
check_database_size() {
print_step "Checking database size..."
local db_files=($(find "$RELAY_DIR" -name "*.nrdb" 2>/dev/null))
if [[ ${#db_files[@]} -eq 0 ]]; then
print_warning "No database files found"
return 1
fi
local total_size=0
for db_file in "${db_files[@]}"; do
if [[ -r "$db_file" ]]; then
local size_kb=$(du -k "$db_file" | cut -f1)
total_size=$((total_size + size_kb))
fi
done
local total_size_mb=$((total_size / 1024))
if [[ $total_size_mb -gt $MAX_DB_SIZE_MB ]]; then
print_error "Large database size: ${total_size_mb}MB (limit: ${MAX_DB_SIZE_MB}MB)"
return 1
else
print_success "Database size: ${total_size_mb}MB"
return 0
fi
}
check_disk_space() {
print_step "Checking disk space..."
local free_space_kb=$(df "$RELAY_DIR" | awk 'NR==2 {print $4}')
local free_space_mb=$((free_space_kb / 1024))
if [[ $free_space_mb -lt $MIN_DISK_SPACE_MB ]]; then
print_error "Low disk space: ${free_space_mb}MB (minimum: ${MIN_DISK_SPACE_MB}MB)"
return 1
else
print_success "Free disk space: ${free_space_mb}MB"
return 0
fi
}
check_database_integrity() {
print_step "Checking database integrity..."
local db_files=($(find "$RELAY_DIR" -name "*.nrdb" 2>/dev/null))
if [[ ${#db_files[@]} -eq 0 ]]; then
print_warning "No database files to check"
return 1
fi
local integrity_ok=true
for db_file in "${db_files[@]}"; do
if [[ -r "$db_file" ]]; then
if timeout 30 sqlite3 "$db_file" "PRAGMA integrity_check;" | grep -q "ok"; then
print_success "Database integrity OK: $(basename "$db_file")"
else
print_error "Database integrity failed: $(basename "$db_file")"
integrity_ok=false
fi
fi
done
if $integrity_ok; then
return 0
else
return 1
fi
}
check_websocket_connection() {
print_step "Checking WebSocket connection..."
# Simple connection test using curl
if timeout 10 curl -s -N -H "Connection: Upgrade" \
-H "Upgrade: websocket" -H "Sec-WebSocket-Key: test" \
-H "Sec-WebSocket-Version: 13" \
"http://localhost:$RELAY_PORT/" >/dev/null 2>&1; then
print_success "WebSocket connection test passed"
return 0
else
print_warning "WebSocket connection test failed (may be normal)"
return 1
fi
}
check_configuration_events() {
print_step "Checking configuration events..."
local db_files=($(find "$RELAY_DIR" -name "*.nrdb" 2>/dev/null))
if [[ ${#db_files[@]} -eq 0 ]]; then
print_warning "No database files found"
return 1
fi
local config_count=0
for db_file in "${db_files[@]}"; do
if [[ -r "$db_file" ]]; then
local count=$(sqlite3 "$db_file" "SELECT COUNT(*) FROM events WHERE kind = 33334;" 2>/dev/null || echo "0")
config_count=$((config_count + count))
fi
done
if [[ $config_count -gt 0 ]]; then
print_success "Configuration events found: $config_count"
return 0
else
print_warning "No configuration events found"
return 1
fi
}
send_alert() {
local subject="$1"
local message="$2"
local severity="$3"
ALERTS_SENT=$((ALERTS_SENT + 1))
# Email alert
if [[ -n "$ALERT_EMAIL" ]] && command -v mail >/dev/null 2>&1; then
echo -e "$message" | mail -s "$subject" "$ALERT_EMAIL"
print_step "Alert sent to $ALERT_EMAIL"
fi
# Webhook alert
if [[ -n "$WEBHOOK_URL" ]] && command -v curl >/dev/null 2>&1; then
local webhook_data="{\"text\":\"$subject\",\"attachments\":[{\"color\":\"$severity\",\"text\":\"$message\"}]}"
curl -X POST -H 'Content-type: application/json' \
--data "$webhook_data" "$WEBHOOK_URL" >/dev/null 2>&1
print_step "Alert sent to webhook"
fi
}
restart_service() {
print_step "Attempting to restart service..."
if systemctl restart "$SERVICE_NAME"; then
print_success "Service restarted successfully"
sleep 5 # Wait for service to stabilize
return 0
else
print_error "Failed to restart service"
return 1
fi
}
run_checks() {
local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
local failed_checks=0
local total_checks=8
echo
echo "🔍 Relay Health Check - $timestamp"
echo "=================================="
# Core functionality checks
check_process_running || ((failed_checks++))
check_service_status || ((failed_checks++))
check_port_listening || ((failed_checks++))
# Resource checks
check_memory_usage || ((failed_checks++))
check_disk_space || ((failed_checks++))
check_database_size || ((failed_checks++))
# Database checks
check_database_integrity || ((failed_checks++))
check_configuration_events || ((failed_checks++))
# Optional checks
check_websocket_connection # Don't count this as critical
TOTAL_CHECKS=$((TOTAL_CHECKS + total_checks))
FAILED_CHECKS=$((FAILED_CHECKS + failed_checks))
# Summary
echo
if [[ $failed_checks -eq 0 ]]; then
print_success "All checks passed ($total_checks/$total_checks)"
return 0
else
print_error "Failed checks: $failed_checks/$total_checks"
# Send alert if configured
if [[ -n "$ALERT_EMAIL" || -n "$WEBHOOK_URL" ]]; then
local alert_subject="C Nostr Relay Health Alert"
local alert_message="Relay health check failed.
Failed checks: $failed_checks/$total_checks
Time: $timestamp
Host: $(hostname)
Service: $SERVICE_NAME
Port: $RELAY_PORT
Please check the relay logs:
sudo journalctl -u $SERVICE_NAME --since '10 minutes ago'
"
send_alert "$alert_subject" "$alert_message" "danger"
fi
# Auto-restart if service is down
if ! check_process_running >/dev/null 2>&1; then
print_step "Process is down, attempting restart..."
restart_service
fi
return 1
fi
}
show_statistics() {
if [[ $TOTAL_CHECKS -gt 0 ]]; then
local success_rate=$(( (TOTAL_CHECKS - FAILED_CHECKS) * 100 / TOTAL_CHECKS ))
echo
echo "📊 Monitoring Statistics"
echo "======================="
echo "Total Checks: $TOTAL_CHECKS"
echo "Failed Checks: $FAILED_CHECKS"
echo "Success Rate: ${success_rate}%"
echo "Alerts Sent: $ALERTS_SENT"
fi
}
cleanup() {
echo
print_step "Monitoring stopped"
show_statistics
exit 0
}
# Main execution
main() {
echo
echo "📡 C Nostr Relay - Health Monitor"
echo "================================="
echo
# Initialize log file
mkdir -p "$(dirname "$LOG_FILE")"
touch "$LOG_FILE"
parse_args "$@"
# Trap signals for cleanup
trap cleanup SIGINT SIGTERM
if [[ "$CONTINUOUS" == "true" ]]; then
print_step "Starting continuous monitoring (interval: ${CHECK_INTERVAL}s)"
print_step "Press Ctrl+C to stop"
while true; do
run_checks
sleep "$CHECK_INTERVAL"
done
else
run_checks
fi
show_statistics
}
# Run main function
main "$@"

168
examples/deployment/nginx-proxy/nginx.conf Normal file
View File

@@ -0,0 +1,168 @@
# Nginx Configuration for C Nostr Relay
# Complete nginx.conf for reverse proxy setup with SSL
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# Basic settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml;
# Rate limiting
limit_req_zone $remote_addr zone=relay:10m rate=10r/s;
# Map WebSocket upgrade
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Upstream for the relay
upstream c_relay_backend {
server 127.0.0.1:8888;
keepalive 32;
}
# HTTP Server (redirect to HTTPS)
server {
listen 80;
server_name relay.yourdomain.com;
# Redirect all HTTP to HTTPS
return 301 https://$server_name$request_uri;
}
# HTTPS Server
server {
listen 443 ssl http2;
server_name relay.yourdomain.com;
# SSL Configuration
ssl_certificate /etc/letsencrypt/live/relay.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/relay.yourdomain.com/privkey.pem;
# SSL Security Settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/relay.yourdomain.com/chain.pem;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Security Headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' wss://relay.yourdomain.com; script-src 'self'; style-src 'self' 'unsafe-inline';" always;
# Rate limiting
limit_req zone=relay burst=20 nodelay;
# Main proxy location for WebSocket and HTTP
location / {
# Proxy settings
proxy_pass http://c_relay_backend;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
# Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
# WebSocket support
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# Timeouts for WebSocket connections
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
proxy_connect_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
# Error handling
proxy_intercept_errors on;
error_page 502 503 504 /50x.html;
}
# Error pages
location = /50x.html {
root /usr/share/nginx/html;
}
# Health check endpoint (if implemented)
location /health {
proxy_pass http://c_relay_backend/health;
access_log off;
}
# Deny access to hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Optional: Metrics endpoint (if implemented)
location /metrics {
proxy_pass http://c_relay_backend/metrics;
# Restrict access to monitoring systems
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
}
}
}

346
examples/deployment/nginx-proxy/setup-ssl-proxy.sh Executable file
View File

@@ -0,0 +1,346 @@
#!/bin/bash
# C Nostr Relay - Nginx SSL Proxy Setup Script
# Sets up nginx as a reverse proxy with Let's Encrypt SSL
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
DOMAIN=""
EMAIL=""
RELAY_PORT="8888"
NGINX_CONF_DIR="/etc/nginx"
SITES_AVAILABLE="/etc/nginx/sites-available"
SITES_ENABLED="/etc/nginx/sites-enabled"
# Functions
print_step() {
echo -e "${BLUE}[STEP]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
show_help() {
echo "Usage: $0 -d DOMAIN -e EMAIL [OPTIONS]"
echo
echo "Required options:"
echo " -d, --domain DOMAIN Domain name for the relay (e.g., relay.example.com)"
echo " -e, --email EMAIL Email address for Let's Encrypt"
echo
echo "Optional options:"
echo " -p, --port PORT Relay port (default: 8888)"
echo " -h, --help Show this help message"
echo
echo "Example:"
echo " $0 -d relay.example.com -e admin@example.com"
}
parse_args() {
while [[ $# -gt 0 ]]; do
case $1 in
-d|--domain)
DOMAIN="$2"
shift 2
;;
-e|--email)
EMAIL="$2"
shift 2
;;
-p|--port)
RELAY_PORT="$2"
shift 2
;;
-h|--help)
show_help
exit 0
;;
*)
print_error "Unknown option: $1"
show_help
exit 1
;;
esac
done
if [[ -z "$DOMAIN" || -z "$EMAIL" ]]; then
print_error "Domain and email are required"
show_help
exit 1
fi
}
check_root() {
if [[ $EUID -ne 0 ]]; then
print_error "This script must be run as root (use sudo)"
exit 1
fi
}
check_relay_running() {
print_step "Checking if C Nostr Relay is running..."
if ! pgrep -f "c_relay_x86" > /dev/null; then
print_error "C Nostr Relay is not running"
print_error "Please start the relay first with: sudo systemctl start c-relay"
exit 1
fi
if ! netstat -tln | grep -q ":$RELAY_PORT"; then
print_error "Relay is not listening on port $RELAY_PORT"
exit 1
fi
print_success "Relay is running on port $RELAY_PORT"
}
install_nginx() {
print_step "Installing nginx..."
if command -v nginx &> /dev/null; then
print_warning "Nginx is already installed"
else
apt update
apt install -y nginx
systemctl enable nginx
print_success "Nginx installed"
fi
}
install_certbot() {
print_step "Installing certbot for Let's Encrypt..."
if command -v certbot &> /dev/null; then
print_warning "Certbot is already installed"
else
apt install -y certbot python3-certbot-nginx
print_success "Certbot installed"
fi
}
create_nginx_config() {
print_step "Creating nginx configuration..."
# Backup existing default config
if [[ -f "$SITES_ENABLED/default" ]]; then
mv "$SITES_ENABLED/default" "$SITES_ENABLED/default.backup"
print_warning "Backed up default nginx config"
fi
# Create site configuration
cat > "$SITES_AVAILABLE/$DOMAIN" << EOF
# HTTP Server (will be modified by certbot for HTTPS)
server {
listen 80;
server_name $DOMAIN;
# Rate limiting
limit_req_zone \$remote_addr zone=relay:10m rate=10r/s;
limit_req zone=relay burst=20 nodelay;
# Map WebSocket upgrade
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
location / {
# Proxy settings
proxy_pass http://127.0.0.1:$RELAY_PORT;
proxy_http_version 1.1;
proxy_cache_bypass \$http_upgrade;
# Headers
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
# WebSocket support
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$connection_upgrade;
# Timeouts for WebSocket connections
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
# Buffer settings
proxy_buffering off;
}
# Health check
location /health {
proxy_pass http://127.0.0.1:$RELAY_PORT/health;
access_log off;
}
}
EOF
# Enable the site
ln -sf "$SITES_AVAILABLE/$DOMAIN" "$SITES_ENABLED/"
print_success "Nginx configuration created for $DOMAIN"
}
test_nginx_config() {
print_step "Testing nginx configuration..."
if nginx -t; then
print_success "Nginx configuration is valid"
else
print_error "Nginx configuration is invalid"
exit 1
fi
}
restart_nginx() {
print_step "Restarting nginx..."
systemctl restart nginx
systemctl enable nginx
if systemctl is-active --quiet nginx; then
print_success "Nginx restarted successfully"
else
print_error "Failed to restart nginx"
exit 1
fi
}
setup_ssl() {
print_step "Setting up SSL certificate with Let's Encrypt..."
# Obtain certificate
if certbot --nginx -d "$DOMAIN" --email "$EMAIL" --agree-tos --non-interactive; then
print_success "SSL certificate obtained and configured"
else
print_error "Failed to obtain SSL certificate"
exit 1
fi
}
setup_auto_renewal() {
print_step "Setting up SSL certificate auto-renewal..."
# Create renewal cron job
cat > /etc/cron.d/certbot-renew << EOF
# Renew Let's Encrypt certificates
0 12 * * * root /usr/bin/certbot renew --quiet && /usr/bin/systemctl reload nginx
EOF
print_success "Auto-renewal configured"
}
configure_firewall() {
print_step "Configuring firewall..."
if command -v ufw &> /dev/null; then
ufw allow 'Nginx Full'
ufw delete allow 'Nginx HTTP' 2>/dev/null || true
print_success "UFW configured for nginx"
elif command -v firewall-cmd &> /dev/null; then
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
print_success "Firewalld configured"
else
print_warning "No recognized firewall found"
print_warning "Please ensure ports 80 and 443 are open"
fi
}
test_setup() {
print_step "Testing the setup..."
sleep 5
# Test HTTP redirect
if curl -s -o /dev/null -w "%{http_code}" "http://$DOMAIN" | grep -q "301\|302"; then
print_success "HTTP to HTTPS redirect working"
else
print_warning "HTTP redirect test failed"
fi
# Test HTTPS
if curl -s -o /dev/null -w "%{http_code}" "https://$DOMAIN" | grep -q "200"; then
print_success "HTTPS connection working"
else
print_warning "HTTPS test failed"
fi
# Test WebSocket (if relay supports it)
if command -v wscat &> /dev/null; then
print_step "Testing WebSocket connection..."
timeout 5 wscat -c "wss://$DOMAIN" --execute "exit" &>/dev/null && \
print_success "WebSocket connection working" || \
print_warning "WebSocket test inconclusive (install wscat for better testing)"
fi
}
show_final_status() {
echo
echo "🎉 SSL Proxy Setup Complete!"
echo
echo "Configuration Summary:"
echo " Domain: $DOMAIN"
echo " SSL: Let's Encrypt"
echo " Backend: 127.0.0.1:$RELAY_PORT"
echo " Config: $SITES_AVAILABLE/$DOMAIN"
echo
echo "Your Nostr relay is now accessible at:"
echo " HTTPS URL: https://$DOMAIN"
echo " WebSocket: wss://$DOMAIN"
echo
echo "Management Commands:"
echo " Test config: sudo nginx -t"
echo " Reload nginx: sudo systemctl reload nginx"
echo " Check SSL: sudo certbot certificates"
echo " Renew SSL: sudo certbot renew"
echo
echo "SSL certificate will auto-renew via cron."
echo
}
# Main execution
main() {
echo
echo "============================================"
echo "🔒 C Nostr Relay - SSL Proxy Setup"
echo "============================================"
echo
parse_args "$@"
check_root
check_relay_running
install_nginx
install_certbot
create_nginx_config
test_nginx_config
restart_nginx
setup_ssl
setup_auto_renewal
configure_firewall
test_setup
show_final_status
print_success "SSL proxy setup completed successfully!"
}
# Run main function
main "$@"

282
examples/deployment/simple-vps/deploy.sh Executable file
View File

@@ -0,0 +1,282 @@
#!/bin/bash
# C Nostr Relay - Simple VPS Deployment Script
# Deploys the relay with event-based configuration on Ubuntu/Debian VPS
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
RELAY_USER="c-relay"
INSTALL_DIR="/opt/c-relay"
SERVICE_NAME="c-relay"
RELAY_PORT="8888"
# Functions
print_step() {
echo -e "${BLUE}[STEP]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
check_root() {
if [[ $EUID -ne 0 ]]; then
print_error "This script must be run as root (use sudo)"
exit 1
fi
}
detect_os() {
if [[ -f /etc/debian_version ]]; then
OS="debian"
print_success "Detected Debian/Ubuntu system"
elif [[ -f /etc/redhat-release ]]; then
OS="redhat"
print_success "Detected RedHat/CentOS system"
else
print_error "Unsupported operating system"
exit 1
fi
}
install_dependencies() {
print_step "Installing system dependencies..."
if [[ $OS == "debian" ]]; then
apt update
apt install -y build-essential git sqlite3 libsqlite3-dev \
libwebsockets-dev libssl-dev libsecp256k1-dev \
libcurl4-openssl-dev zlib1g-dev systemd curl wget
elif [[ $OS == "redhat" ]]; then
yum groupinstall -y "Development Tools"
yum install -y git sqlite-devel libwebsockets-devel \
openssl-devel libsecp256k1-devel libcurl-devel \
zlib-devel systemd curl wget
fi
print_success "Dependencies installed"
}
create_user() {
print_step "Creating system user for relay..."
if id "$RELAY_USER" &>/dev/null; then
print_warning "User $RELAY_USER already exists"
else
useradd --system --home-dir "$INSTALL_DIR" --shell /bin/false "$RELAY_USER"
print_success "Created user: $RELAY_USER"
fi
}
setup_directories() {
print_step "Setting up directories..."
mkdir -p "$INSTALL_DIR"
chown "$RELAY_USER:$RELAY_USER" "$INSTALL_DIR"
chmod 755 "$INSTALL_DIR"
print_success "Directories configured"
}
build_relay() {
print_step "Building C Nostr Relay..."
# Check if we're in the source directory
if [[ ! -f "Makefile" ]]; then
print_error "Makefile not found. Please run this script from the c-relay source directory."
exit 1
fi
# Clean and build
make clean
make
if [[ ! -f "build/c_relay_x86" ]]; then
print_error "Build failed - binary not found"
exit 1
fi
print_success "Relay built successfully"
}
install_binary() {
print_step "Installing relay binary..."
cp build/c_relay_x86 "$INSTALL_DIR/"
chown "$RELAY_USER:$RELAY_USER" "$INSTALL_DIR/c_relay_x86"
chmod +x "$INSTALL_DIR/c_relay_x86"
print_success "Binary installed to $INSTALL_DIR"
}
install_service() {
print_step "Installing systemd service..."
# Use the existing systemd service file
if [[ -f "systemd/c-relay.service" ]]; then
cp systemd/c-relay.service /etc/systemd/system/
systemctl daemon-reload
print_success "Systemd service installed"
else
print_warning "Systemd service file not found, creating basic one..."
cat > /etc/systemd/system/c-relay.service << EOF
[Unit]
Description=C Nostr Relay
After=network.target
[Service]
Type=simple
User=$RELAY_USER
Group=$RELAY_USER
WorkingDirectory=$INSTALL_DIR
ExecStart=$INSTALL_DIR/c_relay_x86
Restart=always
RestartSec=5
# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=$INSTALL_DIR
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
print_success "Basic systemd service created"
fi
}
configure_firewall() {
print_step "Configuring firewall..."
if command -v ufw &> /dev/null; then
# UFW (Ubuntu)
ufw allow "$RELAY_PORT/tcp" comment "Nostr Relay"
print_success "UFW rule added for port $RELAY_PORT"
elif command -v firewall-cmd &> /dev/null; then
# Firewalld (CentOS/RHEL)
firewall-cmd --permanent --add-port="$RELAY_PORT/tcp"
firewall-cmd --reload
print_success "Firewalld rule added for port $RELAY_PORT"
else
print_warning "No recognized firewall found. Please manually open port $RELAY_PORT"
fi
}
start_service() {
print_step "Starting relay service..."
systemctl enable "$SERVICE_NAME"
systemctl start "$SERVICE_NAME"
sleep 3
if systemctl is-active --quiet "$SERVICE_NAME"; then
print_success "Relay service started and enabled"
else
print_error "Failed to start relay service"
print_error "Check logs with: journalctl -u $SERVICE_NAME --no-pager"
exit 1
fi
}
capture_admin_keys() {
print_step "Capturing admin keys..."
echo
echo "=================================="
echo "🔑 CRITICAL: ADMIN PRIVATE KEY 🔑"
echo "=================================="
echo
print_warning "The admin private key will be shown in the service logs."
print_warning "This key is generated ONCE and is needed for all configuration updates!"
echo
echo "To view the admin key, run:"
echo " sudo journalctl -u $SERVICE_NAME --no-pager | grep -A 5 'Admin Private Key'"
echo
echo "Or check recent logs:"
echo " sudo journalctl -u $SERVICE_NAME --since '5 minutes ago'"
echo
print_error "IMPORTANT: Save this key in a secure location immediately!"
echo
}
show_status() {
print_step "Deployment Status"
echo
echo "🎉 Deployment Complete!"
echo
echo "Service Status:"
systemctl status "$SERVICE_NAME" --no-pager -l
echo
echo "Quick Commands:"
echo " Check status: sudo systemctl status $SERVICE_NAME"
echo " View logs: sudo journalctl -u $SERVICE_NAME -f"
echo " Restart: sudo systemctl restart $SERVICE_NAME"
echo " Stop: sudo systemctl stop $SERVICE_NAME"
echo
echo "Relay Information:"
echo " Port: $RELAY_PORT"
echo " Directory: $INSTALL_DIR"
echo " User: $RELAY_USER"
echo " Database: Auto-generated in $INSTALL_DIR"
echo
echo "Next Steps:"
echo "1. Get your admin private key from the logs (see above)"
echo "2. Configure your relay using the event-based system"
echo "3. Set up SSL/TLS with a reverse proxy (nginx/apache)"
echo "4. Configure monitoring and backups"
echo
echo "Documentation:"
echo " User Guide: docs/user_guide.md"
echo " Config Guide: docs/configuration_guide.md"
echo " Deployment: docs/deployment_guide.md"
echo
}
# Main deployment flow
main() {
echo
echo "=========================================="
echo "🚀 C Nostr Relay - Simple VPS Deployment"
echo "=========================================="
echo
check_root
detect_os
install_dependencies
create_user
setup_directories
build_relay
install_binary
install_service
configure_firewall
start_service
capture_admin_keys
show_status
print_success "Deployment completed successfully!"
}
# Run main function
main "$@"

103
make_and_restart_relay.sh
View File

@@ -6,13 +6,13 @@
echo "=== C Nostr Relay Build and Restart Script ==="
# Parse command line arguments
PRESERVE_CONFIG=false
PRESERVE_DATABASE=false
HELP=false
while [[ $# -gt 0 ]]; do
case $1 in
--preserve-config|-p)
PRESERVE_CONFIG=true
--preserve-database|-p)
PRESERVE_DATABASE=true
shift
;;
--help|-h)
@@ -32,48 +32,59 @@ if [ "$HELP" = true ]; then
echo "Usage: $0 [OPTIONS]"
echo ""
echo "Options:"
echo " --preserve-config, -p Keep existing configuration file (don't regenerate)"
echo " --help, -h Show this help message"
echo " --preserve-database, -p Keep existing database files (don't delete for fresh start)"
echo " --help, -h Show this help message"
echo ""
echo "Development Setup:"
echo " Uses local config directory: ./dev-config/"
echo " This avoids conflicts with production instances using ~/.config/c-relay/"
echo "Event-Based Configuration:"
echo " This relay now uses event-based configuration stored directly in the database."
echo " On first startup, keys are automatically generated and printed once."
echo " Database file: <relay_pubkey>.db (created automatically)"
echo ""
echo "Default behavior: Automatically regenerates configuration file on each build"
echo "Examples:"
echo " $0 # Fresh start with new keys (default)"
echo " $0 -p # Preserve existing database and keys"
echo ""
echo "Default behavior: Deletes existing database files to start fresh with new keys"
echo " for development purposes"
exit 0
fi
# Handle configuration file and database regeneration
# Use local development config directory to avoid conflicts with production
DEV_CONFIG_DIR="./dev-config"
CONFIG_FILE="$DEV_CONFIG_DIR/c_relay_config_event.json"
DB_FILE="./db/c_nostr_relay.db"
# Create development config directory if it doesn't exist
mkdir -p "$DEV_CONFIG_DIR"
if [ "$PRESERVE_CONFIG" = false ]; then
if [ -f "$CONFIG_FILE" ]; then
echo "Removing old development configuration file to trigger regeneration..."
rm -f "$CONFIG_FILE"
echo "✓ Development configuration file removed - will be regenerated with new keys"
# Handle database file cleanup for fresh start
if [ "$PRESERVE_DATABASE" = false ]; then
if ls *.db >/dev/null 2>&1 || ls build/*.db >/dev/null 2>&1; then
echo "Removing existing database files to trigger fresh key generation..."
rm -f *.db build/*.db
echo "✓ Database files removed - will generate new keys and database"
else
echo "No existing database found - will generate fresh setup"
fi
if [ -f "$DB_FILE" ]; then
echo "Removing old database to trigger fresh key generation..."
rm -f "$DB_FILE"* # Remove db file and any WAL/SHM files
echo "✓ Database removed - will be recreated with embedded schema and new keys"
fi
elif [ "$PRESERVE_CONFIG" = true ]; then
echo "Preserving existing development configuration and database as requested"
else
echo "No existing development configuration or database found - will generate fresh setup"
echo "Preserving existing database files as requested"
# Back up database files before clean build
if ls build/*.db >/dev/null 2>&1; then
echo "Backing up existing database files..."
mkdir -p /tmp/relay_backup_$$
cp build/*.db* /tmp/relay_backup_$$/ 2>/dev/null || true
echo "Database files backed up to temporary location"
fi
fi
# Clean up legacy files that are no longer used
rm -rf dev-config/ 2>/dev/null
rm -f db/c_nostr_relay.db* 2>/dev/null
# Build the project first
echo "Building project..."
make clean all
# Restore database files if preserving
if [ "$PRESERVE_DATABASE" = true ] && [ -d "/tmp/relay_backup_$$" ]; then
echo "Restoring preserved database files..."
cp /tmp/relay_backup_$$/*.db* build/ 2>/dev/null || true
rm -rf /tmp/relay_backup_$$
echo "Database files restored to build directory"
fi
# Check if build was successful
if [ $? -ne 0 ]; then
echo "ERROR: Build failed. Cannot restart relay."
@@ -126,16 +137,20 @@ fi
rm -f relay.pid
# Database initialization is now handled automatically by the relay
# when it starts up with embedded schema
# with event-based configuration system
echo "Database will be initialized automatically on startup if needed"
# Start relay in background with output redirection
echo "Starting relay server..."
echo "Debug: Current processes: $(ps aux | grep 'c_relay_' | grep -v grep || echo 'None')"
# Start relay in background and capture its PID with development config directory
$BINARY_PATH --config-dir "$DEV_CONFIG_DIR" > relay.log 2>&1 &
# Change to build directory before starting relay so database files are created there
cd build
# Start relay in background and capture its PID (no command line arguments needed)
./$(basename $BINARY_PATH) > ../relay.log 2>&1 &
RELAY_PID=$!
# Change back to original directory
cd ..
echo "Started with PID: $RELAY_PID"
@@ -155,23 +170,25 @@ if ps -p "$RELAY_PID" >/dev/null 2>&1; then
# Check if new keys were generated and display them
sleep 1 # Give relay time to write initial logs
if grep -q "GENERATED RELAY KEYPAIRS" relay.log 2>/dev/null; then
echo "=== IMPORTANT: NEW KEYPAIRS GENERATED ==="
if grep -q "IMPORTANT: SAVE THIS ADMIN PRIVATE KEY SECURELY!" relay.log 2>/dev/null; then
echo "=== IMPORTANT: NEW ADMIN PRIVATE KEY GENERATED ==="
echo ""
# Extract and display the keypairs section from the log
grep -A 12 -B 2 "GENERATED RELAY KEYPAIRS" relay.log | head -n 16
# Extract and display the admin private key section from the log
grep -A 15 -B 2 "IMPORTANT: SAVE THIS ADMIN PRIVATE KEY SECURELY!" relay.log | head -n 20
echo ""
echo "⚠️ SAVE THESE PRIVATE KEYS SECURELY - THEY CONTROL YOUR RELAY!"
echo "⚠️ These keys are also logged in relay.log for reference"
echo "⚠️ SAVE THIS ADMIN PRIVATE KEY SECURELY - IT CONTROLS YOUR RELAY CONFIGURATION!"
echo "⚠️ This key is needed to update configuration and is only displayed once"
echo "⚠️ The relay and database information is also logged in relay.log for reference"
echo ""
fi
echo "=== Relay server running in background ==="
echo "Development config: $DEV_CONFIG_DIR/"
echo "=== Event-Based Relay Server Running ==="
echo "Configuration: Event-based (kind 33334 Nostr events)"
echo "Database: Automatically created with relay pubkey naming"
echo "To kill relay: pkill -f 'c_relay_'"
echo "To check status: ps aux | grep c_relay_"
echo "To view logs: tail -f relay.log"
echo "Binary: $BINARY_PATH --config-dir $DEV_CONFIG_DIR"
echo "Binary: $BINARY_PATH (zero configuration needed)"
echo "Ready for Nostr client connections!"
else
echo "ERROR: Relay failed to start"

2
relay.pid
View File

@@ -1 +1 @@
913504
1190476

35
relay2.log Normal file
View File

@@ -0,0 +1,35 @@
=== C Nostr Relay Server ===
Event-based configuration system
[INFO] Existing relay detected
[INFO] Initializing event-based configuration system...
[SUCCESS] Event-based configuration system initialized
[INFO] Starting existing relay...
Relay pubkey: 6df436471c7965d6473e89998162e6b87cc3547d71a2db12f559a39f4596059a
[SUCCESS] Existing relay startup prepared
[SUCCESS] Database connection established: 6df436471c7965d6473e89998162e6b87cc3547d71a2db12f559a39f4596059a.nrdb
[INFO] Database schema already exists, skipping initialization
[INFO] Existing database schema version: 4
[WARNING] No configuration event found in existing database
[SUCCESS] Relay information initialized with default values
[INFO] Initializing NIP-13 Proof of Work configuration
[INFO] PoW configured in basic validation mode (default)
[INFO] PoW Configuration: enabled=true, min_difficulty=0, validation_flags=0x1, mode=full
[INFO] Initializing NIP-40 Expiration Timestamp configuration
[INFO] Expiration Configuration: enabled=true, strict_mode=true, filter_responses=true, grace_period=300 seconds
[INFO] Subscription limits: max_per_client=25, max_total=5000
[INFO] Starting relay server...
[INFO] Starting libwebsockets-based Nostr relay server...
[INFO] Checking port availability: 8888
[WARNING] Port 8888 is in use, trying port 8889 (attempt 2/5)
[INFO] Checking port availability: 8889
[INFO] Attempting to bind libwebsockets to port 8889
[WARNING] WebSocket relay started on ws://127.0.0.1:8889 (configured port 8888 was unavailable)
[SUCCESS] WebSocket relay started on ws://127.0.0.1:8889 (configured port 8888 was unavailable)
[INFO] Received shutdown signal
[INFO] Shutting down WebSocket server...
[SUCCESS] WebSocket relay shut down cleanly
[INFO] Cleaning up configuration system...
[SUCCESS] Configuration system cleaned up
[INFO] Database connection closed
[SUCCESS] Server shutdown complete

37
relay3.log Normal file
View File

@@ -0,0 +1,37 @@
=== C Nostr Relay Server ===
Event-based configuration system
[INFO] Existing relay detected
[INFO] Initializing event-based configuration system...
[SUCCESS] Event-based configuration system initialized
[INFO] Starting existing relay...
Relay pubkey: 6df436471c7965d6473e89998162e6b87cc3547d71a2db12f559a39f4596059a
[SUCCESS] Existing relay startup prepared
[SUCCESS] Database connection established: 6df436471c7965d6473e89998162e6b87cc3547d71a2db12f559a39f4596059a.nrdb
[INFO] Database schema already exists, skipping initialization
[INFO] Existing database schema version: 4
[WARNING] No configuration event found in existing database
[SUCCESS] Relay information initialized with default values
[INFO] Initializing NIP-13 Proof of Work configuration
[INFO] PoW configured in basic validation mode (default)
[INFO] PoW Configuration: enabled=true, min_difficulty=0, validation_flags=0x1, mode=full
[INFO] Initializing NIP-40 Expiration Timestamp configuration
[INFO] Expiration Configuration: enabled=true, strict_mode=true, filter_responses=true, grace_period=300 seconds
[INFO] Subscription limits: max_per_client=25, max_total=5000
[INFO] Starting relay server...
[INFO] Starting libwebsockets-based Nostr relay server...
[INFO] Checking port availability: 8888
[WARNING] Port 8888 is in use, trying port 8889 (attempt 2/5)
[INFO] Checking port availability: 8889
[WARNING] Port 8889 is in use, trying port 8890 (attempt 3/5)
[INFO] Checking port availability: 8890
[INFO] Attempting to bind libwebsockets to port 8890
[WARNING] WebSocket relay started on ws://127.0.0.1:8890 (configured port 8888 was unavailable)
[SUCCESS] WebSocket relay started on ws://127.0.0.1:8890 (configured port 8888 was unavailable)
[INFO] Received shutdown signal
[INFO] Shutting down WebSocket server...
[SUCCESS] WebSocket relay shut down cleanly
[INFO] Cleaning up configuration system...
[SUCCESS] Configuration system cleaned up
[INFO] Database connection closed
[SUCCESS] Server shutdown complete

2083
src/config.c
View File

File diff suppressed because it is too large Load Diff

254
src/config.h
View File

@@ -2,231 +2,81 @@
#define CONFIG_H
#include <sqlite3.h>
#include <time.h>
#include <stddef.h>
#include <cjson/cJSON.h>
#include <time.h>
// Configuration system constants
#define CONFIG_KEY_MAX_LENGTH 64
#define CONFIG_VALUE_MAX_LENGTH 512
#define CONFIG_DESCRIPTION_MAX_LENGTH 256
#define CONFIG_XDG_DIR_NAME "c-relay"
#define CONFIG_FILE_NAME "c_relay_config_event.json"
#define CONFIG_ADMIN_PRIVKEY_ENV "C_RELAY_ADMIN_PRIVKEY"
#define CONFIG_RELAY_PRIVKEY_ENV "C_RELAY_PRIVKEY"
#define CONFIG_DIR_OVERRIDE_ENV "C_RELAY_CONFIG_DIR_OVERRIDE"
#define CONFIG_FILE_OVERRIDE_ENV "C_RELAY_CONFIG_FILE_OVERRIDE"
#define NOSTR_PUBKEY_HEX_LENGTH 64
#define NOSTR_PRIVKEY_HEX_LENGTH 64
#define NOSTR_EVENT_ID_HEX_LENGTH 64
#define NOSTR_SIGNATURE_HEX_LENGTH 128
// Protocol and implementation constants (hardcoded - should NOT be configurable)
#define SUBSCRIPTION_ID_MAX_LENGTH 64
#define CLIENT_IP_MAX_LENGTH 64
#define RELAY_NAME_MAX_LENGTH 128
#define RELAY_DESCRIPTION_MAX_LENGTH 1024
#define RELAY_URL_MAX_LENGTH 256
#define RELAY_CONTACT_MAX_LENGTH 128
// Configuration constants
#define CONFIG_VALUE_MAX_LENGTH 1024
#define RELAY_NAME_MAX_LENGTH 256
#define RELAY_DESCRIPTION_MAX_LENGTH 512
#define RELAY_URL_MAX_LENGTH 512
#define RELAY_PUBKEY_MAX_LENGTH 65
// Default configuration values (used as fallbacks if database config fails)
#define DEFAULT_DATABASE_PATH "db/c_nostr_relay.db"
#define DEFAULT_PORT 8888
#define DEFAULT_HOST "127.0.0.1"
#define MAX_CLIENTS 100
#define MAX_SUBSCRIPTIONS_PER_CLIENT 20
#define RELAY_CONTACT_MAX_LENGTH 256
#define SUBSCRIPTION_ID_MAX_LENGTH 64
#define CLIENT_IP_MAX_LENGTH 46
#define MAX_SUBSCRIPTIONS_PER_CLIENT 25
#define MAX_TOTAL_SUBSCRIPTIONS 5000
#define MAX_FILTERS_PER_SUBSCRIPTION 10
#define DEFAULT_PORT 8888
#define DEFAULT_DATABASE_PATH "db/c_nostr_relay.db"
// Configuration types
typedef enum {
CONFIG_TYPE_SYSTEM = 0,
CONFIG_TYPE_USER = 1,
CONFIG_TYPE_RUNTIME = 2
} config_type_t;
// Database path for event-based config
extern char g_database_path[512];
// Configuration data types
typedef enum {
CONFIG_DATA_STRING = 0,
CONFIG_DATA_INTEGER = 1,
CONFIG_DATA_BOOLEAN = 2,
CONFIG_DATA_JSON = 3
} config_data_type_t;
// Configuration validation result
typedef enum {
CONFIG_VALID = 0,
CONFIG_INVALID_TYPE = 1,
CONFIG_INVALID_RANGE = 2,
CONFIG_INVALID_FORMAT = 3,
CONFIG_MISSING_REQUIRED = 4
} config_validation_result_t;
// Configuration entry structure
typedef struct {
char key[CONFIG_KEY_MAX_LENGTH];
char value[CONFIG_VALUE_MAX_LENGTH];
char description[CONFIG_DESCRIPTION_MAX_LENGTH];
config_type_t config_type;
config_data_type_t data_type;
int is_sensitive;
int requires_restart;
time_t created_at;
time_t updated_at;
} config_entry_t;
// Configuration manager state
// Configuration manager structure
typedef struct {
sqlite3* db;
sqlite3_stmt* get_config_stmt;
sqlite3_stmt* set_config_stmt;
sqlite3_stmt* log_change_stmt;
// Configuration loading status
int file_config_loaded;
int database_config_loaded;
time_t last_reload;
// XDG configuration directory
char config_dir_path[512];
char config_file_path[600];
char relay_pubkey[65];
char admin_pubkey[65];
time_t last_config_check;
char config_file_path[512]; // Temporary for compatibility
} config_manager_t;
// Global configuration manager instance
// Command line options structure for first-time startup
typedef struct {
int port_override; // -1 = not set, >0 = port value
// Future CLI options can be added here
} cli_options_t;
// Global configuration manager
extern config_manager_t g_config_manager;
// ================================
// CORE CONFIGURATION FUNCTIONS
// ================================
// Initialize configuration system
int init_configuration_system(void);
// Cleanup configuration system
// Core configuration functions (temporary compatibility)
int init_configuration_system(const char* config_dir_override, const char* config_file_override);
void cleanup_configuration_system(void);
// Load configuration from all sources (file -> database -> defaults)
int load_configuration(void);
// Database config functions (temporary compatibility)
int set_database_config(const char* key, const char* value, const char* changed_by);
// Apply loaded configuration to global variables
int apply_configuration_to_globals(void);
// Database functions
char* get_database_name_from_relay_pubkey(const char* relay_pubkey);
int create_database_with_relay_pubkey(const char* relay_pubkey);
// ================================
// DATABASE CONFIGURATION FUNCTIONS
// ================================
// Configuration event functions
int store_config_event_in_database(const cJSON* event);
cJSON* load_config_event_from_database(const char* relay_pubkey);
int process_configuration_event(const cJSON* event);
int handle_configuration_event(cJSON* event, char* error_message, size_t error_size);
// Initialize database prepared statements
int init_config_database_statements(void);
// Retry storing initial config event after database initialization
int retry_store_initial_config_event(void);
// Get configuration value from database
int get_database_config(const char* key, char* value, size_t value_size);
// Set configuration value in database
int set_database_config(const char* key, const char* new_value, const char* changed_by);
// Load all configuration from database
int load_config_from_database(void);
// ================================
// FILE CONFIGURATION FUNCTIONS
// ================================
// Get XDG configuration directory path
int get_xdg_config_dir(char* path, size_t path_size);
// Check if configuration file exists
int config_file_exists(void);
// Load configuration from file
int load_config_from_file(void);
// Validate and apply Nostr configuration event
int validate_and_apply_config_event(const cJSON* event);
// Validate Nostr event structure
int validate_nostr_event_structure(const cJSON* event);
// Validate configuration tags array
int validate_config_tags(const cJSON* tags);
// Extract and apply configuration tags to database
int extract_and_apply_config_tags(const cJSON* tags);
// ================================
// CONFIGURATION ACCESS FUNCTIONS
// ================================
// Get configuration value (checks all sources: file -> database -> environment -> defaults)
// Configuration access functions
const char* get_config_value(const char* key);
// Get configuration value as integer
int get_config_int(const char* key, int default_value);
// Get configuration value as boolean
int get_config_bool(const char* key, int default_value);
// Set configuration value (updates database)
int set_config_value(const char* key, const char* value);
// First-time startup functions
int is_first_time_startup(void);
int first_time_startup_sequence(const cli_options_t* cli_options);
int startup_existing_relay(const char* relay_pubkey);
// ================================
// CONFIGURATION VALIDATION
// ================================
// Configuration application functions
int apply_configuration_from_event(const cJSON* event);
int apply_runtime_config_handlers(const cJSON* old_event, const cJSON* new_event);
// Validate configuration value
config_validation_result_t validate_config_value(const char* key, const char* value);
// Utility functions
char** find_existing_db_files(void);
char* extract_pubkey_from_filename(const char* filename);
// Log validation error
void log_config_validation_error(const char* key, const char* value, const char* error);
// ================================
// UTILITY FUNCTIONS
// ================================
// Convert config type enum to string
const char* config_type_to_string(config_type_t type);
// Convert config data type enum to string
const char* config_data_type_to_string(config_data_type_t type);
// Convert string to config type enum
config_type_t string_to_config_type(const char* str);
// Convert string to config data type enum
config_data_type_t string_to_config_data_type(const char* str);
// Check if configuration key requires restart
int config_requires_restart(const char* key);
// ================================
// NOSTR EVENT GENERATION FUNCTIONS
// ================================
// Generate configuration file with valid Nostr event if it doesn't exist
int generate_config_file_if_missing(void);
// Create a valid Nostr configuration event from database values
cJSON* create_config_nostr_event(const char* privkey_hex);
// Generate a random private key (32 bytes as hex string)
int generate_random_privkey(char* privkey_hex, size_t buffer_size);
// Derive public key from private key (using secp256k1)
int derive_pubkey_from_privkey(const char* privkey_hex, char* pubkey_hex, size_t buffer_size);
// Create Nostr event ID (SHA256 of serialized event data)
int create_nostr_event_id(const cJSON* event, char* event_id_hex, size_t buffer_size);
// Sign Nostr event (using secp256k1 Schnorr signature)
int sign_nostr_event(const cJSON* event, const char* privkey_hex, char* signature_hex, size_t buffer_size);
// Write configuration event to file
int write_config_event_to_file(const cJSON* event);
// Helper function to generate random private key
int generate_random_private_key(char* privkey_hex, size_t buffer_size);
// Helper function to derive public key from private key
int derive_public_key(const char* privkey_hex, char* pubkey_hex, size_t buffer_size);
#endif // CONFIG_H
#endif /* CONFIG_H */

70
src/default_config_event.h Normal file
View File

@@ -0,0 +1,70 @@
#ifndef DEFAULT_CONFIG_EVENT_H
#define DEFAULT_CONFIG_EVENT_H
#include <cjson/cJSON.h>
#include "config.h" // For cli_options_t definition
/*
* Default Configuration Event Template
*
* This header contains the default configuration values for the C Nostr Relay.
* These values are used to create the initial kind 33334 configuration event
* during first-time startup.
*
* IMPORTANT: These values should never be accessed directly by other parts
* of the program. They are only used during initial configuration event creation.
*/
// Default configuration key-value pairs
static const struct {
const char* key;
const char* value;
} DEFAULT_CONFIG_VALUES[] = {
// Authentication
{"auth_enabled", "false"},
// Server Core Settings
{"relay_port", "8888"},
{"max_connections", "100"},
// NIP-11 Relay Information (relay keys will be populated at runtime)
{"relay_description", "High-performance C Nostr relay with SQLite storage"},
{"relay_contact", ""},
{"relay_software", "https://git.laantungir.net/laantungir/c-relay.git"},
{"relay_version", "v1.0.0"},
// NIP-13 Proof of Work (pow_min_difficulty = 0 means PoW disabled)
{"pow_min_difficulty", "0"},
{"pow_mode", "basic"},
// NIP-40 Expiration Timestamp
{"nip40_expiration_enabled", "true"},
{"nip40_expiration_strict", "true"},
{"nip40_expiration_filter", "true"},
{"nip40_expiration_grace_period", "300"},
// Subscription Limits
{"max_subscriptions_per_client", "25"},
{"max_total_subscriptions", "5000"},
{"max_filters_per_subscription", "10"},
// Event Processing Limits
{"max_event_tags", "100"},
{"max_content_length", "8196"},
{"max_message_length", "16384"},
// Performance Settings
{"default_limit", "500"},
{"max_limit", "5000"}
};
// Number of default configuration values
#define DEFAULT_CONFIG_COUNT (sizeof(DEFAULT_CONFIG_VALUES) / sizeof(DEFAULT_CONFIG_VALUES[0]))
// Function to create default configuration event
cJSON* create_default_config_event(const unsigned char* admin_privkey_bytes,
const char* relay_privkey_hex,
const char* relay_pubkey_hex,
const cli_options_t* cli_options);
#endif /* DEFAULT_CONFIG_EVENT_H */

375
src/main.c
View File

@@ -10,6 +10,10 @@
#include <pthread.h>
#include <sqlite3.h>
#include <libwebsockets.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
// Include nostr_core_lib for Nostr functionality
#include "../nostr_core_lib/cjson/cJSON.h"
@@ -198,6 +202,9 @@ int check_and_handle_replaceable_event(int kind, const char* pubkey, long create
int check_and_handle_addressable_event(int kind, const char* pubkey, const char* d_tag_value, long created_at);
int handle_event_message(cJSON* event, char* error_message, size_t error_size);
// Forward declaration for configuration event handling (kind 33334)
int handle_configuration_event(cJSON* event, char* error_message, size_t error_size);
// Forward declaration for NOTICE message support
void send_notice_message(struct lws* wsi, const char* message);
@@ -1940,9 +1947,16 @@ int validate_event_expiration(cJSON* event, char* error_message, size_t error_si
/////////////////////////////////////////////////////////////////////////////////////////
// Initialize database connection and schema
int init_database() {
// Use configurable database path, falling back to default
const char* db_path = get_config_value("database_path");
int init_database(const char* database_path_override) {
// Priority 1: Command line database path override
const char* db_path = database_path_override;
// Priority 2: Configuration system (if available)
if (!db_path) {
db_path = get_config_value("database_path");
}
// Priority 3: Default path
if (!db_path) {
db_path = DEFAULT_DATABASE_PATH;
}
@@ -2671,6 +2685,11 @@ int handle_event_message(cJSON* event, char* error_message, size_t error_size) {
return handle_deletion_request(event, error_message, error_size);
}
// Kind 33334: Handle configuration events
if (kind == 33334) {
return handle_configuration_event(event, error_message, error_size);
}
// Handle replaceable events (NIP-01)
event_type_t event_type = classify_event_kind(kind);
if (event_type == EVENT_TYPE_REPLACEABLE) {
@@ -2941,19 +2960,51 @@ static struct lws_protocols protocols[] = {
{ NULL, NULL, 0, 0, 0, NULL, 0 } // terminator
};
// Check if a port is available for binding
int check_port_available(int port) {
int sockfd;
struct sockaddr_in addr;
int result;
// Create a socket
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
return 0; // Cannot create socket, assume port unavailable
}
// Set up the address structure
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = INADDR_ANY;
addr.sin_port = htons(port);
// Try to bind to the port
result = bind(sockfd, (struct sockaddr*)&addr, sizeof(addr));
// Close the socket
close(sockfd);
// Return 1 if bind succeeded (port available), 0 if failed (port in use)
return (result == 0) ? 1 : 0;
}
// Start libwebsockets-based WebSocket Nostr relay server
int start_websocket_relay() {
int start_websocket_relay(int port_override) {
struct lws_context_creation_info info;
log_info("Starting libwebsockets-based Nostr relay server...");
memset(&info, 0, sizeof(info));
info.port = get_config_int("relay_port", DEFAULT_PORT);
// Use port override if provided, otherwise use configuration
int configured_port = (port_override > 0) ? port_override : get_config_int("relay_port", DEFAULT_PORT);
int actual_port = configured_port;
int port_attempts = 0;
const int max_port_attempts = 5;
// Minimal libwebsockets configuration
info.protocols = protocols;
info.gid = -1;
info.uid = -1;
// Minimal libwebsockets configuration
info.options = LWS_SERVER_OPTION_VALIDATE_UTF8;
// Remove interface restrictions - let system choose
@@ -2967,15 +3018,82 @@ int start_websocket_relay() {
// Max payload size for Nostr events
info.max_http_header_data = 4096;
ws_context = lws_create_context(&info);
// Find an available port with pre-checking
while (port_attempts < max_port_attempts) {
char attempt_msg[256];
snprintf(attempt_msg, sizeof(attempt_msg), "Checking port availability: %d", actual_port);
log_info(attempt_msg);
// Pre-check if port is available
if (!check_port_available(actual_port)) {
port_attempts++;
if (port_attempts < max_port_attempts) {
char retry_msg[256];
snprintf(retry_msg, sizeof(retry_msg), "Port %d is in use, trying port %d (attempt %d/%d)",
actual_port, actual_port + 1, port_attempts + 1, max_port_attempts);
log_warning(retry_msg);
actual_port++;
continue;
} else {
char error_msg[512];
snprintf(error_msg, sizeof(error_msg),
"Failed to find available port after %d attempts (tried ports %d-%d)",
max_port_attempts, configured_port, actual_port);
log_error(error_msg);
return -1;
}
}
// Port appears available, try creating libwebsockets context
info.port = actual_port;
char binding_msg[256];
snprintf(binding_msg, sizeof(binding_msg), "Attempting to bind libwebsockets to port %d", actual_port);
log_info(binding_msg);
ws_context = lws_create_context(&info);
if (ws_context) {
// Success! Port binding worked
break;
}
// libwebsockets failed even though port check passed
// This could be due to timing or different socket options
int errno_saved = errno;
char lws_error_msg[256];
snprintf(lws_error_msg, sizeof(lws_error_msg),
"libwebsockets failed to bind to port %d (errno: %d)", actual_port, errno_saved);
log_warning(lws_error_msg);
port_attempts++;
if (port_attempts < max_port_attempts) {
actual_port++;
continue;
}
// If we get here, we've exhausted attempts
break;
}
if (!ws_context) {
log_error("Failed to create libwebsockets context");
char error_msg[512];
snprintf(error_msg, sizeof(error_msg),
"Failed to create libwebsockets context after %d attempts. Last attempted port: %d",
port_attempts, actual_port);
log_error(error_msg);
perror("libwebsockets creation error");
return -1;
}
char startup_msg[256];
snprintf(startup_msg, sizeof(startup_msg), "WebSocket relay started on ws://127.0.0.1:%d", info.port);
if (actual_port != configured_port) {
snprintf(startup_msg, sizeof(startup_msg),
"WebSocket relay started on ws://127.0.0.1:%d (configured port %d was unavailable)",
actual_port, configured_port);
log_warning(startup_msg);
} else {
snprintf(startup_msg, sizeof(startup_msg), "WebSocket relay started on ws://127.0.0.1:%d", actual_port);
}
log_success(startup_msg);
// Main event loop with proper signal handling
@@ -3009,105 +3127,220 @@ int start_websocket_relay() {
void print_usage(const char* program_name) {
printf("Usage: %s [OPTIONS]\n", program_name);
printf("\n");
printf("C Nostr Relay Server\n");
printf("C Nostr Relay Server - Event-Based Configuration\n");
printf("\n");
printf("Options:\n");
printf(" -p, --port PORT Listen port (default: %d)\n", DEFAULT_PORT);
printf(" -c, --config FILE Configuration file path\n");
printf(" -d, --config-dir DIR Configuration directory path\n");
printf(" -h, --help Show this help message\n");
printf(" -h, --help Show this help message\n");
printf(" -v, --version Show version information\n");
printf(" -p, --port PORT Override relay port (first-time startup only)\n");
printf("\n");
printf("Configuration:\n");
printf(" This relay uses event-based configuration stored in the database.\n");
printf(" On first startup, keys are automatically generated and printed once.\n");
printf(" Command line options like --port only apply during first-time setup.\n");
printf(" After initial setup, all configuration is managed via database events.\n");
printf(" Database file: <relay_pubkey>.db (created automatically)\n");
printf("\n");
printf("Examples:\n");
printf(" %s --config /path/to/config.json\n", program_name);
printf(" %s --config-dir ~/.config/c-relay-dev\n", program_name);
printf(" %s --port 9999 --config-dir /etc/c-relay\n", program_name);
printf(" %s # Start relay (auto-configure on first run)\n", program_name);
printf(" %s -p 8080 # First-time setup with port 8080\n", program_name);
printf(" %s --port 9000 # First-time setup with port 9000\n", program_name);
printf(" %s --help # Show this help\n", program_name);
printf(" %s --version # Show version info\n", program_name);
printf("\n");
}
// Print version information
void print_version() {
printf("C Nostr Relay Server v1.0.0\n");
printf("Event-based configuration system\n");
printf("Built with nostr_core_lib integration\n");
printf("\n");
}
int main(int argc, char* argv[]) {
int port = DEFAULT_PORT;
char* config_dir_override = NULL;
char* config_file_override = NULL;
// Initialize CLI options structure
cli_options_t cli_options = {
.port_override = -1 // -1 = not set
};
// Parse command line arguments
for (int i = 1; i < argc; i++) {
if (strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0) {
print_usage(argv[0]);
return 0;
} else if (strcmp(argv[i], "-v") == 0 || strcmp(argv[i], "--version") == 0) {
print_version();
return 0;
} else if (strcmp(argv[i], "-p") == 0 || strcmp(argv[i], "--port") == 0) {
if (i + 1 < argc) {
port = atoi(argv[++i]);
if (port <= 0 || port > 65535) {
log_error("Invalid port number");
return 1;
}
// Store port in configuration system
char port_str[16];
snprintf(port_str, sizeof(port_str), "%d", port);
set_database_config("relay_port", port_str, "command_line");
// Re-apply configuration to make sure global variables are updated
apply_configuration_to_globals();
} else {
log_error("Port argument requires a value");
// Port override option
if (i + 1 >= argc) {
log_error("Port option requires a value. Use --help for usage information.");
print_usage(argv[0]);
return 1;
}
} else if (strcmp(argv[i], "-c") == 0 || strcmp(argv[i], "--config") == 0) {
if (i + 1 < argc) {
config_file_override = argv[++i];
} else {
log_error("Config file argument requires a value");
return 1;
}
} else if (strcmp(argv[i], "-d") == 0 || strcmp(argv[i], "--config-dir") == 0) {
if (i + 1 < argc) {
config_dir_override = argv[++i];
} else {
log_error("Config directory argument requires a value");
// Parse port number
char* endptr;
long port = strtol(argv[i + 1], &endptr, 10);
if (endptr == argv[i + 1] || *endptr != '\0' || port < 1 || port > 65535) {
log_error("Invalid port number. Port must be between 1 and 65535.");
print_usage(argv[0]);
return 1;
}
cli_options.port_override = (int)port;
i++; // Skip the port argument
char port_msg[128];
snprintf(port_msg, sizeof(port_msg), "Port override specified: %d", cli_options.port_override);
log_info(port_msg);
} else {
log_error("Unknown argument");
log_error("Unknown argument. Use --help for usage information.");
print_usage(argv[0]);
return 1;
}
}
// Store config overrides in global variables for configuration system access
if (config_dir_override) {
setenv("C_RELAY_CONFIG_DIR_OVERRIDE", config_dir_override, 1);
}
if (config_file_override) {
setenv("C_RELAY_CONFIG_FILE_OVERRIDE", config_file_override, 1);
}
// Set up signal handlers
signal(SIGINT, signal_handler);
signal(SIGTERM, signal_handler);
printf(BLUE BOLD "=== C Nostr Relay Server ===" RESET "\n");
printf("Event-based configuration system\n\n");
// Initialize database FIRST (required for configuration system)
if (init_database() != 0) {
log_error("Failed to initialize database");
return 1;
}
// Initialize nostr library BEFORE configuration system
// (required for Nostr event generation in config files)
// Initialize nostr library FIRST (required for key generation and event creation)
if (nostr_init() != 0) {
log_error("Failed to initialize nostr library");
close_database();
return 1;
}
// Initialize configuration system (loads file + database + applies to globals)
if (init_configuration_system() != 0) {
log_error("Failed to initialize configuration system");
// Check if this is first-time startup or existing relay
if (is_first_time_startup()) {
log_info("First-time startup detected");
// Initialize event-based configuration system
if (init_configuration_system(NULL, NULL) != 0) {
log_error("Failed to initialize event-based configuration system");
nostr_cleanup();
return 1;
}
// Run first-time startup sequence (generates keys, creates database, etc.)
if (first_time_startup_sequence(&cli_options) != 0) {
log_error("Failed to complete first-time startup sequence");
cleanup_configuration_system();
nostr_cleanup();
return 1;
}
// Initialize database with the generated relay pubkey
if (init_database(g_database_path) != 0) {
log_error("Failed to initialize database after first-time setup");
cleanup_configuration_system();
nostr_cleanup();
return 1;
}
// Retry storing the configuration event now that database is initialized
if (retry_store_initial_config_event() != 0) {
log_warning("Failed to store initial configuration event after database init");
}
} else {
log_info("Existing relay detected");
// Find existing database file
char** existing_files = find_existing_db_files();
if (!existing_files || !existing_files[0]) {
log_error("No existing relay database found");
nostr_cleanup();
return 1;
}
// Extract relay pubkey from filename
char* relay_pubkey = extract_pubkey_from_filename(existing_files[0]);
if (!relay_pubkey) {
log_error("Failed to extract relay pubkey from database filename");
// Free the files array
for (int i = 0; existing_files[i]; i++) {
free(existing_files[i]);
}
free(existing_files);
nostr_cleanup();
return 1;
}
// Initialize event-based configuration system
if (init_configuration_system(NULL, NULL) != 0) {
log_error("Failed to initialize event-based configuration system");
free(relay_pubkey);
for (int i = 0; existing_files[i]; i++) {
free(existing_files[i]);
}
free(existing_files);
nostr_cleanup();
return 1;
}
// Setup existing relay (sets database path and loads config)
if (startup_existing_relay(relay_pubkey) != 0) {
log_error("Failed to setup existing relay");
cleanup_configuration_system();
free(relay_pubkey);
for (int i = 0; existing_files[i]; i++) {
free(existing_files[i]);
}
free(existing_files);
nostr_cleanup();
return 1;
}
// Initialize database with existing database path
if (init_database(g_database_path) != 0) {
log_error("Failed to initialize existing database");
cleanup_configuration_system();
free(relay_pubkey);
for (int i = 0; existing_files[i]; i++) {
free(existing_files[i]);
}
free(existing_files);
nostr_cleanup();
return 1;
}
// Load configuration from database
cJSON* config_event = load_config_event_from_database(relay_pubkey);
if (config_event) {
if (apply_configuration_from_event(config_event) != 0) {
log_warning("Failed to apply configuration from database");
} else {
log_success("Configuration loaded from database");
}
cJSON_Delete(config_event);
} else {
log_warning("No configuration event found in existing database");
}
// Free memory
free(relay_pubkey);
for (int i = 0; existing_files[i]; i++) {
free(existing_files[i]);
}
free(existing_files);
}
// Verify database is now available
if (!g_db) {
log_error("Database not available after initialization");
cleanup_configuration_system();
nostr_cleanup();
close_database();
return 1;
}
// Configuration system is now fully initialized with event-based approach
// All configuration is loaded from database events
// Initialize NIP-11 relay information
init_relay_info();
@@ -3122,8 +3355,8 @@ int main(int argc, char* argv[]) {
log_info("Starting relay server...");
// Start WebSocket Nostr relay server
int result = start_websocket_relay();
// Start WebSocket Nostr relay server (port from configuration)
int result = start_websocket_relay(-1); // Let config system determine port
// Cleanup
cleanup_relay_info();

157
src/sql_schema.h
View File

@@ -1,20 +1,21 @@
/* Embedded SQL Schema for C Nostr Relay
* Generated from db/schema.sql - Do not edit manually
* Schema Version: 3
* Schema Version: 4
*/
#ifndef SQL_SCHEMA_H
#define SQL_SCHEMA_H
/* Schema version constant */
#define EMBEDDED_SCHEMA_VERSION "3"
#define EMBEDDED_SCHEMA_VERSION "4"
/* Embedded SQL schema as C string literal */
static const char* const EMBEDDED_SCHEMA_SQL =
"-- C Nostr Relay Database Schema\n\
-- SQLite schema for storing Nostr events with JSON tags support\n\
-- Event-based configuration system using kind 33334 Nostr events\n\
\n\
-- Schema version tracking\n\
PRAGMA user_version = 3;\n\
PRAGMA user_version = 4;\n\
\n\
-- Enable foreign key support\n\
PRAGMA foreign_keys = ON;\n\
@@ -57,8 +58,8 @@ CREATE TABLE schema_info (\n\
\n\
-- Insert schema metadata\n\
INSERT INTO schema_info (key, value) VALUES\n\
('version', '3'),\n\
('description', 'Hybrid single-table Nostr relay schema with JSON tags and configuration management'),\n\
('version', '4'),\n\
('description', 'Event-based Nostr relay schema with kind 33334 configuration events'),\n\
('created_at', strftime('%s', 'now'));\n\
\n\
-- Helper views for common queries\n\
@@ -79,6 +80,19 @@ SELECT \n\
FROM events\n\
GROUP BY event_type;\n\
\n\
-- Configuration events view (kind 33334)\n\
CREATE VIEW configuration_events AS\n\
SELECT \n\
id,\n\
pubkey as admin_pubkey,\n\
created_at,\n\
content,\n\
tags,\n\
sig\n\
FROM events\n\
WHERE kind = 33334\n\
ORDER BY created_at DESC;\n\
\n\
-- Optimization: Trigger for automatic cleanup of ephemeral events older than 1 hour\n\
CREATE TRIGGER cleanup_ephemeral_events\n\
AFTER INSERT ON events\n\
@@ -101,6 +115,19 @@ BEGIN\n\
AND id != NEW.id;\n\
END;\n\
\n\
-- Addressable event handling trigger (for kind 33334 configuration events)\n\
CREATE TRIGGER handle_addressable_events\n\
AFTER INSERT ON events\n\
WHEN NEW.event_type = 'addressable'\n\
BEGIN\n\
-- For kind 33334 (configuration), replace previous config from same admin\n\
DELETE FROM events \n\
WHERE pubkey = NEW.pubkey \n\
AND kind = NEW.kind \n\
AND event_type = 'addressable'\n\
AND id != NEW.id;\n\
END;\n\
\n\
-- Persistent Subscriptions Logging Tables (Phase 2)\n\
-- Optional database logging for subscription analytics and debugging\n\
\n\
@@ -190,124 +217,6 @@ WHERE event_type = 'created'\n\
AND subscription_id NOT IN (\n\
SELECT subscription_id FROM subscription_events\n\
WHERE event_type IN ('closed', 'expired', 'disconnected')\n\
);\n\
\n\
-- ================================\n\
-- CONFIGURATION MANAGEMENT TABLES\n\
-- ================================\n\
\n\
-- Core server configuration table\n\
CREATE TABLE config (\n\
key TEXT PRIMARY KEY, -- Configuration key (unique identifier)\n\
value TEXT NOT NULL, -- Configuration value (stored as string)\n\
description TEXT, -- Human-readable description\n\
config_type TEXT DEFAULT 'user' CHECK (config_type IN ('system', 'user', 'runtime')),\n\
data_type TEXT DEFAULT 'string' CHECK (data_type IN ('string', 'integer', 'boolean', 'json')),\n\
validation_rules TEXT, -- JSON validation rules (optional)\n\
is_sensitive INTEGER DEFAULT 0, -- 1 if value should be masked in logs\n\
requires_restart INTEGER DEFAULT 0, -- 1 if change requires server restart\n\
created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),\n\
updated_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now'))\n\
);\n\
\n\
-- Configuration change history table\n\
CREATE TABLE config_history (\n\
id INTEGER PRIMARY KEY AUTOINCREMENT,\n\
config_key TEXT NOT NULL, -- Key that was changed\n\
old_value TEXT, -- Previous value (NULL for new keys)\n\
new_value TEXT NOT NULL, -- New value\n\
changed_by TEXT DEFAULT 'system', -- Who made the change (system/admin/user)\n\
change_reason TEXT, -- Optional reason for change\n\
changed_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),\n\
FOREIGN KEY (config_key) REFERENCES config(key)\n\
);\n\
\n\
-- Configuration validation errors log\n\
CREATE TABLE config_validation_log (\n\
id INTEGER PRIMARY KEY AUTOINCREMENT,\n\
config_key TEXT NOT NULL,\n\
attempted_value TEXT,\n\
validation_error TEXT NOT NULL,\n\
error_source TEXT DEFAULT 'validation', -- validation/parsing/constraint\n\
attempted_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now'))\n\
);\n\
\n\
-- Cache for file-based configuration events\n\
CREATE TABLE config_file_cache (\n\
file_path TEXT PRIMARY KEY, -- Full path to config file\n\
file_hash TEXT NOT NULL, -- SHA256 hash of file content\n\
event_id TEXT, -- Nostr event ID from file\n\
event_pubkey TEXT, -- Admin pubkey that signed event\n\
loaded_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),\n\
validation_status TEXT CHECK (validation_status IN ('valid', 'invalid', 'unverified')),\n\
validation_error TEXT -- Error details if invalid\n\
);\n\
\n\
-- Performance indexes for configuration tables\n\
CREATE INDEX idx_config_type ON config(config_type);\n\
CREATE INDEX idx_config_updated ON config(updated_at DESC);\n\
CREATE INDEX idx_config_history_key ON config_history(config_key);\n\
CREATE INDEX idx_config_history_time ON config_history(changed_at DESC);\n\
CREATE INDEX idx_config_validation_key ON config_validation_log(config_key);\n\
CREATE INDEX idx_config_validation_time ON config_validation_log(attempted_at DESC);\n\
\n\
-- Trigger to update timestamp on configuration changes\n\
CREATE TRIGGER update_config_timestamp\n\
AFTER UPDATE ON config\n\
BEGIN\n\
UPDATE config SET updated_at = strftime('%s', 'now') WHERE key = NEW.key;\n\
END;\n\
\n\
-- Trigger to log configuration changes to history\n\
CREATE TRIGGER log_config_changes\n\
AFTER UPDATE ON config\n\
WHEN OLD.value != NEW.value\n\
BEGIN\n\
INSERT INTO config_history (config_key, old_value, new_value, changed_by, change_reason)\n\
VALUES (NEW.key, OLD.value, NEW.value, 'system', 'configuration update');\n\
END;\n\
\n\
-- Active Configuration View\n\
CREATE VIEW active_config AS\n\
SELECT\n\
key,\n\
value,\n\
description,\n\
config_type,\n\
data_type,\n\
requires_restart,\n\
updated_at\n\
FROM config\n\
WHERE config_type IN ('system', 'user')\n\
ORDER BY config_type, key;\n\
\n\
-- Runtime Statistics View\n\
CREATE VIEW runtime_stats AS\n\
SELECT\n\
key,\n\
value,\n\
description,\n\
updated_at\n\
FROM config\n\
WHERE config_type = 'runtime'\n\
ORDER BY key;\n\
\n\
-- Configuration Change Summary\n\
CREATE VIEW recent_config_changes AS\n\
SELECT\n\
ch.config_key,\n\
sc.description,\n\
ch.old_value,\n\
ch.new_value,\n\
ch.changed_by,\n\
ch.change_reason,\n\
ch.changed_at\n\
FROM config_history ch\n\
JOIN config sc ON ch.config_key = sc.key\n\
ORDER BY ch.changed_at DESC\n\
LIMIT 50;\n\
\n\
-- Runtime Statistics (initialized by server on startup)\n\
-- These will be populated when configuration system initializes";
);";
#endif /* SQL_SCHEMA_H */

325
systemd/README.md
View File

@@ -1,89 +1,101 @@
# C-Relay Systemd Service
# C Nostr Relay - SystemD Deployment
This directory contains files for running C-Relay as a Linux systemd service.
This directory contains files for deploying the C Nostr Relay as a systemd service with the new **Event-Based Configuration System**.
## Overview
The C Nostr Relay now uses a revolutionary **zero-configuration** approach where all configuration is stored as Nostr events (kind 33334) in the database. No configuration files or command line arguments are needed.
## Files
- **`c-relay.service`** - Systemd service unit file
- **`install-systemd.sh`** - Installation script (run as root)
- **`uninstall-systemd.sh`** - Uninstallation script (run as root)
- **`README.md`** - This documentation file
- **`c-relay.service`** - SystemD service unit file
- **`install-service.sh`** - Automated installation script
- **`uninstall-service.sh`** - Automated uninstall script
- **`README.md`** - This documentation
## Quick Start
## Quick Installation
1. **Build the project:**
```bash
make clean && make
```
2. **Install as systemd service:**
```bash
sudo systemd/install-service.sh
```
3. **Start the service:**
```bash
sudo systemctl start c-relay
```
4. **Check admin keys (IMPORTANT!):**
```bash
sudo journalctl -u c-relay --since="1 hour ago" | grep "Admin Private Key"
```
## Event-Based Configuration System
### How It Works
- **Zero Configuration:** No config files or command line arguments needed
- **First-Time Startup:** Automatically generates admin and relay keypairs
- **Database Naming:** Creates database as `<relay_pubkey>.nrdb`
- **Configuration Storage:** All settings stored as kind 33334 Nostr events
- **Real-Time Updates:** Configuration changes applied instantly via WebSocket
### First Startup
On first startup, the relay will:
1. Generate cryptographically secure admin and relay keypairs
2. Create database file named with relay pubkey: `<relay_pubkey>.nrdb`
3. Create initial configuration event (kind 33334) with default values
4. Display admin private key **once** in the logs
5. Start WebSocket server listening on port 8888
### Admin Keys
⚠️ **CRITICAL:** Save the admin private key displayed during first startup!
### 1. Build the relay
```bash
# From the project root directory
make
# View first startup logs to get admin private key
sudo journalctl -u c-relay --since="1 hour ago" | grep -A 5 "IMPORTANT: SAVE THIS ADMIN PRIVATE KEY"
```
### 2. Install as systemd service
The admin private key is needed to update relay configuration by sending signed kind 33334 events.
## Configuration Management
### Viewing Current Configuration
```bash
# Run the installation script as root
sudo ./systemd/install-systemd.sh
# Find the database file
ls /opt/c-relay/*.nrdb
# View configuration event
sqlite3 /opt/c-relay/<relay_pubkey>.nrdb "SELECT content, tags FROM events WHERE kind = 33334;"
```
### 3. Start the service
```bash
sudo systemctl start c-relay
```
### Updating Configuration
### 4. Check status
```bash
sudo systemctl status c-relay
```
Send a new kind 33334 event to the relay via WebSocket:
## Service Details
### Installation Location
- **Binary**: `/opt/c-relay/c_relay_x86`
- **Database**: `/opt/c-relay/db/`
- **Service File**: `/etc/systemd/system/c-relay.service`
### User Account
- **User**: `c-relay` (system user, no shell access)
- **Group**: `c-relay`
- **Home Directory**: `/opt/c-relay`
### Network Configuration
- **Default Port**: 8888
- **Default Host**: 127.0.0.1 (localhost only)
- **WebSocket Endpoint**: `ws://127.0.0.1:8888`
## Configuration
### Environment Variables
Edit `/etc/systemd/system/c-relay.service` to configure:
```ini
Environment=C_RELAY_CONFIG_PRIVKEY=your_private_key_here
Environment=C_RELAY_PORT=8888
Environment=C_RELAY_HOST=0.0.0.0
```
After editing, reload and restart:
```bash
sudo systemctl daemon-reload
sudo systemctl restart c-relay
```
### Security Settings
The service runs with enhanced security:
- Runs as unprivileged `c-relay` user
- No new privileges allowed
- Protected system directories
- Private temporary directory
- Limited file access (only `/opt/c-relay/db` writable)
- Network restrictions to IPv4/IPv6 only
1. Create new configuration event with updated values
2. Sign with admin private key
3. Send via WebSocket to relay
4. Relay automatically applies changes to running system
## Service Management
### Basic Commands
```bash
# Start service
sudo systemctl start c-relay
# Stop service
# Stop service
sudo systemctl stop c-relay
# Restart service
@@ -92,126 +104,143 @@ sudo systemctl restart c-relay
# Enable auto-start on boot
sudo systemctl enable c-relay
# Disable auto-start on boot
sudo systemctl disable c-relay
# Check service status
# Check status
sudo systemctl status c-relay
# View logs (live)
sudo journalctl -u c-relay -f
# View logs (last 100 lines)
sudo journalctl -u c-relay -n 100
# View recent logs
sudo journalctl -u c-relay --since="1 hour ago"
```
### Log Management
Logs are handled by systemd's journal:
### Log Analysis
```bash
# View all logs
sudo journalctl -u c-relay
# Check for successful startup
sudo journalctl -u c-relay | grep "First-time startup sequence completed"
# View logs from today
sudo journalctl -u c-relay --since today
# Find admin keys
sudo journalctl -u c-relay | grep "Admin Private Key"
# View logs with timestamps
sudo journalctl -u c-relay --since "1 hour ago" --no-pager
# Check configuration updates
sudo journalctl -u c-relay | grep "Configuration updated via kind 33334"
# Monitor real-time activity
sudo journalctl -u c-relay -f | grep -E "(INFO|SUCCESS|ERROR)"
```
## Database Management
## File Locations
The database is automatically created on first run. Location: `/opt/c-relay/db/c_nostr_relay.db`
After installation:
- **Binary:** `/opt/c-relay/c_relay_x86`
- **Database:** `/opt/c-relay/<relay_pubkey>.nrdb` (created automatically)
- **Service File:** `/etc/systemd/system/c-relay.service`
- **User:** `c-relay` (system user created automatically)
## Security Features
The systemd service includes security hardening:
- Runs as dedicated system user `c-relay`
- `NoNewPrivileges=true`
- `ProtectSystem=strict`
- `ProtectHome=true`
- `PrivateTmp=true`
- Limited address families (IPv4/IPv6 only)
- Resource limits (file descriptors, processes)
## Network Configuration
- **Default Port:** 8888 (WebSocket)
- **Protocol:** WebSocket with Nostr message format
- **Configuration:** Port configurable via kind 33334 events (no restart needed)
## Backup and Migration
### Backup
The database file contains everything:
### Backup Database
```bash
sudo cp /opt/c-relay/db/c_nostr_relay.db /opt/c-relay/db/backup-$(date +%Y%m%d).db
# Backup database file
sudo cp /opt/c-relay/*.nrdb /backup/location/
# The .nrdb file contains:
# - All Nostr events
# - Configuration events (kind 33334)
# - Relay keys and settings
```
### Reset Database
```bash
sudo systemctl stop c-relay
sudo rm /opt/c-relay/db/c_nostr_relay.db*
sudo systemctl start c-relay
```
### Migration
## Updating the Service
To migrate to new server:
### Update Binary
1. Build new version: `make`
2. Stop service: `sudo systemctl stop c-relay`
3. Replace binary: `sudo cp build/c_relay_x86 /opt/c-relay/`
4. Set permissions: `sudo chown c-relay:c-relay /opt/c-relay/c_relay_x86`
5. Start service: `sudo systemctl start c-relay`
### Update Service File
1. Stop service: `sudo systemctl stop c-relay`
2. Copy new service file: `sudo cp systemd/c-relay.service /etc/systemd/system/`
3. Reload systemd: `sudo systemctl daemon-reload`
4. Start service: `sudo systemctl start c-relay`
## Uninstallation
Run the uninstall script to completely remove the service:
```bash
sudo ./systemd/uninstall-systemd.sh
```
This will:
- Stop and disable the service
- Remove the systemd service file
- Optionally remove the installation directory
- Optionally remove the `c-relay` user account
1. Copy `.nrdb` file to new server's `/opt/c-relay/` directory
2. Install service with `install-service.sh`
3. Start service - it will automatically detect existing configuration
## Troubleshooting
### Service Won't Start
```bash
# Check detailed status
sudo systemctl status c-relay -l
# Check service status
sudo systemctl status c-relay
# Check logs for errors
sudo journalctl -u c-relay --no-pager -l
```
sudo journalctl -u c-relay --no-pager
### Permission Issues
```bash
# Fix ownership of installation directory
sudo chown -R c-relay:c-relay /opt/c-relay
# Check if binary exists and is executable
ls -la /opt/c-relay/c_relay_x86
# Ensure binary is executable
sudo chmod +x /opt/c-relay/c_relay_x86
```
### Port Already in Use
```bash
# Check what's using port 8888
sudo netstat -tulpn | grep :8888
# Or with ss command
sudo ss -tulpn | grep :8888
# Check permissions
sudo -u c-relay ls -la /opt/c-relay/
```
### Database Issues
```bash
# Check database file permissions
ls -la /opt/c-relay/db/
# Check if database file exists
ls -la /opt/c-relay/*.nrdb*
# Check database integrity
sudo -u c-relay sqlite3 /opt/c-relay/db/c_nostr_relay.db "PRAGMA integrity_check;"
sqlite3 /opt/c-relay/*.nrdb "PRAGMA integrity_check;"
# View database schema
sqlite3 /opt/c-relay/*.nrdb ".schema"
```
## Custom Configuration
### Configuration Issues
For advanced configurations, you can:
1. Modify the service file for different ports or settings
2. Use environment files: `/etc/systemd/system/c-relay.service.d/override.conf`
3. Configure log rotation with journald settings
4. Set up reverse proxy (nginx/apache) for HTTPS support
```bash
# Check if configuration event exists
sqlite3 /opt/c-relay/*.nrdb "SELECT COUNT(*) FROM events WHERE kind = 33334;"
## Security Considerations
# View configuration event
sqlite3 /opt/c-relay/*.nrdb "SELECT id, created_at, LENGTH(tags) FROM events WHERE kind = 33334;"
```
- The service runs as a non-root user with minimal privileges
- Database directory is only writable by the c-relay user
- Consider firewall rules for the relay port
- For internet-facing relays, use reverse proxy with SSL/TLS
- Monitor logs for suspicious activity
## Uninstallation
```bash
sudo systemd/uninstall-service.sh
```
The uninstall script will:
- Stop and disable the service
- Remove service file
- Optionally remove installation directory and data
- Optionally remove service user
## Support
For issues with the event-based configuration system:
1. Check service logs: `sudo journalctl -u c-relay -f`
2. Verify database integrity
3. Ensure admin private key is saved securely
4. Check WebSocket connectivity on port 8888
The relay is designed to be zero-maintenance once deployed. All configuration is managed through Nostr events, enabling dynamic updates without server access.

12
systemd/c-relay.service
View File

@@ -1,5 +1,5 @@
[Unit]
Description=C Nostr Relay Server
Description=C Nostr Relay Server (Event-Based Configuration)
Documentation=https://github.com/your-repo/c-relay
After=network.target
Wants=network-online.target
@@ -20,7 +20,7 @@ SyslogIdentifier=c-relay
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/c-relay/db
ReadWritePaths=/opt/c-relay
PrivateTmp=true
ProtectKernelTunables=true
ProtectKernelModules=true
@@ -34,10 +34,10 @@ RestrictAddressFamilies=AF_INET AF_INET6
LimitNOFILE=65536
LimitNPROC=4096
# Environment variables (optional)
Environment=C_RELAY_CONFIG_PRIVKEY=
Environment=C_RELAY_PORT=8888
Environment=C_RELAY_HOST=127.0.0.1
# Event-based configuration system
# No environment variables needed - all configuration is stored as Nostr events
# Database files (<relay_pubkey>.nrdb) are created automatically in WorkingDirectory
# Admin keys are generated and displayed only during first startup
[Install]
WantedBy=multi-user.target

105
systemd/install-service.sh Executable file
View File

@@ -0,0 +1,105 @@
#!/bin/bash
# C Nostr Relay Event-Based Configuration System - Installation Script
# This script installs the C Nostr Relay as a systemd service
set -e
# Configuration
SERVICE_NAME="c-relay"
SERVICE_USER="c-relay"
INSTALL_DIR="/opt/c-relay"
BINARY_NAME="c_relay_x86"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Function to print colored output
print_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check if running as root
if [ "$EUID" -ne 0 ]; then
print_error "This script must be run as root"
exit 1
fi
print_info "Installing C Nostr Relay with Event-Based Configuration System"
echo
# Check if binary exists
if [ ! -f "build/${BINARY_NAME}" ]; then
print_error "Binary build/${BINARY_NAME} not found. Please build the project first."
exit 1
fi
# Create service user
if ! id "${SERVICE_USER}" &>/dev/null; then
print_info "Creating service user: ${SERVICE_USER}"
useradd --system --home-dir "${INSTALL_DIR}" --shell /bin/false "${SERVICE_USER}"
print_success "Service user created"
else
print_info "Service user ${SERVICE_USER} already exists"
fi
# Create installation directory
print_info "Creating installation directory: ${INSTALL_DIR}"
mkdir -p "${INSTALL_DIR}"
chown "${SERVICE_USER}:${SERVICE_USER}" "${INSTALL_DIR}"
# Copy binary
print_info "Installing binary to ${INSTALL_DIR}/${BINARY_NAME}"
cp "build/${BINARY_NAME}" "${INSTALL_DIR}/"
chown "${SERVICE_USER}:${SERVICE_USER}" "${INSTALL_DIR}/${BINARY_NAME}"
chmod +x "${INSTALL_DIR}/${BINARY_NAME}"
# Install systemd service file
print_info "Installing systemd service file"
cp "systemd/${SERVICE_NAME}.service" "/etc/systemd/system/"
# Reload systemd
print_info "Reloading systemd daemon"
systemctl daemon-reload
print_success "Installation complete!"
echo
print_info "Event-Based Configuration System Information:"
echo " • No configuration files needed - all config stored as Nostr events"
echo " • Database files are created automatically as <relay_pubkey>.nrdb"
echo " • Admin keys are generated and displayed during first startup"
echo " • Configuration is updated via WebSocket with kind 33334 events"
echo
print_info "To start the service:"
echo " sudo systemctl start ${SERVICE_NAME}"
echo
print_info "To enable automatic startup:"
echo " sudo systemctl enable ${SERVICE_NAME}"
echo
print_info "To view service status:"
echo " sudo systemctl status ${SERVICE_NAME}"
echo
print_info "To view logs:"
echo " sudo journalctl -u ${SERVICE_NAME} -f"
echo
print_warning "IMPORTANT: On first startup, save the admin private key displayed in the logs!"
print_warning "Use: sudo journalctl -u ${SERVICE_NAME} --since=\"1 hour ago\" | grep \"Admin Private Key\""
echo
print_info "Database files will be created in: ${INSTALL_DIR}/<relay_pubkey>.nrdb"
print_info "The relay will listen on port 8888 by default (configured via Nostr events)"

103
systemd/uninstall-service.sh Executable file
View File

@@ -0,0 +1,103 @@
#!/bin/bash
# C Nostr Relay Event-Based Configuration System - Uninstall Script
# This script removes the C Nostr Relay systemd service
set -e
# Configuration
SERVICE_NAME="c-relay"
SERVICE_USER="c-relay"
INSTALL_DIR="/opt/c-relay"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Function to print colored output
print_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check if running as root
if [ "$EUID" -ne 0 ]; then
print_error "This script must be run as root"
exit 1
fi
print_info "Uninstalling C Nostr Relay Event-Based Configuration System"
echo
# Stop and disable service
if systemctl is-active --quiet "${SERVICE_NAME}"; then
print_info "Stopping ${SERVICE_NAME} service"
systemctl stop "${SERVICE_NAME}"
fi
if systemctl is-enabled --quiet "${SERVICE_NAME}"; then
print_info "Disabling ${SERVICE_NAME} service"
systemctl disable "${SERVICE_NAME}"
fi
# Remove systemd service file
if [ -f "/etc/systemd/system/${SERVICE_NAME}.service" ]; then
print_info "Removing systemd service file"
rm "/etc/systemd/system/${SERVICE_NAME}.service"
fi
# Reload systemd
print_info "Reloading systemd daemon"
systemctl daemon-reload
systemctl reset-failed
# Ask about removing installation directory and databases
echo
print_warning "The installation directory ${INSTALL_DIR} contains:"
echo " • The relay binary"
echo " • Database files with all events and configuration (.nrdb files)"
echo " • Any logs or temporary files"
echo
read -p "Do you want to remove ${INSTALL_DIR} and all data? [y/N]: " -r
if [[ $REPLY =~ ^[Yy]$ ]]; then
print_info "Removing installation directory: ${INSTALL_DIR}"
rm -rf "${INSTALL_DIR}"
print_success "Installation directory removed"
else
print_info "Installation directory preserved: ${INSTALL_DIR}"
print_warning "Database files (.nrdb) are preserved and contain all relay data"
fi
# Ask about removing service user
echo
read -p "Do you want to remove the service user '${SERVICE_USER}'? [y/N]: " -r
if [[ $REPLY =~ ^[Yy]$ ]]; then
if id "${SERVICE_USER}" &>/dev/null; then
print_info "Removing service user: ${SERVICE_USER}"
userdel "${SERVICE_USER}" 2>/dev/null || print_warning "Could not remove user ${SERVICE_USER}"
print_success "Service user removed"
else
print_info "Service user ${SERVICE_USER} does not exist"
fi
else
print_info "Service user '${SERVICE_USER}' preserved"
fi
print_success "Uninstallation complete!"
echo
print_info "If you preserved the database files, you can reinstall and the relay will"
print_info "automatically detect the existing configuration and continue with the same keys."

47
test_port_increment.log Normal file
View File

@@ -0,0 +1,47 @@
=== C Nostr Relay Server ===
Event-based configuration system
[INFO] Existing relay detected
[INFO] Initializing event-based configuration system...
[SUCCESS] Event-based configuration system initialized
[INFO] Starting existing relay...
Relay pubkey: 6df436471c7965d6473e89998162e6b87cc3547d71a2db12f559a39f4596059a
[SUCCESS] Existing relay startup prepared
[SUCCESS] Database connection established: 6df436471c7965d6473e89998162e6b87cc3547d71a2db12f559a39f4596059a.nrdb
[INFO] Database schema already exists, skipping initialization
[INFO] Existing database schema version: 4
[INFO] Applying configuration from event...
[INFO] Checking for runtime configuration changes...
[INFO] Subscription limits changed - updating subscription manager
[INFO] Subscription limits: max_per_client=25, max_total=5000
[INFO] PoW configuration changed - reinitializing PoW system
[INFO] Initializing NIP-13 Proof of Work configuration
[INFO] PoW configured in basic validation mode
[INFO] PoW Configuration: enabled=true, min_difficulty=0, validation_flags=0x1, mode=full
[INFO] Expiration configuration changed - reinitializing expiration system
[INFO] Initializing NIP-40 Expiration Timestamp configuration
[INFO] Expiration Configuration: enabled=true, strict_mode=true, filter_responses=true, grace_period=300 seconds
[INFO] Relay information changed - reinitializing relay info
[SUCCESS] Relay information initialized with default values
[SUCCESS] Configuration updated via kind 33334 event - 4 system components reinitialized
[SUCCESS] Configuration applied from event (4 handlers executed)
[SUCCESS] Configuration loaded from database
[SUCCESS] Relay information initialized with default values
[INFO] Initializing NIP-13 Proof of Work configuration
[INFO] PoW configured in basic validation mode
[INFO] PoW Configuration: enabled=true, min_difficulty=0, validation_flags=0x1, mode=full
[INFO] Initializing NIP-40 Expiration Timestamp configuration
[INFO] Expiration Configuration: enabled=true, strict_mode=true, filter_responses=true, grace_period=300 seconds
[INFO] Subscription limits: max_per_client=25, max_total=5000
[INFO] Starting relay server...
[INFO] Starting libwebsockets-based Nostr relay server...
[INFO] Attempting to bind to port 8888
[2025/09/06 20:34:16:8170] E: ERROR on binding fd 8 to port 8888 (-1 98)
[2025/09/06 20:34:16:8172] E: init server failed
[2025/09/06 20:34:16:8172] E: Failed to create default vhost
[ERROR] Failed to create libwebsockets context after 1 attempts. Last attempted port: 8888
libwebsockets creation error: Inappropriate ioctl for device
[INFO] Cleaning up configuration system...
[SUCCESS] Configuration system cleaned up
[INFO] Database connection closed
[ERROR] Server shutdown with errors

357
tests/event_config_tests.sh Executable file
View File

@@ -0,0 +1,357 @@
#!/bin/bash
# Comprehensive Error Handling and Recovery Testing for Event-Based Configuration System
# Tests various failure scenarios and recovery mechanisms
set -e
# Configuration
RELAY_BINARY="./build/c_relay_x86"
TEST_DB_PREFIX="test_relay"
LOG_FILE="test_results.log"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Test results tracking
TESTS_PASSED=0
TESTS_FAILED=0
TESTS_TOTAL=0
# Function to print colored output
print_test_header() {
echo -e "${BLUE}[TEST]${NC} $1"
((TESTS_TOTAL++))
}
print_success() {
echo -e "${GREEN}[PASS]${NC} $1"
((TESTS_PASSED++))
}
print_failure() {
echo -e "${RED}[FAIL]${NC} $1"
((TESTS_FAILED++))
}
print_info() {
echo -e "${YELLOW}[INFO]${NC} $1"
}
# Clean up function
cleanup_test_files() {
print_info "Cleaning up test files..."
pkill -f "c_relay_" 2>/dev/null || true
rm -f ${TEST_DB_PREFIX}*.nrdb* 2>/dev/null || true
rm -f test_*.log 2>/dev/null || true
sleep 1
}
# Function to start relay and capture output
start_relay_test() {
local test_name="$1"
local timeout="${2:-10}"
print_info "Starting relay for test: $test_name"
timeout $timeout $RELAY_BINARY > "test_${test_name}.log" 2>&1 &
local relay_pid=$!
sleep 2
if kill -0 $relay_pid 2>/dev/null; then
echo $relay_pid
else
echo "0"
fi
}
# Function to stop relay
stop_relay_test() {
local relay_pid="$1"
if [ "$relay_pid" != "0" ]; then
kill $relay_pid 2>/dev/null || true
wait $relay_pid 2>/dev/null || true
fi
}
# Function to check if relay started successfully
check_relay_startup() {
local log_file="$1"
if grep -q "First-time startup sequence completed\|Existing relay startup" "$log_file" 2>/dev/null; then
return 0
else
return 1
fi
}
# Function to check if relay has admin keys
check_admin_keys() {
local log_file="$1"
if grep -q "Admin Private Key:" "$log_file" 2>/dev/null; then
return 0
else
return 1
fi
}
# Function to check database file creation
check_database_creation() {
if ls *.nrdb 2>/dev/null | head -1; then
return 0
else
return 1
fi
}
# Function to check configuration event in database
check_config_event_stored() {
local db_file="$1"
if [ -f "$db_file" ]; then
local count=$(sqlite3 "$db_file" "SELECT COUNT(*) FROM events WHERE kind = 33334;" 2>/dev/null || echo "0")
if [ "$count" -gt 0 ]; then
return 0
fi
fi
return 1
}
echo "========================================"
echo "Event-Based Configuration System Tests"
echo "========================================"
echo
# Ensure binary exists
if [ ! -f "$RELAY_BINARY" ]; then
print_failure "Relay binary not found. Please build first: make"
exit 1
fi
print_info "Starting comprehensive error handling and recovery tests..."
echo
# TEST 1: Normal First-Time Startup
print_test_header "Test 1: Normal First-Time Startup"
cleanup_test_files
relay_pid=$(start_relay_test "first_startup" 15)
sleep 5
stop_relay_test $relay_pid
if check_relay_startup "test_first_startup.log"; then
if check_admin_keys "test_first_startup.log"; then
if db_file=$(check_database_creation); then
if check_config_event_stored "$db_file"; then
print_success "First-time startup completed successfully"
else
print_failure "Configuration event not stored in database"
fi
else
print_failure "Database file not created"
fi
else
print_failure "Admin keys not generated"
fi
else
print_failure "Relay failed to complete startup"
fi
# TEST 2: Existing Relay Startup
print_test_header "Test 2: Existing Relay Startup (using existing database)"
relay_pid=$(start_relay_test "existing_startup" 10)
sleep 3
stop_relay_test $relay_pid
if check_relay_startup "test_existing_startup.log"; then
if ! check_admin_keys "test_existing_startup.log"; then
print_success "Existing relay startup (no new keys generated)"
else
print_failure "New admin keys generated for existing relay"
fi
else
print_failure "Existing relay failed to start"
fi
# TEST 3: Corrupted Database Recovery
print_test_header "Test 3: Corrupted Database Recovery"
if db_file=$(check_database_creation); then
# Corrupt the database by truncating it
truncate -s 100 "$db_file"
print_info "Database corrupted for recovery test"
relay_pid=$(start_relay_test "corrupted_db" 10)
sleep 3
stop_relay_test $relay_pid
if grep -q "ERROR.*database\|Failed.*database\|disk I/O error" "test_corrupted_db.log"; then
print_success "Corrupted database properly detected and handled"
else
print_failure "Corrupted database not properly handled"
fi
fi
# TEST 4: Missing Database File Recovery
print_test_header "Test 4: Missing Database File Recovery"
cleanup_test_files
# Create a database then remove it to simulate loss
relay_pid=$(start_relay_test "create_db" 10)
sleep 3
stop_relay_test $relay_pid
if db_file=$(check_database_creation); then
rm -f "$db_file"*
print_info "Database files removed to test recovery"
relay_pid=$(start_relay_test "missing_db" 15)
sleep 5
stop_relay_test $relay_pid
if check_relay_startup "test_missing_db.log"; then
if check_admin_keys "test_missing_db.log"; then
print_success "Missing database recovery successful (new keys generated)"
else
print_failure "New admin keys not generated after database loss"
fi
else
print_failure "Failed to recover from missing database"
fi
fi
# TEST 5: Invalid Configuration Event Handling
print_test_header "Test 5: Configuration Event Structure Validation"
# This test would require injecting an invalid configuration event
# For now, we check that the validation functions are properly integrated
if grep -q "nostr_validate_event_structure\|nostr_verify_event_signature" src/config.c; then
print_success "Configuration event validation functions integrated"
else
print_failure "Configuration event validation functions not found"
fi
# TEST 6: Database Schema Version Check
print_test_header "Test 6: Database Schema Consistency"
if db_file=$(check_database_creation); then
# Check that the database has the correct schema version
schema_version=$(sqlite3 "$db_file" "SELECT value FROM schema_info WHERE key = 'version';" 2>/dev/null || echo "")
if [ "$schema_version" = "4" ]; then
print_success "Database schema version is correct (v4)"
else
print_failure "Database schema version incorrect: $schema_version (expected: 4)"
fi
# Check that legacy tables don't exist
if ! sqlite3 "$db_file" ".tables" 2>/dev/null | grep -q "config_file_cache\|active_config"; then
print_success "Legacy configuration tables properly removed"
else
print_failure "Legacy configuration tables still present"
fi
fi
# TEST 7: Memory and Resource Management
print_test_header "Test 7: Resource Cleanup and Memory Management"
relay_pid=$(start_relay_test "resource_test" 15)
sleep 5
# Check for memory leaks or resource issues (basic check)
if kill -0 $relay_pid 2>/dev/null; then
# Send termination signal and check cleanup
kill -TERM $relay_pid 2>/dev/null || true
sleep 2
if ! kill -0 $relay_pid 2>/dev/null; then
if grep -q "Configuration system cleaned up" "test_resource_test.log"; then
print_success "Resource cleanup completed successfully"
else
print_failure "Resource cleanup not logged properly"
fi
else
kill -KILL $relay_pid 2>/dev/null || true
print_failure "Relay did not shut down cleanly"
fi
else
print_failure "Relay process not running for resource test"
fi
# TEST 8: Configuration Cache Consistency
print_test_header "Test 8: Configuration Cache Consistency"
if db_file=$(check_database_creation); then
# Check that configuration is properly cached and accessible
config_count=$(sqlite3 "$db_file" "SELECT COUNT(*) FROM events WHERE kind = 33334;" 2>/dev/null || echo "0")
if [ "$config_count" -eq 1 ]; then
print_success "Single configuration event stored (replaceable event working)"
else
print_failure "Multiple or no configuration events found: $config_count"
fi
fi
# TEST 9: Network Port Binding
print_test_header "Test 9: Network Port Availability and Binding"
relay_pid=$(start_relay_test "network_test" 10)
sleep 3
if kill -0 $relay_pid 2>/dev/null; then
# Check if port 8888 is being used
if netstat -tln 2>/dev/null | grep -q ":8888"; then
print_success "Relay successfully bound to network port 8888"
else
print_failure "Relay not bound to expected port 8888"
fi
stop_relay_test $relay_pid
else
print_failure "Relay failed to start for network test"
fi
# TEST 10: Multiple Startup Attempts (Port Conflict)
print_test_header "Test 10: Port Conflict Handling"
relay_pid1=$(start_relay_test "port_conflict_1" 10)
sleep 2
if kill -0 $relay_pid1 2>/dev/null; then
# Try to start a second relay (should fail due to port conflict)
relay_pid2=$(start_relay_test "port_conflict_2" 5)
sleep 1
if [ "$relay_pid2" = "0" ] || ! kill -0 $relay_pid2 2>/dev/null; then
print_success "Port conflict properly handled (second instance failed to start)"
else
print_failure "Multiple relay instances started (port conflict not handled)"
stop_relay_test $relay_pid2
fi
stop_relay_test $relay_pid1
else
print_failure "First relay instance failed to start"
fi
# Final cleanup
cleanup_test_files
# Test Results Summary
echo
echo "========================================"
echo "Test Results Summary"
echo "========================================"
echo "Tests Passed: $TESTS_PASSED"
echo "Tests Failed: $TESTS_FAILED"
echo "Total Tests: $TESTS_TOTAL"
echo
if [ $TESTS_FAILED -eq 0 ]; then
print_success "ALL TESTS PASSED! Event-based configuration system is robust."
exit 0
else
print_failure "$TESTS_FAILED tests failed. Review the results above."
echo
print_info "Check individual test log files (test_*.log) for detailed error information."
exit 1
fi

150
tests/quick_error_tests.sh Executable file
View File

@@ -0,0 +1,150 @@
#!/bin/bash
# Quick Error Handling and Recovery Tests for Event-Based Configuration System
# Focused tests for key error scenarios
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Test results tracking
TESTS_PASSED=0
TESTS_FAILED=0
print_test() {
echo -e "${BLUE}[TEST]${NC} $1"
}
print_pass() {
echo -e "${GREEN}[PASS]${NC} $1"
((TESTS_PASSED++))
}
print_fail() {
echo -e "${RED}[FAIL]${NC} $1"
((TESTS_FAILED++))
}
print_info() {
echo -e "${YELLOW}[INFO]${NC} $1"
}
echo "========================================"
echo "Quick Error Handling and Recovery Tests"
echo "========================================"
echo
# Clean up any existing processes and files
print_info "Cleaning up existing processes..."
pkill -f c_relay 2>/dev/null || true
rm -f *.nrdb* 2>/dev/null || true
sleep 1
# TEST 1: Signature Validation Integration
print_test "Signature Validation Integration Check"
if grep -q "nostr_validate_event_structure\|nostr_verify_event_signature" src/config.c; then
print_pass "Signature validation functions found in code"
else
print_fail "Signature validation functions missing"
fi
# TEST 2: Legacy Schema Cleanup
print_test "Legacy Schema Cleanup Verification"
if ! grep -q "config_file_cache\|active_config" src/sql_schema.h; then
print_pass "Legacy tables removed from schema"
else
print_fail "Legacy tables still present in schema"
fi
# TEST 3: Configuration Event Processing
print_test "Configuration Event Processing Functions"
if grep -q "process_configuration_event\|handle_configuration_event" src/config.c; then
print_pass "Configuration event processing functions present"
else
print_fail "Configuration event processing functions missing"
fi
# TEST 4: Runtime Configuration Handlers
print_test "Runtime Configuration Handlers"
if grep -q "apply_runtime_config_handlers" src/config.c; then
print_pass "Runtime configuration handlers implemented"
else
print_fail "Runtime configuration handlers missing"
fi
# TEST 5: Error Logging Integration
print_test "Error Logging and Validation"
if grep -q "log_error.*signature\|log_error.*validation" src/config.c; then
print_pass "Error logging for validation integrated"
else
print_fail "Error logging for validation missing"
fi
# TEST 6: First-Time vs Existing Relay Detection
print_test "Relay State Detection Logic"
if grep -q "is_first_time_startup\|find_existing_nrdb_files" src/config.c; then
print_pass "Relay state detection functions present"
else
print_fail "Relay state detection functions missing"
fi
# TEST 7: Database Schema Version
print_test "Database Schema Version Check"
if grep -q "('version', '4')\|\"version\", \"4\"" src/sql_schema.h; then
print_pass "Database schema version 4 detected"
else
print_fail "Database schema version not updated"
fi
# TEST 8: Configuration Value Access Functions
print_test "Configuration Value Access"
if grep -q "get_config_value\|get_config_int\|get_config_bool" src/config.c; then
print_pass "Configuration access functions present"
else
print_fail "Configuration access functions missing"
fi
# TEST 9: Resource Cleanup Functions
print_test "Resource Cleanup Implementation"
if grep -q "cleanup_configuration_system\|cJSON_Delete" src/config.c; then
print_pass "Resource cleanup functions present"
else
print_fail "Resource cleanup functions missing"
fi
# TEST 10: Build System Integration
print_test "Build System Validation"
if [ -f "build/c_relay_x86" ]; then
print_pass "Binary built successfully"
else
print_fail "Binary not found - build may have failed"
fi
echo
echo "========================================"
echo "Quick Test Results Summary"
echo "========================================"
echo "Tests Passed: $TESTS_PASSED"
echo "Tests Failed: $TESTS_FAILED"
echo "Total Tests: $((TESTS_PASSED + TESTS_FAILED))"
echo
if [ $TESTS_FAILED -eq 0 ]; then
print_pass "ALL QUICK TESTS PASSED! Core error handling integrated."
echo
print_info "The event-based configuration system has:"
echo " ✓ Comprehensive signature validation"
echo " ✓ Runtime configuration handlers"
echo " ✓ Proper error logging and recovery"
echo " ✓ Clean database schema (v4)"
echo " ✓ Resource management and cleanup"
echo " ✓ First-time vs existing relay detection"
echo
exit 0
else
print_fail "$TESTS_FAILED tests failed. System needs attention."
exit 1
fi