Migrate to gRPC to talk to LND directly #6
Comments
|
There are few options:
Reverse proxy is required as far as I've tested (unless this updated in LND), as I wasn't able to accept non-local requests. Using REST and disabling macaroons is easiest to work with, but has no security. Using REST and sending an invoicer macaroon to the client is equivalent to the existing invoicer service. If you want to use gRPC, you need to send a self-signed cert for local network connections as well as the invoicer macaroon. To send the macaroon / certificate to web clients, we could configure nginx to serve these statically to be picked up by the client. While we're at it, we can also add rate limiting etc. If we actually want to authenticate users (for other things), this could be done using SRP; perhaps we have SRP middleware to handle auth for all requests to the box. |
|
Okay this will need more thought. gRPC requires HTTPS, even when connecting locally? I can investigate let’s encrypt certificates for local hostnames again, Damian found a trick there. Otherwise, REST was nice to work with, as long as we can receive payment status on client side |
Yes afaik (if you are not on the same host), but depending on how strict the browser transport policy is, we might be able to use a self-signed certificate; we could serve the app over non-encrypted HTTP, and use gRPC with a self-signed HTTPS cert. It also might be possible to disable encryption for gRPC (nginx can proxy to Would need to research. |
|
We can indeed get nginx happening assuming we can get a dockerfile and container for it |
Does this require nginx reverse proxy?
The text was updated successfully, but these errors were encountered: