Trying to connect to lnd within my Umbrel via gRPC from remote deployment

I’m building a web app that is using an lnd instance to facilitate payments via the lightning network. When i run my node app on my laptop that is connected to the same network as my rpi4 running umbrel i am able to access my node via umbrel.local:10009. However since my web app is deployed in the cloud i need to access my node from outside via <my-public-ip>:10009. In other words i need to publicly expose my lnd’s gPRC port.

The problem is i am unable to reach my node…

  • my router does forward :10009 to my rpi4’s static ip
  • telnet <my-public-ip>:10009 DOES yield a response
  • my deployments domain IS listed as an entry the tlsextradomain
  • rpclisten IS configured as
  • externalip IS set to <my-public-ip>

im starting to suspect that this issue has to do with dockers default network and it is not letting any traffic outside the default network reach any container.

i provided a little sketch to make it really clear:

i hope i didn’t compromise myself, lol

i think i came a step closer to the issue:

is it possible that umbrel somehow ignores the entries from lnd.conf when generating tls.cert. im trying to add entries for tlsextraip and tlsextradomain in my lnd.conf but when i regenerate the certificates and decode the cert these entries are not reflected in my SAN record. any ideas?

1 Like

I’m dealing with a similar situation here… I’m adding a new tlsextraip to lnd.conf but it doesn’t show as SAN in the tls.cert file (I did delete the old certificates and rebooted the node so that LND regenerates them).

in the thread linked above some guy posted a link to a known issue in the umbrel repo. turns out the tls.cert generation ignores the entries in lnd.conf so you will always be blocked by the umbrel lnd. until this is fixed we cant connect to umbrel via gRPC. i’ve settled for a node hosted by voltage and it works great! For production apps this is probably better anyway.

1 Like

Since 3 days i tried to connect, now i finally get stuff work, but with umbrel.local url not with ip(