Add optional support for Let's Encrypt certificate

2026-02-23 15:04:23 +01:00 · 2019-08-27 18:10:45 +03:00
parent 1d6aa3a328
commit 795625ca3f
4 changed files with 25 additions and 4 deletions
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ This is a simple example of an lspd that works with an [lnd](https://github.com/
  * **TimeLockDelta**: the minimum number of blocks this node requires to be added to the expiry of HTLCs (recommended: 144).
 3. Compile lspd using `go build .`
 4. Create a random token (for instance using the command `openssl rand -base64 48`)
-5. Define the environment variables as described in sample.env:
+5. Define the environment variables as described in sample.env. If `CERTMAGIC_DOMAIN` is defined, certificate for this domain is automatically obtained and renewed from Let's Encrypt. In this case, the port needs to be 443. If `CERTMAGIC_DOMAIN` is not defined, lspd needs to run behind a reverse proxy like treafik or nginx.
 6. Run lspd
 7. Share with Breez the TOKEN and the LISTEN_ADDRESS you've defined (send to contact@breez.technology)

--- a/go.mod
+++ b/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/golang/protobuf v1.3.2
 	github.com/grpc-ecosystem/go-grpc-middleware v1.0.0
 	github.com/lightningnetwork/lnd v0.7.0-beta
+	github.com/mholt/certmagic v0.6.2
 	golang.org/x/net v0.0.0-20190628185345-da137c7871d7
 	golang.org/x/sync v0.0.0-20190423024810-112230192c58
 	google.golang.org/grpc v1.22.0
--- a/sample.env
+++ b/sample.env
@@ -1,4 +1,7 @@
 LISTEN_ADDRESS=<HOSTNAME:PORT>
+### If you define a domain here, the server will use certmagic to obtain
+### a certificate from Let's Encrypt
+#CERTMAGIC_DOMAIN=<DOMAIN>

 LND_ADDRESS=<HOSTNAME:PORT>
 LND_CERT=<LND_CERT> #replace each eol by \\n
--- a/server.go
+++ b/server.go
@@ -2,6 +2,7 @@ package main

 import (
 	"context"
+	"crypto/tls"
 	"crypto/x509"
 	"encoding/hex"
 	"log"
@@ -14,6 +15,7 @@ import (
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
 	"github.com/lightningnetwork/lnd/lnrpc"
+	"github.com/mholt/certmagic"
 	"golang.org/x/sync/singleflight"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
@@ -129,9 +131,24 @@ func getPendingNodeChannels(nodeID string) ([]*lnrpc.PendingChannelsResponse_Pen
 }

 func main() {
-	lis, err := net.Listen("tcp", os.Getenv("LISTEN_ADDRESS"))
-	if err != nil {
-		log.Fatalf("Failed to listen: %v", err)
+	certmagicDomain := os.Getenv("CERTMAGIC_DOMAIN")
+	address := os.Getenv("LISTEN_ADDRESS")
+	var lis net.Listener
+	if certmagicDomain == "" {
+		var err error
+		lis, err = net.Listen("tcp", address)
+		if err != nil {
+			log.Fatalf("failed to listen: %v", err)
+		}
+	} else {
+		tlsConfig, err := certmagic.TLS([]string{certmagicDomain})
+		if err != nil {
+			log.Fatalf("failed to run certmagic: %v", err)
+		}
+		lis, err = tls.Listen("tcp", address, tlsConfig)
+		if err != nil {
+			log.Fatalf("failed to listen: %v", err)
+		}
 	}

 	// Creds file to connect to LND gRPC