Improve Auto unlock feature

getAlby / hub

Alby Hub - Your own lightning node connected to every app. Run anywhere. Become self-sovereign.

https://albyhub.com

Apache License 2.0

108 stars 21 forks source link

Improve Auto unlock feature #720

Open rolznz opened 2 months ago

rolznz commented 2 months ago

There is an AUTO_UNLOCK_PASSWORD field which can be provided to automatically start the node on Alby Hub startup. However, this requires Umbrel and Start9 to allow the user to edit this env variable and is not enabled by default, which should be.

How can we improve this for self-hosted hubs?

rolznz commented 1 month ago

Fundamentally, maybe Start9 and Umbrel should not even have unlock passwords. This needs more planning.

I still think this is an issue that we should focus on though e.g. with powercuts or restarts, it's harder for users to get Alby Hub back up and running.

jpl-btc commented 1 month ago

After months of using Alby Hub on Start9 and Umbrel, I’ve rarely needed to enter the unlock password. Once the app is opened, the OS keeps it active, so re-entering the password is only required after a system reboot when I did restart Umbrel, logging in felt natural since all other apps also required re-authentication.

In summary, the unlock password hasn’t been a hassle, it’s only prompted after a reboot, which aligns with expected security behavior. This is based solely on my own experience, and I have not heard complains about this from umbrel or Start9 users so far

rolznz commented 1 month ago

I personally have issues with this due to semi-frequent powercuts. But this can be fixed with a backup power supply.

riccardobl commented 3 weeks ago

Hi, I run Alby Hub with Docker on a home server that occasionally needs to reboot. I used this env variable to make Alby Hub come back online automatically, just like the other services, so I don’t have to worry about unlocking it manually.

In my specific setup this is a spending node with few sats in it, i don't need to protect it from being stolen or things like that, so this security feature (that is very important otherwise) is not needed for me.

I think this setup might be fairly common. I wouldn’t recommend enabling auto-unlock as the default, but it may be worth mentioning this thing and the related env variable in the Docker setup guide. It’s a bit unexpected behavior for a Docker container, and I only discovered it after receiving Alby’s email about unlocking the hub (by the way, thanks for doing these extra checks on our nodes :+1: )