pull down to refresh


0. Intro

Here we go again, with the fifth guide of this improvised series. This one is to help you attach your LND node to SN via ThunderHub (TH) and automagiically autowithdraw your precious sats.
If you never heard of TH, that's bad! It's a really powerful user interface that enable you to easily control the Lightning, meaning, monitor and manage your node from any browser and any device. It runs on most LND node implementations, without prejudice and in alphabetical order: MyNode, RaspiBlitz, Start9, Umbrel, or cloud services like BTCpay Server, Nodana and VOLTAGE.
So if you are running your node with one of the above, ideally hosted in your hardware, you should be able to install it without asking permissions.

1. Requirements

  • 1 SN account! Not joking... if you did not sign up yet, DO IT NOW!!
  • 1 s̲e̲l̲f̲-̲h̲o̲s̲t̲e̲d̲ (preferred) or cloud-served Bitcoin Lightning LND public node.
  • 1 ThunderHub app installed in your node (check above for compatible implementations)
  • Some basic understanding of Bitcoin and the Lightning Network (LN). Not required but useful!

2. SN wallet attach LND requirements

2.1 grpc host and port

These two are literally the URL address where your node is publicly accessible on the web. It could be a public static IP or a domain/subdomain (if you have set it up) or a torURLaddress.onion address if you are also running the node on TOR network to preserve your privacy. The port will change depending on which OS your LND app is running on.
When running a node on a cloud service, everything is much easier, and you skip all that networking setup, port forwarding and proxy installations that get most people stacked with errors. Be ₿RAVE and search online without fear, everything is already there, and we do learn by making mistakes. You are not the first, nor will be the last people on having this type of challenges when setting up your node. Avoid cloud services if you can, and DYOR, every OS provides nice documentation, here below some of them:
In a nutshell, you need your node's local IP. You can find it in your router settings or running arp -a from your terminal (from a computer in the same LAN connected to your node). It will show you a list of IPs, one is your node. You can read more in details on these guides for Windows or MacOS and learn how to add a line to contain IP and the name of the host (computer) in your host file, something like 192.168.1.x umbrel.local (where 192.168.1.x is the IP of your node).
And here is a quote that might help you better understand how LND gRPC works:
... You might need to forward the port 10009 on your router for it to be reachable from the outside. Also, you definitely need rpclisten=0.0.0.0:10009, otherwise only connections from the same machine will work (which is what the 127.0.0.1 indicates here: RPC server listening on 127.0.0.1:10009). -- guggero on GitHub

2.2 invoice macaroon

𝑁𝑜𝑡𝑒: There are obviously multiple ways to get a macaroon, in this guide we'll use specifically Thunder Hub, as it is available on mostly all OS running LND.
To preserve your privacy, SN accepts prebaked invoice.macaroon, and here is where we gonna open our TH app and from the side bar menu in the left Tools > Bakery bake the macaroon string as follow:
Allow permissions to only Create Invoices and Get invoices, as shown below.
Then, click the [Generate New Macaroon] button.
Copy the hex or base64 encoded macaroon...
... and paste it in the second input field to attach LND node to SN:
𝑁𝑜𝑡𝑒: If you fancy using cli, generate a new macaroon as follows after sshing in your node from terminal:
lncli bakemacaroon invoices:write invoices:read

2.3 certificate

Here we dive a little bit more into technicalities. The certificate is something needed to secure the connection between your node and SN. It's optional if your node is hosted in the cloud and the provider (like BTCpay Server, Nodana, etc... ) has an agreement with (or is) a Certificate Authority (CA).
But how do I get a certificate then? Here too, as in step 2.1 there are many options, DYOR!
Here is another quote to help you learn about tls.cert:
... you don't have to run lnd on the client side. The tls.cert is required on the client side to authenticate the encrypted connection, to verify you are talking to the correct node. So you don't have to create a tls.cert on the client side, you have to copy the one from the server side to the client (so the client can verify the public key in the certificate against the one offered by lnd during the TLS encrypted connection). -- guggero on GitHub

2.4 final details

We are nearly there... just make sure to set:
  • desired balance = 0,
  • max fee to a min of 1% and...
  • . ... click on the yellow [ attach ] button.
PS: Let us know how you go with this and if there's any way we can improve this guide. In case you get an error in the logs after clicking the attach button, report it in a comment below and we'll try to figure out what's wrong.

3.0 Congratulations, stackers!

You just did your first step into bitcoin sovereignty! Your sats now should be landing directly in your Lightning node. Happy stacking!
This was very good. I think it's important to include as many possibilities to connect to SN as possible. We need many options. I also think Thunderhub is valuable because when I started playing around with an Umbrel node a few years back Thub was a nice, easy app to use. New noderunners/SN accounts will find this useful.
reply
Thub + LND node was the top! Now there are many other options but still it has some unique functionalities, like the macaroon bakery.
reply
I really like your guide post, because something like this is worth using, because this guide is also an example for new users on SN like me, thank you for sharing it with us.
reply
Thank you for your message, I'm really glad you find it useful! Try it out if you can and share your thoughts!
reply
reply
Another awesome guide!
reply
Thanks, maybe a bit too generic! There are so many ways to connect LND, I tried to keep it simple... It could have been titled "How to generate a macaroon with ThunderHub"!
reply
no, is good like that.
reply
Is there a real reason to not accept self signed certificate of LND instead of having to provide a 'trusted' one?
I mean, worst case, if I did not give a safe certificate, AND some one spoofed my node's IP, they would receive my zaps. I should be able to accept that risk?
There's no real risk for SN, or is there?
reply
There's probably no risk for SN, the risk is more that the connection is not ecrypted end-to-end and could attract malicious attacks.
Not really sure about the technicalities or risks on leaving it empty, as is an optional feature.
Maybe @k00b @ek able to provide more info
reply
I'm ok with it not being optional (although even zeus allows to not provide one!), but i would like it to at least accept the self signed tls.cert of my LND node. Right now, this gitves a 'self signed' error in the SN logs, and my LND node gets the similar error that remote rejected it.
reply
Thanks I've bookmarked it.
reply
I don't understand the process
reply
Understandable, steps 2.1 and 2.3 aren't easy if you are not familiar with networking. What specifically is not clear? Do you run an LND node?
reply