Hi folks, I’ve got an issue that is almost certainly related to networking and not Umbrel itself. Nevertheless, I wasn’t able to find a good resource for this elsewhere and I was helping one of you folks could help out.
My objective is to be able to access my node via Zeus wallet over LND REST / HTTPS without needing to be on my VPN.
I’m running LND and followed @Hakuna’s excellent guide for setting up my node in hybrid mode. I do have a VPS that I’m using as the proxy for LND, but would rather use cloudflare tunnels for REST access rather than dealing with a reverse proxy etc (just trying to reduce my self-managed footprint a bit).
My request path goes like:
[Internet] > Cloudflare [DNS] > Cloudflare tunnel > cloudflared container on Umbrel > LND on umbrel
In lnd.conf
I have the following settings configured that should allow me to do this:
- externalip=(my VPS IP address:port)
- nat=false
- restlisten=0.0.0.0:8080
- tlsextradomain=(the subdomain i’m using for LND REST in the ‘my.domain.com’ format)
- tlsextraip = a bunch of IPs for various interfaces i.e. my docker network gateway, my host machine’s local IP address, etc.
When I attempt to connect to my node from Zeus, I get a 502 error in Zeus and bunch of the following errors in LND logs:
2024/03/18 15:11:13 http: TLS handshake error from 172.5.0.1:35394: remote error: tls: bad certificate
2024/03/18 15:11:13 http: TLS handshake error from 172.5.0.1:35402: remote error: tls: bad certificate
2024/03/18 15:11:13 http: TLS handshake error from 172.5.0.1:35404: remote error: tls: bad certificate
2024/03/18 15:11:13 http: TLS handshake error from 172.5.0.1:35416: remote error: tls: bad certificate
2024/03/18 15:11:13 http: TLS handshake error from 172.5.0.1:35428: remote error: tls: bad certificate
2024/03/18 15:11:13 http: TLS handshake error from 172.5.0.1:35436: remote error: tls: bad certificate
2024/03/18 15:11:13 http: TLS handshake error from 172.5.0.1:35450: remote error: tls: bad certificate
2024/03/18 15:11:13 http: TLS handshake error from 172.5.0.1:35458: remote error: tls: bad certificate
In this case, 172.5.0.1 is the gateway IP for my docker network, but if I change the hostname in my cloudflare tunnel to point to my machine’s IP instead of localhost
i still get similar errors.
I have added all imaginable IPs as tlsextraip
values, nuked and regenerated my tls.key and tls.cert files every time, changed SSL security settings on Cloudflare from Full to Strict to Flexible to Off… nothing fixes the issue for me.
Any pointers on where to look next would be greatly appreciated!