Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Doubt with lightning-charge and nanotip #55

Open
bitcoinoplomo opened this issue Feb 7, 2019 · 2 comments
Open

Doubt with lightning-charge and nanotip #55

bitcoinoplomo opened this issue Feb 7, 2019 · 2 comments
Labels

Comments

@bitcoinoplomo
Copy link

I don't know if this is the right place to ask for this. But the irc channel at freenode is kinda empty.
I have the following set up: A full bitcoin node and lightning node running c-lightning.
On top of my lighting node I have lightning charge and nanotip.

But in https://github.com/ElementsProject/lightning-charge it says the following

Note that Charge does not have TLS encryption and should not normally be exposed directly to the public internet. For remote access, you should setup an SSH tunnel or a TLS-enabled reverse proxy like nginx.

So a searched online and get my nanotip working using a ssh tunnel like this

$ ssh user@external_ip -R 9000:localhost:9112 -f -N

It is working and I think I did everything right!
My nanotip can be reached from the web but to create a invoice it uses port 9000. And that port has a ssh tunnel to 9112 port of lighting charge.
Is the correct approach?

@shesek
Copy link
Contributor

shesek commented Feb 8, 2019

Assuming your lightning charge and your nanotip are hosted on different servers, than yes, this seems like the correct approach!

I would also make sure that port 9112 was not unintentionally made public, which you can verify by running curl http://external_ip:9112/ and seeing that it fails.

@shesek shesek added the question label Feb 8, 2019
@bitcoinoplomo
Copy link
Author

bitcoinoplomo commented Feb 8, 2019

The lightning charge and the nanotip are in the same server, a VPS.
The idea was not to have the port 9112 reachable from the web, so I created a SSH tunnel between both ports (nanotip and charged) in the same server.

The output from the command you suggested is

$ curl http://external_ip:9112/
curl: (7) Failed to connect to external_ip port 9112:

And this one shows

$ curl http://external_ip:9000/
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot GET /</pre>
</body>
</html>

In this way the port 9112 is not reachable from the web, like it says the ligthing-charge README.md

Note that Charge does not have TLS encryption and should not normally be exposed directly to the public internet. For remote access, you should setup an SSH tunnel or a TLS-enabled reverse proxy like nginx.

So, I think lightning charge is not exposed directly to the web. And nanotip can safely create invoices.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants