Some nostr webapps may need a relaxed CORS header set in Nginx to allow access to your self-hosted NIP-05 nostr.json identity file; generally useful for most .well-known/ content depending on details:
location ~ /\.well-known {
allow all;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET' always;
}
Add it to your Nginx virtual server definition after any other location exact path (=) or forward-match (^-) items, before any final generic prefix matches (location /...) but as it's a very wide open security policy, make sure it only applies to specific files/folders you don't mind/care being sourced from anywhere. Using "/\well-known/nostr\.json" e.g. would limit the policy to just that one file.
#nginx #nostr #linux