Some nostr webapps may need a relaxed CORS header set in Nginx to allow access to your self-hosted NIP-05 nostr.json identity file; generally useful for most .well-known/ content depending on details: location ~ /\.well-known { allow all; add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET' always; } Add it to your Nginx virtual server definition after any other location exact path (=) or forward-match (^-) items, before any final generic prefix matches (location /...) but as it's a very wide open security policy, make sure it only applies to specific files/folders you don't mind/care being sourced from anywhere. Using "/\well-known/nostr\.json" e.g. would limit the policy to just that one file. #nginx #nostr #linux