Builder's Guide
Search…
Linux - Remote Mode

Assumptions

    1.
    You have a Ubuntu server already running lnd.
    2.
    Your Ubuntu server has bitcoind installed, synced on mainnet, and running as a daemon.
    3.
    ​
      1.
      To install bitcoind on Ubuntu, follow the official bitcoin.org guide.
    4.
    Your bitcoin.conf file has ZMQ publishing turned on.
      1.
      Txindex is not required, but pruned mode is not supported.

Get LiT

Download the version of the latest Lightning Terminal release that matches your local configuration (likely linux-amd64). Extract the compressed files, and install the binaries using the below instructions.
1
# If you have go installed...
2
# Extract the compressed files, and install them in your GOPATH
3
tar -xvf lightning-terminal-<YOUR_LOCAL_VERSION>.tar.gz --strip 1 -C $GOPATH/bin
4
​
5
# Linux requires this in order for LiT to listen on a port below 1024
6
sudo setcap 'CAP_NET_BIND_SERVICE=+eip' $GOPATH/bin/litd
7
​
8
# If you do not have go installed...
9
# Extract and install the compressed files, and add their location to your PATH
10
tar -xvf lightning-terminal-darwin-amd64-<YOUR_LOCAL_VERSION>.tar.gz
11
cd lightning-terminal-darwin-amd64-<YOUR_LOCAL_VERSION>
12
PATH=$PATH:$PWD
13
sudo setcap 'CAP_NET_BIND_SERVICE=+eip' ./litd
Copied!
Ensure that your server has only the required ports open for outbound communication with the Lightning Network.
1
sudo ufw logging on
2
sudo ufw enable
3
# PRESS Y
4
sudo ufw status
5
sudo ufw allow OpenSSH
6
sudo ufw allow 9735
7
sudo ufw allow 10009
8
sudo ufw allow 443
Copied!
To connect Lightning Terminal to a remote lnd instance first make sure your remote lnd.conf file contains the following additional configuration settings:
1
tlsextraip=<YOUR_LND_IP>
2
rpclisten=0.0.0.0:10009
Copied!
Copy the following files that are located in your ~/.lnd/data/chain/bitcoin/mainnet directory on your remote machine to /some/folder/with/lnd/data/ on your local machine (where you’ll be running LiT):
    tls.cert
    admin.macaroon
    chainnotifier.macaroon
    invoices.macaroon
    readonly.macaroon
    router.macaroon
    signer.macaroon
    walletkit.macaroon
Create a lit.conf file.
1
mkdir ~/.lit
2
vi ~/.lit/lit.conf
Copied!
Storing the configuration in a persistent ~/.lit/lit.conf file means you do not need to type in the command line arguments every time you start the server. Make sure you don't add any section headers (the lines starting with [ and ending with ], for example [Application Options]) as these don't work with the additional levels of sub configurations.
Paste this example lit.conf file into your terminal, and fill in the placeholders with your specific information.
1
# Application Options: lnd-mode not required since remote is default
2
httpslisten=0.0.0.0:443
3
lit-dir=~/.lit
4
​
5
# Let's Encrypt
6
# You can configure the HTTPS server to automatically install a free SSL certificate provided by Let's Encrypt.
7
# This is recommended if you plan to access the website from a remote computer, but does require extra setup.
8
#letsencrypt=true
9
#letsencrypthost=<YOUR_DOMAIN>
10
​
11
# Remote options
12
remote.lit-debuglevel=debug
13
​
14
# Remote lnd options
15
remote.lnd.network=testnet
16
remote.lnd.rpcserver=<YOUR_LND_IP>:10009
17
remote.lnd.macaroondir=/some/folder/with/lnd/data
18
remote.lnd.tlscertpath=/some/folder/with/lnd/data/tls.cert
19
​
20
# Loop
21
loop.loopoutmaxparts=5
22
​
23
# Pool
24
pool.newnodesonly=true
25
​
26
# Faraday
27
faraday.min_monitored=48h
28
​
29
# Faraday - bitcoin
30
faraday.connect_bitcoin=true
31
faraday.bitcoin.host=localhost
32
faraday.bitcoin.user=<YOUR_RPCUSER>
33
faraday.bitcoin.password=<YOUR_RPCPASSWORD>
Copied!
If you are using a cloud provider, double check using their configuration tools that inbound ports 443, 9735, and 10009 are allowed. Once you've done that, and you've ensured your remote lnd instance is running, it's time to get LiT!
1
litd --uipassword=<YOUR_UI_PASSWORD>
Copied!
Visit https://localhost:8443 to access LiT.

Example commands for interacting with the command line

Because not all functionality of lnd (or loop/faraday for that matter) is available through the web UI, it will still be necessary to interact with those daemons through the command line.
We are going through an example for each of the command line tools and will explain the reasons for the extra flags. The examples assume that LiT is started with the following configuration (only relevant parts shown here):
1
httpslisten=0.0.0.0:443
2
lit-dir=~/.lit
3
​
4
remote.lnd.network=testnet
5
remote.lnd.rpcserver=some-other-host:10009
6
remote.lnd.macaroondir=/some/folder/with/lnd/data
7
remote.lnd.tlscertpath=/some/folder/with/lnd/data/tls.cert
Copied!
Because in the remote lnd mode all other LiT components (loop, pool, faraday and the UI server) listen on the same port (443 in this example) and use the same TLS certificate (~/.lit/tls.cert in this example), some command line calls now need some extra options that weren't necessary before.
NOTE: All mentioned command line tools have the following behavior in common: You either specify the --network flag and the --tlscertpath and --macaroonpath are implied by looking inside the default directories for that network. Or you specify the --tlscertpath and --macaroonpath flags explicitly, then you must not set the --network flag. Otherwise, you will get an error like [lncli] could not load global options: unable to read macaroon path (check the network setting!): open /home/<user>/.lnd/data/chain/bitcoin/testnet/admin.macaroon: no such file or directory

Example lncli command

The lncli commands in the "remote" mode are the same as if lnd was running standalone on a remote host. We need to specify all flags explicitly.
1
$ lncli --rpcserver=some-other-host:10009 \
2
--tlscertpath=/some/folder/with/lnd/data/tls.cert \
3
--macaroonpath=/some/folder/with/lnd/data/admin.macaroon \
4
getinfo
Copied!

Example loop command

This is where things get a bit tricky. Because as mentioned above, loopd also runs on the same port as the UI server. That's why we have to both specify the host:port as well as the TLS certificate of LiT. But loopd verifies its own macaroon, so we have to specify that one from the .loop directory.
1
$ loop --rpcserver=localhost:443 --tlscertpath=~/.lit/tls.cert \
2
--macaroonpath=~/.loop/testnet/loop.macaroon \
3
quote out 500000
Copied!
You can easily create an alias for this by adding the following line to your ~/.bashrc file:
1
alias lit-loop="loop --rpcserver=localhost:443 --tlscertpath=~/.lit/tls.cert --macaroonpath=~/.loop/testnet/loop.macaroon"
Copied!

Example pool command

Again, poold also runs on the same port as the UI server and we have to specify the host:port and the TLS certificate of LiT but use the macaroon from the .pool directory.
1
$ pool --rpcserver=localhost:443 --tlscertpath=~/.lit/tls.cert \
2
--macaroonpath=~/.pool/testnet/pool.macaroon \
3
accounts list
Copied!
You can easily create an alias for this by adding the following line to your ~/.bashrc file:
1
alias lit-pool="pool --rpcserver=localhost:443 --tlscertpath=~/.lit/tls.cert --macaroonpath=~/.pool/testnet/pool.macaroon"
Copied!

Example frcli command

Faraday's command line tool follows the same pattern as loop. We also have to specify the server and TLS flags for lnd but use faraday's macaroon:
1
$ frcli --rpcserver=localhost:443 --tlscertpath=~/.lit/tls.cert \
2
--macaroonpath=~/.faraday/testnet/faraday.macaroon \
3
audit
Copied!
You can easily create an alias for this by adding the following line to your ~/.bashrc file:
1
alias lit-frcli="frcli --rpcserver=localhost:443 --tlscertpath=~/.lit/tls.cert --macaroonpath=~/.faraday/testnet/faraday.macaroon"
Copied!
Last modified 9mo ago