How to configure Umbrel LNbits app without Tor

Guides
41

Thanks for the info. After a lot of searching I found this thread which helped me set up proxy https in apache web server.
I quote the apache config in case it is usefull to other members of the community:

    <VirtualHost *:443>

    ServerName lightning.domain.com

    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

    ProxyRequests On
    ProxyPreserveHost On

    <Location / >

    ProxyPass http://10.13.37.5:3007/
    ProxyPassReverse http://10.13.37.5:3007/

    </Location>

    SSLCertificateFile /etc/letsencrypt/live/lightning.domain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/lightning.domain.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    </VirtualHost>
44

With the new update out for LNBits I was able to finally resolve this issue.

  1. First update to LNbits version: 0.10.6
  2. Use this guide to ensure your NGINX proxy is configured properly.

Something important to note, because Umbrel is already using port 80, you can’t set up a listener in NGINX to forward HTTP traffic to HTTPS. You can however skip using LetsEncrypt to issue your SSL certificates and instead install Origin Server certificates issued by Cloudflare.
On the SSL / TLS Overview page, ensure your SSL/TLS encryption mode is Full (strict).
Under the Edge Certificate tab, enable Always Use HTTPS. This will take care of managing your SSL certificates, proxy your node’s IP address, and redirect HTTP traffic.

At this stage you should be able to access LNBits over clearnet and on your local network. When using LNaddress or LNURLs you should be getting:

Error: 2 validation errors for LnurlPayResponse callback URL host invalid, top level domain required (type=value_error.url.host) callback URL scheme not permitted (type=value_error.url.scheme; allowed_schemes={‘https’})

Edit the docker compose file for the app:

~/umbrel/app-data/lnbits/docker-compose.yml

First, you need to turn off Admin UI to force LNBits to use the environment variables set in the docker compose file, when Admin UI is enabled, it stores and uses the settings configured in the database.
Restart the app with the following command:

~/umbrel/scripts/app restart lnbits

Under #Global add the following:
HOST: "mydomain.com"
(don’t add https:// or www., etc.)

Under #App add the following:
FORWARDED_ALLOW_IPS: "*"

Finally, restart the app once again. Once it finishes restarting you should be able to use LNURLs and LN addresses. If you are still having issues, try debugging by reading the logs of the docker container.

Use this command to list all the docker containers, look for one called lnbits_web_1, copy the container ID.

docker ps

Then use this command to follow the logs. This can be useful to tell which IP is being interpreted by pydantic- which is what is throwing this error.
You know its working when you see the IP address of the container in the Umbrel app network when accessing LNbits from your local network. It should show your nodes public IP address when receiving traffic from using the LNURL or LNaddress.

45

Thank you for this guide. I was able to follow it easily but run into two issues that needed more research.

The nginx config noted here is slightly out of date now. If anyone is following it and getting the “unsupported upgrade request” from nginx, then update the config file by commenting out:
#proxy_set_header Connection ‘Upgrade’; as it’s no longer required post v0.10

If you’re getting error when starting nginx then make sure the brackets and semicolons are set properly as they way it’s written here causes the start procedure to fail.

46

For anyone reading this and a little overwhelmed with all the command line stuff. If you are already running a synology NAS, you can use the built in reverse proxy and create a certificate. very easily using this guide:

I used noip.com to create a DDNS entry (make sure to enable wildcards - so that you can do something like https://lnbits.yourdomain.noip.com and https://webserver.yourdomain.noip.com both will be sent to your firewall - make sure to forward 443 to NAS then your reverse proxy on NAS will redirect each subdomain to correct location on LAN

47

Hi everyone,

It is probably a stupid question but why do I need to configure a reverse proxy? Can I just configure a port forwarding to redirect the traffic to my LNbits instance?

Instead of

[Internet] - [Home Router/Firewall] - [Front-End Gateway] - [Umbrel]

I will have

[Internet] - [Home Router/Firewall] - [Umbrel]

What do you think about that?

Edit : OK I found that it is better for privacy and DDOS attack protection to use a reverse proxy so that the umbrel node is never requested directly