About Sovereign Stack
Photo by Thomas Jensen / Unsplash

Project Overview

Sovereign Stack is a complete network solution enabling you to deploy Bitcoin-centric website infrastructure at your home or small office. It consists of this website which contains all the documentation, and the Sovereign Stack code.

To run Sovereign Stack as intended, you first need to implement the network infrastructure part of this project as documented throughout this website. When you have your network properly configured, you can deploy the Sovereign Stack code to a compute node. This is where your websites and Bitcoin-native payment infrastructure and website components run.

To get an idea for the types of applications you can create using Sovereign, check out our Examples page.

Network Diagram

The typical Sovereign Stack deployment will look something like the following network diagram:

Basic Requirements

There are several requirements to run Sovereign Stack successfully:

  • a modern firewall, preferably one based on pfSense,
  • a VLAN capable managed switch,
  • one or more x64 computing devices (e.g., Librem Mini, Intel NUC, etc.),
  • a fast and reliable Internet connection,
  • and a (preferably dedicated) management machine
A competent network technician or Uncle Jim may also required to read and understand the documentation on this website and apply the concepts to your particular network!

The system diagram above shows "computing devices" attached to a DMZ. This is where you place one or more commodity x86_64 computing devices. These commodity machines are where you can deploy the Sovereign Stack software. All software that gets deployed executes in isolated Virtual Machines which attach to the network underlay using Macvlan. Your network firewall enforces traffic policy so you can allow internal or public access to your websites.

Sovereign Stack is designed to operate on a home or small office Internet connection. Typically this means there exists ONE and ONLY ONE public IP address which is provided by your ISP. In many cases, you will want to deploy more than one website under different DNS domains. Rather than dedicating a single IP address per-website, Sovereign Stack creates a reverse proxy which routes all incoming HTTP headers to the appropriate website. The result is that Sovereign Stack can host multiple websites at a single IP address. All deployed websites, however, use one instance of BTCPayServer which provides the Lightning liquidity pool.

When executed from your management machine, the Sovereign Stack code base allows you to deploy and manage one or more Bitcoin-only websites to your back-end compute devices (i.e., Cluster Hosts).

This website (sovereign-stack.org) was built using the bash scripts linked above.


The website that gets deployed is based on Ghost and BTCPay Server at a minimum. You can also deploy other Open Source Software (OSS) projects such as Nextcloud and Gitea, and a Nostr relay. All depends on your requirements and what applications are supported.

The goal is to deploy whatever apps which allow you to create the desired effect. We'll be adding more services as time progresses, all with the focus on further decentralizing the Internet via self-hosting and trust minimization.

BTCPay Server

BTCPay Server is a required component of a Sovereign Stack deployment. It provides all the Bitcoin related functionality including Bitcoin full node (deployed as a pruning full using FastStart). Each deployment also deploys a core-lightning node for all lightning functionality. Website creators are expected to know how to use BTCPay server to implement the various payment workflows that might exist, e.g., tipping, store/order menu, crowdfunds, etc..

Remember, this is Sovereign Stack! That means you SHOULD AVOID becoming a custodian for anyone other than yourself! It's probably OK to hand out addresses for others, but LIGHTNING is inherently custodial!


Ghost is an excellent syndication-based web front end. It has a great user interface for users to create their content. Sovereign Stack is there to deploy Ghost and situate it behind a domain name, and to perform backup/restoration activities for all the ghost instances you deploy. Sovereign Stack even has some limited support for deploying multiple Ghost instances under a single domain name with automated language routing using HTTP 302 redirect.


Sovereign Stack can optionally deploy Nextcloud. One should take care in the features you actually use on Nextcloud. It is NOT recommended to use any of the Fediverse type functionality (you should probably use a Nostr-based solution for that). Nextcloud makes a great front-end for calendars and webcal service endpoints, however.

Remember! Sovereign Stack AVOIDS the use of Email. Therefore, all applications, from Ghost to nextcloud to Gitea, all of them DO NOT support email functionality whatsoever!


Gitea is software that allows you to host git repos and has a nice web front-end for displaying the files. This aids in creating documentation that is easy to read and helps the user better understand how everything works under-the-hood.

Gitea also exposes RSS feed on git repos! You should encourage your users to subscribe to the RSS feed of your git repo to be notified of updates to the master branch.

Think twice before using the Issues and Pull Requests feature in Gitea. These features are better implemented using Nostr since they are social features. Potential clients are under evaluation at . 


Each domain that gets deployed can optionally have a Nostr relay deployed. Nostr relays help support the Nostr ecosystem. It is expected that multiple relay processes will get deployed to address various use cases, e.g., [free] application logging, [expensive] public relay.

Sovereign Stack also allows you to become NIP-05 compliant, so you can get a blue check mark for pubkeys under your control.

Appreciate what this project is all about? Consider donating to our monthly crowdfund.