Closed jaonoctus closed 2 years ago
lnproxy
commented
2 years ago The program is pretty quiet, I think there's just a single log message at the moment so that's probably fine.
I noticed a typo in README.md.
It's possible the problem is that you have to use http://localhost:4747 not https://localhost:4747
If that's not it, it could be the lnd rest api connection. Can you send the output of:
grep restlisten ~/.lnd/lnd.conf
jaonoctus
commented
2 years ago @lnproxy It is lnd_bitcoin:8080, which I have already set via -lnd param.
lnproxy
commented
2 years ago What's the output of:
$ MACAROON_HEADER="Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon)"
$ curl -X GET --cacert ~/.lnd/tls.cert --header "$MACAROON_HEADER" https://lnd_bitcoin:8080/v1/getinfo curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version numberSame command, but using http instad of https:
{
"version": "0.15.0-beta commit=basedon-v0.15.0-beta-fresh-btcpay",
"commit_hash": "HIDDEN",
"identity_pubkey": "HIDDEN",
"alias": "HIDDEN",
"color": "HIDDEN",
"num_pending_channels": 0,
"num_active_channels": 1,
"num_inactive_channels": 0,
"num_peers": 4,
"block_height": 757735,
"block_hash": "0000000000000000000060b46729c10e86ec9eea673852c9011e158103ce4294",
"best_header_timestamp": "1665249416",
"synced_to_chain": true,
"synced_to_graph": true,
"testnet": false,
"chains": [
{
"chain": "bitcoin",
"network": "mainnet"
}
],
"uris": [
"HIDDEN:9735",
"HIDDEN:9735"
],
"features": {
"0": {
"name": "data-loss-protect",
"is_required": true,
"is_known": true
},
"5": {
"name": "upfront-shutdown-script",
"is_required": false,
"is_known": true
},
"7": {
"name": "gossip-queries",
"is_required": false,
"is_known": true
},
"9": {
"name": "tlv-onion",
"is_required": false,
"is_known": true
},
"12": {
"name": "static-remote-key",
"is_required": true,
"is_known": true
},
"14": {
"name": "payment-addr",
"is_required": true,
"is_known": true
},
"17": {
"name": "multi-path-payments",
"is_required": false,
"is_known": true
},
"19": {
"name": "wumbo-channels",
"is_required": false,
"is_known": true
},
"23": {
"name": "anchors-zero-fee-htlc-tx",
"is_required": false,
"is_known": true
},
"30": {
"name": "amp",
"is_required": true,
"is_known": true
},
"31": {
"name": "amp",
"is_required": false,
"is_known": true
},
"45": {
"name": "explicit-commitment-type",
"is_required": false,
"is_known": true
},
"2023": {
"name": "script-enforced-lease",
"is_required": false,
"is_known": true
}
},
"require_htlc_interceptor": false
}Ah! That explains it. I guess btcpayserver disables tls for the lnd rest api: https://github.com/btcpayserver/btcpayserver/blob/c821208b5d120f8bd9a417c19ac9f587998ac440/BTCPayServer.Tests/docker-compose.yml#L287
I'll make a config option to connect to lnd without tls.
lnproxy
commented
2 years ago Can you try https://github.com/lnproxy/lnproxy/pull/10
Use:
./lnproxy -lnd lnd_bitcoin:8080 -lnd-no-rest-tls=true lnproxy.macaroonCannot access still. Have no clue 🤔
$ lsof -Pnl +M -i4 | grep lnproxy
lnproxy 593300 0 3u IPv4 7335855 0t0 TCP 127.0.0.1:4747 (LISTEN)ok, so lnproxy is listening but you don't get a response when you make a request.. What do you get from:
perl -MHTTP::Tiny -E 'say HTTP::Tiny->new->post_form(shift, { "field_a" => 10})->{content}' http://127.0.0.1:4747/lnbc1w4pnfmGet "https://172.18.0.7:8080/v1/payreq/lnbc1w4pnfm": http: server gave HTTP response to HTTPS clientSo it seems to be still attemping https?
lnproxy
commented
2 years ago Oh, of course. My bad, I know what I did wrong. Give me a second to commit a fix.
jaonoctus
commented
2 years ago I hot fixed it here, s/https/http 😂
Invoice got created with perl command but I cannot access it via my public IP address ¯\_(ツ)_/¯
jaonoctus
commented
2 years ago Got this error later:
2022/10/08 16:18:43 websocket.Dial wss://172.18.0.7:8080/v2/invoices/subscribe/InD3Gzezp4VbiIxNQoID7g4bxGUJwvmYVaRHgeqyXpE=: tls: first record does not look like a TLS handshake
panic: websocket.Dial wss://172.18.0.7:8080/v2/invoices/subscribe/InD3Gzezp4VbiIxNQoID7g4bxGUJwvmYVaRHgeqyXpE=: tls: first record does not look like a TLS handshake
goroutine 21 [running]:
log.Panicln({0xc0000adf78?, 0x16?, 0xc000038f88?})
/snap/go/9952/src/log/log.go:399 +0x65
main.watchWrappedInvoice(0xc0000645a0, {0xc000206006, 0x105})
/root/xxx/lnproxy/lnproxy.go:232 +0x350
created by main.wrap
/root/xxx/lnproxy/lnproxy.go:464 +0x115haha, yes exactly to get the websockets working just add s/wss/ws/g
lnproxy
commented
2 years ago To expose the service publicly you'll want to either set up a reverse proxy (so that you can use ssl) or a run it as a tor hidden service. I'm not sure what the best way to do that is on btcpayserver but tor is pretty easy, just add:
HiddenServiceDir /var/tor/lnproxy/
HiddenServicePort 80 127.0.0.1:4747to your /etc/tor/torrc and restart tor.
lnproxy
commented
2 years ago I'm going to leave the no-rest-tls branch unmerged for now. I want to keep the implementation simple. Will reevaluate if it's a common problem.
lnproxy
commented
2 years ago Hey @jaonoctus the latest commits finally add support for no-rest-tls can you test it out and let me know if it works for you?
jaonoctus
commented
2 years ago @lnproxy
$ ./lnproxy -lnd-cert -no-rest-tls=true -lnd=172.18.0.7:8080 lnproxy.macaroon
Unable to parse lnd host url: parse "172.18.0.7:8080": first path segment in URL cannot contain colonAlso tried with lnd_bitcoin but got the same error
lnproxy
commented
2 years ago Can you try adding "http://" to the -lnd flag?
$ ./lnproxy -lnd-cert "" -lnd=http://172.18.0.7:8080 lnproxy.macaroonI think the flag library thinks -lnd=http://172.18.0.7:8080 is the path to your cert. You need to add the empty argument explicitly -lnd-cert ""
jaonoctus
commented
2 years ago it works!!!
I tried to run the binary but I could not access anything on port 4747. And I also don't see any logs after
./lnproxy lnproxy.macaroon