Some nostr webapps may need a relaxed CORS header set in Nginx to allow access to your self-hosted NIP-05 nostr.json identity file; generally useful for most .well-known/ content depending on details:

  location ~ /\.well-known {
    allow all;
    add_header 'Access-Control-Allow-Origin' '*' always;
    add_header 'Access-Control-Allow-Methods' 'GET' always;
  }

Add it to your Nginx virtual server definition after any other location exact path (=) or forward-match (^-) items, before any final generic prefix matches (location /...) but as it's a very wide open security policy, make sure it only applies to specific files/folders you don't mind/care being sourced from anywhere. Using "/\well-known/nostr\.json" e.g. would limit the policy to just that one file.

#nginx #nostr #linux