lightning-charge icon indicating copy to clipboard operation
lightning-charge copied to clipboard
verified publisher icon ElementsProject

Doubt with lightning-charge and nanotip

Open bitcoinoplomo opened this issue 6 years ago • 2 comments

I don't know if this is the right place to ask for this. But the irc channel at freenode is kinda empty. I have the following set up: A full bitcoin node and lightning node running c-lightning. On top of my lighting node I have lightning charge and nanotip.

But in https://github.com/ElementsProject/lightning-charge it says the following

Note that Charge does not have TLS encryption and should not normally be exposed directly to the public internet. For remote access, you should setup an SSH tunnel or a TLS-enabled reverse proxy like nginx.

So a searched online and get my nanotip working using a ssh tunnel like this

$ ssh user@external_ip -R 9000:localhost:9112 -f -N

It is working and I think I did everything right! My nanotip can be reached from the web but to create a invoice it uses port 9000. And that port has a ssh tunnel to 9112 port of lighting charge. Is the correct approach?

bitcoinoplomo avatar Feb 07 '19 19:02 bitcoinoplomo

Assuming your lightning charge and your nanotip are hosted on different servers, than yes, this seems like the correct approach!

I would also make sure that port 9112 was not unintentionally made public, which you can verify by running curl http://external_ip:9112/ and seeing that it fails.

shesek avatar Feb 08 '19 04:02 shesek

The lightning charge and the nanotip are in the same server, a VPS. The idea was not to have the port 9112 reachable from the web, so I created a SSH tunnel between both ports (nanotip and charged) in the same server.

The output from the command you suggested is

$ curl http://external_ip:9112/
curl: (7) Failed to connect to external_ip port 9112:

And this one shows

$ curl http://external_ip:9000/
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

In this way the port 9112 is not reachable from the web, like it says the ligthing-charge README.md

Note that Charge does not have TLS encryption and should not normally be exposed directly to the public internet. For remote access, you should setup an SSH tunnel or a TLS-enabled reverse proxy like nginx.

So, I think lightning charge is not exposed directly to the web. And nanotip can safely create invoices.

bitcoinoplomo avatar Feb 08 '19 13:02 bitcoinoplomo