I’m building a web app that is using an lnd instance to facilitate payments via the lightning network. When i run my node app on my laptop that is connected to the same network as my rpi4 running umbrel i am able to access my node via umbrel.local:10009
. However since my web app is deployed in the cloud i need to access my node from outside via <my-public-ip>:10009
. In other words i need to publicly expose my lnd’s gPRC port.
The problem is i am unable to reach my node…
- my router does forward
:10009
to my rpi4’s static ip
telnet <my-public-ip>:10009
DOES yield a response
- my deployments domain IS listed as an entry the
tlsextradomain
rpclisten
IS configured as 0.0.0.0
externalip
IS set to <my-public-ip>
im starting to suspect that this issue has to do with dockers default network and it is not letting any traffic outside the default network reach any container.
i provided a little sketch to make it really clear:
i hope i didn’t compromise myself, lol
i think i came a step closer to the issue:
is it possible that umbrel somehow ignores the entries from lnd.conf
when generating tls.cert
. im trying to add entries for tlsextraip
and tlsextradomain
in my lnd.conf
but when i regenerate the certificates and decode the cert
these entries are not reflected in my SAN record. any ideas?
1 Like
I’m dealing with a similar situation here… I’m adding a new tlsextraip to lnd.conf but it doesn’t show as SAN in the tls.cert file (I did delete the old certificates and rebooted the node so that LND regenerates them).
in the stacker.news thread linked above some guy posted a link to a known issue in the umbrel repo. turns out the tls.cert
generation ignores the entries in lnd.conf
so you will always be blocked by the umbrel lnd. until this is fixed we cant connect to umbrel via gRPC. i’ve settled for a node hosted by voltage and it works great! For production apps this is probably better anyway.
1 Like
Since 3 days i tried to connect, now i finally get stuff work, but with umbrel.local url not with ip(