From 552b71c62026d1c6c4c9cc5d3ea599598744e155 Mon Sep 17 00:00:00 2001
From: Wilmer Paulino <wilmer.paulino@gmail.com>
Date: Fri, 30 Nov 2018 13:25:26 -0800
Subject: [PATCH] rpcserver: forward gRPC proxy requests to localhost when
 listening on all interfaces

This prevents certificate issues when accessing the gRPC REST proxy externally.
---
 rpcserver.go | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/rpcserver.go b/rpcserver.go
index 90221885..83dccc39 100644
--- a/rpcserver.go
+++ b/rpcserver.go
@@ -530,14 +530,25 @@ func (r *rpcServer) Start() error {
 		}()
 	}
 
-	// Finally, start the REST proxy for our gRPC server above.
+	// Finally, start the REST proxy for our gRPC server above. We'll ensure
+	// we direct LND to connect to its loopback address rather than a
+	// wildcard to prevent certificate issues when accessing the proxy
+	// externally.
 	//
 	// TODO(roasbeef): eventually also allow the sub-servers to themselves
 	// have a REST proxy.
 	mux := proxy.NewServeMux()
+	grpcEndpoint := cfg.RPCListeners[0].String()
+	switch {
+	case strings.Contains(grpcEndpoint, "0.0.0.0"):
+		grpcEndpoint = strings.Replace(
+			grpcEndpoint, "0.0.0.0", "127.0.0.1", 1,
+		)
+	case strings.Contains(grpcEndpoint, "[::]"):
+		grpcEndpoint = strings.Replace(grpcEndpoint, "[::]", "[::1]", 1)
+	}
 	err := lnrpc.RegisterLightningHandlerFromEndpoint(
-		context.Background(), mux, cfg.RPCListeners[0].String(),
-		r.restServerOpts,
+		context.Background(), mux, grpcEndpoint, r.restServerOpts,
 	)
 	if err != nil {
 		return err