diff --git a/README.md b/README.md index 886fa86..bc66a66 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ This is a simple example of an lspd that works with an [lnd](https://github.com/ * **TimeLockDelta**: the minimum number of blocks this node requires to be added to the expiry of HTLCs (recommended: 144). 3. Compile lspd using `go build .` 4. Create a random token (for instance using the command `openssl rand -base64 48`) -5. Define the environment variables as described in sample.env: +5. Define the environment variables as described in sample.env. If `CERTMAGIC_DOMAIN` is defined, certificate for this domain is automatically obtained and renewed from Let's Encrypt. In this case, the port needs to be 443. If `CERTMAGIC_DOMAIN` is not defined, lspd needs to run behind a reverse proxy like treafik or nginx. 6. Run lspd 7. Share with Breez the TOKEN and the LISTEN_ADDRESS you've defined (send to contact@breez.technology) diff --git a/go.mod b/go.mod index 387c15d..f00a7f8 100644 --- a/go.mod +++ b/go.mod @@ -7,6 +7,7 @@ require ( github.com/golang/protobuf v1.3.2 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0 github.com/lightningnetwork/lnd v0.7.0-beta + github.com/mholt/certmagic v0.6.2 golang.org/x/net v0.0.0-20190628185345-da137c7871d7 golang.org/x/sync v0.0.0-20190423024810-112230192c58 google.golang.org/grpc v1.22.0 diff --git a/sample.env b/sample.env index a992a39..7b37a19 100644 --- a/sample.env +++ b/sample.env @@ -1,4 +1,7 @@ LISTEN_ADDRESS= +### If you define a domain here, the server will use certmagic to obtain +### a certificate from Let's Encrypt +#CERTMAGIC_DOMAIN= LND_ADDRESS= LND_CERT= #replace each eol by \\n diff --git a/server.go b/server.go index 6cf1798..9890b80 100644 --- a/server.go +++ b/server.go @@ -2,6 +2,7 @@ package main import ( "context" + "crypto/tls" "crypto/x509" "encoding/hex" "log" @@ -14,6 +15,7 @@ import ( "github.com/btcsuite/btcd/chaincfg/chainhash" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" "github.com/lightningnetwork/lnd/lnrpc" + "github.com/mholt/certmagic" "golang.org/x/sync/singleflight" "google.golang.org/grpc" "google.golang.org/grpc/codes" @@ -129,9 +131,24 @@ func getPendingNodeChannels(nodeID string) ([]*lnrpc.PendingChannelsResponse_Pen } func main() { - lis, err := net.Listen("tcp", os.Getenv("LISTEN_ADDRESS")) - if err != nil { - log.Fatalf("Failed to listen: %v", err) + certmagicDomain := os.Getenv("CERTMAGIC_DOMAIN") + address := os.Getenv("LISTEN_ADDRESS") + var lis net.Listener + if certmagicDomain == "" { + var err error + lis, err = net.Listen("tcp", address) + if err != nil { + log.Fatalf("failed to listen: %v", err) + } + } else { + tlsConfig, err := certmagic.TLS([]string{certmagicDomain}) + if err != nil { + log.Fatalf("failed to run certmagic: %v", err) + } + lis, err = tls.Listen("tcp", address, tlsConfig) + if err != nil { + log.Fatalf("failed to listen: %v", err) + } } // Creds file to connect to LND gRPC