Umbrel Nostr

Apr 29, 2025

Prerequisites: Umbrel installation

Umbrel is an open-source platform that lets you easily host Bitcoin applications and other services on your own personal server. It's an all-in-one solution that greatly simplifies self-hosting of Bitcoin nodes and decentralized applications.

Make sure you have installed Umbrel by following our installation guide:

UmbrelDiscover and install Umbrel - Your Bitcoin node and home server

Introduction to Nostr

Nostr is an open, decentralized network protocol designed for social networking. Its name stands for "Notes and Other Stuff Transmitted by Relays". It allows anyone to publish messages (notes), managed as JSON events, and propagate them through relay servers rather than a centralized platform. Each user possesses a pair of cryptographic keys (private/public) that serve as an identifier: the public key (npub) identifies the user, and the private key (nsec) enables messages to be signed. Thanks to this distributed architecture, Nostr offers censorship resistance and great flexibility: you can use several clients and connect to as many relays as you like, without depending on a single server.

In short, Nostr is a decentralized communication protocol where clients (user applications) send and receive events via relayers (servers). This protocol has been particularly popular with the Bitcoin community since 2023, due to its values of decentralization and data sovereignty.

Note: To use Nostr, you'll need your private key (generated by a Nostr client or via a dedicated extension). Never share your private key, as it would allow anyone to impersonate you. Keep it in a safe place and use secure key management tools (see Tip below).

Umbrel applications for Nostr

Umbrel offers an ecosystem of integrated applications to take full advantage of Nostr on your personal node. We're going to detail the use of the main Nostr-related apps: Nostr Relay, noStrudel, Snort and Nostr Wallet Connect. Each one meets a specific need: Nostr Relay is a private relay server, noStrudel and Snort are Nostr clients (interfaces for reading/publishing notes), while Nostr Wallet Connect is a tool for linking your Lightning wallet to Nostr.

Nostr Relay - Your private relay on Umbrel

Nostr Relay is Umbrel's official application for running your own Nostr relay on your node. The main objective is to have a private and reliable relay to backup all your Nostr activity in real time. In other words, by using this personal relay in addition to the public relays, you ensure that all your notes, messages and reactions are copied home, safe from censorship or data loss.

Installation: From the Umbrel App Store (category Social), install Nostr Relay. Once launched, the application runs in the background (docker service).

You'll see its Interface web via Umbrel: it provides basic information and, above all, the URL of your relay (top right), which you'll need to copy for further use. A synchronization button (globe icon) is also available.

To take advantage of your Umbrel relay:

Add the relay to your Nostr client: In your client application (e.g. Damus on iOS, Amethyst on Android, Snort or noStrudel on Umbrel, etc.), add the URL of your private relay that you copied earlier. By default, the Umbrel relay listens on port 4848. If you access it on the local network, this gives a URL like: ws://umbrel.local:4848 (or use the Umbrel's local IP).

If you're using Tailscale (see below), you can even use the MagicDNS DNS alias (usually umbrel or an auto-generated name) to access it from anywhere, always on port 4848.

If you prefer Tor, get your Umbrel's .onion address and use it with port 4848 via a Tor-compatible browser or client (see Tor section)

Once the URL has been added to your Nostr client's Relay configuration, connect to this relay. You should see in your client that the Umbrel relay is connected (usually indicated by a green dot or similar).

Synchronize history (optional): In the Interface web of Nostr Relay on Umbrel, click on the globe 🌐 icon (at the top of the page). This action will force your Umbrel relay to connect to your other relays (those configured in your client) to import your old public activities. This means that past notes you've published or read via public relays will also be downloaded and stored on your private relay. Please wait for the synchronization to take place.

Use Nostr as usual: From now on, any new activity (published notes, reactions, encrypted private messages, etc.) you perform on Nostr will be forwarded as usual to the public relays and in parallel to your Umbrel relay. If your Nostr client is properly configured, it will send each event to all relays (including yours). Your private relay will act as a real-time backup. Even in the event of a temporary disconnection, your customers will be able to resynchronize missing data later thanks to this relay. this gives you complete control over your Nostr data

In the background, Umbrel's Nostr Relay is based on the open-source nostr-rs-relay project (Rust protocol implementation). It supports the entire Nostr protocol and numerous standard NIPs (NIP-01, 02, 03, 09, 11, 12, 15, 16, 20, 22, 26, 28, 33, etc.), guaranteeing maximum compatibility with customers.

noStrudel - Nostr client for explorers

noStrudel is a power-user-oriented Nostr web client, ideal for understanding and exploring the Nostr network in detail. It's a kind of sandbox for inspecting events and relays, and for experimenting with the protocol's advanced features. Interface is in English and relatively technical, making it ideal for experienced users curious about the inner workings of Nostr.

Installation: Install noStrudel from the Umbrel App Store (category Social). Once launched, it can be accessed via your browser at your Umbrel's address (e.g. http://umbrel.local or via its .onion/Tailscale, see external access section).

Configure relays: When you open noStrudel, you'll see a "Setup Relays" button in the top right-hand corner. Click on it to configure your relays.

On this page, paste the URL of your Umbrel relay that you copied earlier. You can also add other relays proposed by default by the application. Once you've configured your relays, click on "Sign in" at bottom left to continue.

Connection: noStrudel offers you several connection options. In our case, we'll choose "Private Key" and paste in your previously generated Nostr private key. If you don't yet have a key, you can install the [Nostr Connect] extension (https://chromewebstore.google.com/detail/nostr-connect/ampjiinddmggbhpebhaegmjkbbeofoaj) to create and/or save your Nostr keys and thus communicate more securely with the various Nostr applications.

Once connected, you can use noStrudel to share your notes via Nostr. Interface gives you access to :

Complete Nostr dashboard with notes timeline, notifications, messaging, profile search
Relay management and connection status
Advanced tools for examining events and their JSON content
Configuration options for timeline filters and PINs

Tip: On noStrudel, you can set up timeline filters or test different NIPs (Nostr Implementation Possibilities). For example, check support for NIP-05 (decentralized identifiers) or more recent features. This makes noStrudel an excellent tool for experimenting in a controlled environment.

Snort - Modern Nostr customer on Umbrel

Snort is another Nostr web client available on Umbrel, offering a modern, fast and uncluttered Interface for interacting with the decentralized social network. Unlike noStrudel, which targets power users, Snort aims for simplicity of use without sacrificing functionality. It is built in React, and offers a neat UX reminiscent of classic social networks, making it suitable for everyday use.

Installation: Install Snort from the Umbrel App Store (category Social).

When you open Snort, you'll see a "Register" button in the bottom left-hand corner.

You can choose to register or connect to an existing account (which is what we're going to do for this tutorial).

Snort offers several connection methods. You can use the previously installed Nostr Connect extension or other available methods. Once connected, you'll be able to use the application to the full.

The Interface from Snort offers :

A Posts/Conversations/Global display to navigate between your notes, threaded discussions, or the global feed
Tabs for Notifications, Messages (DM), Search, Profile, etc.
A + or Write button to publish a new note
Management of subscriptions (following) and lists
Relay management menu to add/remove relays and track their availability

Recommended relay configuration: To add your Umbrel relay, go to Settings - Relays. Enter the URL of your relay (ws://umbrel:4848 or other URL depending on your config) in Snort's list of relays. This way, Snort will publish your notes on your private relay in addition to the public ones.

Nostr Wallet Connect - Link your Lightning wallet to Nostr

Nostr Wallet Connect (NWC) is an application that connects your Umbrel (Lightning) node to compatible Nostr applications to make Lightning payments (for example, sending zaps, those micro-payments for "liking" content). In this tutorial, we'll look at how to connect noStrudel to your Lightning node to make payments directly from the Interface.

Installation and configuration:

Install Nostr Wallet Connect from the Alby store on Umbrel.

In noStrudel, click on your profile in the top right-hand corner, then on the "manage" button.

Click on "Lightning" then "connect Wallet".

Among the available connection options, choose "Umbrel".

Click on "Connect" to be automatically redirected to your Umbrel Nostr Wallet Connect session.

On the Nostr Wallet Connect page, you can :

Define your maximum budget
Validate authorizations
Set an expiry time for the connection

Click on "connect" to finalize.

You are redirected to noStrudel with a confirmation message: you can now zap the whole world from your Wallet/LND node!

Thanks to NWC, your Lightning payments via Nostr (zaps to reward posts, Value for Value payments, etc.) start from your own node. You no longer have to route your transactions through external services or scan a QR from your phone every time. The user experience is greatly enhanced, while remaining non custodial and privacy-friendly.

If you want to know how to set up your own Lightning node on Umbrel, I recommend you check out this other comprehensive tutorial:

Umbrel LNDAdvanced tutorial on installing and configuring Lightning Network Daemon (LND) on Umbrel

Advanced configuration and security

Using Umbrel and Nostr together at an advanced level requires special attention to security and connectivity. Here are a few tips on how to protect your configuration and access it optimally, wherever you are.

Secure external access: Tor and Tailscale

For security reasons, your Umbrel is only accessible by default on your local network (and via Tor). To interact with Nostr away from home, you have two preferred solutions: Tor (anonymous access via onion network) and Tailscale (private VPN mesh).

Access via Tor: Umbrel automatically configures a Tor service (.onion) for its Interface web and applications. This means you can access Interface Umbrel (including noStrudel or Snort) from anywhere, using the Tor browser, without exposing your public IP. Tor is used to access your Umbrel services from outside your local network, without exposing your device to the Internet (Setup Tor on your system - Guides - Umbrel Community). To use this option, go to Umbrel settings and retrieve your Umbrel's .onion URL (or scan the QR code provided). On a Tor browser, access this .onion address: you'll get the same Interface as locally. You can then use your Nostr apps just like at home.

Nostr relay via Tor: If you'd like your Nostr relay to be reachable via Tor by your customers (or authorized friends), this is possible. Umbrel doesn't provide the relay's .onion address directly, but since it runs on port 4848, you can either :

- Use the UI Umbrel's .onion address and configure your client to connect via this Interface (impractical for WebSocket),

Or expose port 4848 as a separate onion service. This requires fiddling with the Tor config on Umbrel (reserved for advanced users comfortable with SSH). Alternatively, consider a Tor tunnel on another server that redirects to Umbrel: however, for personal use, it's easiest to use Tailscale.
Access via Tailscale: Tailscale is a mesh VPN solution that creates a virtual private network between your devices and Umbrel. The advantage: it works as if you were on a LAN, but over the Internet, encrypted and without complex configuration. Tailscale assigns your Umbrel a fixed IP and a private domain name, regardless of its network location (Tailscale | Umbrel App Store). In practice, once you've installed Tailscale on Umbrel (from the Umbrel App Store, category Networking) and on your devices (mobile, PC...), you'll be able to reach Umbrel via an address like 100.x.y.z (Tailscale IP) or a name like umbrel.tailnet123.ts.net.

for Nostr_, Tailscale is extremely useful: your mobile, if it has Tailscale active, will be able to connect to ws://umbrel:4848 (thanks to MagicDNS) or directly to the Tailscale IP and port 4848 to use the relay. Clients like Damus or Amethyst will see your Umbrel as if it were on the same local network. Tip: Enable the MagicDNS option in Tailscale to use the hostname umbrel instead of memorizing the IP. This ensures a smooth connection to your relay even when you're on the move (Nostr Relay | Umbrel App Store).

What's more, Tailscale lets you access the Interface Umbrel (and thus the noStrudel/Snort web clients) via a simple browser, using the private IP or assigned domain name. There's no need for a Tor Browser, and data transfer speeds are generally better than via the Tor network.

Note: Tor and Tailscale are not mutually exclusive. You can keep Tor active for anonymized access or specific services, and use Tailscale on a day-to-day basis for its simplicity. In both cases, you don't need to open a port on your router, which reinforces security.

Securing your Nostr relay (recommended practices)

If you host a Nostr relay on Umbrel, especially in an advanced context, be sure to apply a few good practices:

Private or restricted relay: By default, your Umbrel relay is private (not publicly announced) and, if you only access it via Tailscale or your LAN, it will remain inaccessible to strangers. Keep the link confidential. Do not broadcast it on public Nostr networks unless you want to voluntarily host other users, which is a whole other issue (moderation, bandwidth, etc.). For personal use, we recommend limiting access to yourself and, if necessary, to a few trusted friends and family.
Whitelist / Auth: The nostr-rs-relay implementation supports a NIP-42 authentication mechanism as well as whitelists of public keys. By enabling these options, you can restrict your relay so that it only accepts events signed by certain keys (yours), or that clients must authenticate to publish. Setting this up requires editing the relay's config.toml configuration file in Umbrel (via SSH in the Docker container). It's an advanced manipulation, but for example you can list the ads allowed (pubkey_whitelist). This way, even if someone discovers your relay, they won't be able to publish anything there if they're not on the list.
Updates and maintenance: Keep your Umbrel and the Nostr Relay app up to date. Updates may include performance improvements (e.g. better spam handling) and security fixes. On Umbrel, check the App Store regularly for updates to Nostr Relay, and apply them as necessary.
Monitoring and limits: Keep an eye on how your relay is used. If you open it up to others, keep an eye on the load (CPU/RAM storage) on your Umbrel, as a relay can quickly accumulate a lot of data. nostr-rs-relay offers configurable rate and storage limits (limits in the config, e.g. number of events per second, max event size, purging of old events...). For private use, you probably won't need to touch these, but be aware that these parameters exist if you need them (nostr-rs-relay/config.toml at master - scsibug/nostr-rs-relay - GitHub).
Securing Nostr keys: This point has already been mentioned, but it's crucial: never enter your Nostr private keys in a Interface you don't fully trust. Instead, use browser extensions or external devices (such as Nostr signers on separate phones) to sign sensitive actions. On Umbrel, your web clients like Snort and noStrudel can work without knowing your secret key, via NIP-07. Take advantage of this opportunity to combine comfort and security.

By following these tips, your integration of an Umbrel node with Nostr will be both powerful and secure. You'll have a complete environment: a Bitcoin node for Lightning payments, a private Nostr relay for data sovereignty, and high-performance Nostr web clients to navigate this new decentralized social network. Enjoy exploring Nostr with Umbrel!

Did this work well for you?

Author

This tutorial has been written by Pierre

You can say thanks by tipping the professor.

Pierre

41Tutorials

Passionate about Bitcoin and convinced that education is the key, I wish to share with you the little knowledge I have and thus contribute to the adoption of Bitcoin. Otherwise, I'm a big fan of Pink Floyd, I'm learning to code, and I make memes. Looking forward to meeting you at the next meet-up! I am the creator of the training course BTC 205 - Non-KYC Purchase Solution.

privacyadoptionguides

Credits

This tutorial has not been proofread yet

0/3Proofreading status

The original content has been translated by AI, but human review is necessary to ensure its accuracy.

4 002 sats2 001 sats1 001 sats

*Rewards may vary based on the $ exchange rate

Every content on the platform is the result of a collaborative effort: each lesson, translation, and revision is made possible by the work of contributors. For this reason, we are always looking for proofreaders who can review our content in many languages. If you want to participate in the proofreading process, please reach out in our Telegram group and read our tutorial. We remind you that this content is open-source - licensed under CC BY-SA - so it can be freely shared and used, as long as the original source is credited.