event icon indicating copy to clipboard operation
event copied to clipboard

Published 20 hours ago verified publisher icon gookit

Connect over https to Core Lightning

Open JWBurgers opened this issue 1 year ago • 6 comments

Describe the feature

My understanding is that you can make a TLS connection to LND, instead of a Tor hidden service connection.

I tried various ways manually to make Zeus connect to Core Lightning's REST API over an NGINX https proxy with a self-signed certificate. It seems to establish communication just fine. But the issue I'm running into is that "the hostname is not verified".

The error is standard to Android. But it is my understanding that one can bypass the hostname verification objection for self-signed certificates within a particular app. It would be good to have this option available for Core Lightning, as connecting via a hidden service is often slow.

JWBurgers avatar Jan 10 '24 20:01 JWBurgers

There's a Certificate Verification toggle you should be able to leverage on the node configuration page. Otherwise, you should be able to install the CLN-rest cert on your device

kaloudis avatar Jan 10 '24 22:01 kaloudis

I can indeed easily create a normal connection without any certificate. Precisely, toggling that certificate produces the "hostname is not verified" error on Zeus, even after importing the TLS certificate. There may be some way to configure a certificate creation so that it avoids this issue, but I'm not sure how.

JWBurgers avatar Jan 11 '24 17:01 JWBurgers

You need to set rest-domain in your c-lightning-REST config https://github.com/Ride-The-Lightning/c-lightning-REST/blob/69a5d9788bf99d57ffc9b0f95f4e409bd9a366ee/README.md?plain=1#L62

kaloudis avatar Jan 11 '24 18:01 kaloudis

Yes, indeed I did. But now realize this is not supposed to be an IP address (https://github.com/Ride-The-Lightning/c-lightning-REST/issues/131).

What should be the value then? The question isn't really well-answered in the issue. I also tried my host-name on the server.

JWBurgers avatar Jan 11 '24 18:01 JWBurgers

I'm unsure, you might want to open up an issue in their repo

kaloudis avatar Jan 12 '24 16:01 kaloudis

I have asked for clarification and will drop a response here once I have it.

JWBurgers avatar Jan 15 '24 04:01 JWBurgers

Closing due to inactivity. Feel free to reopen if you think there's an issue in ZEUS

kaloudis avatar Apr 03 '24 04:04 kaloudis

Thanks @kaloudis. I was unable to figure out really how to set this up from discussion with RTL. Am going to explore managing the connection for mobile phone via wireguard. That seems to work well according to quite a few people.

JWBurgers avatar Apr 30 '24 11:04 JWBurgers