Link Search Menu Expand Document (external link)
RaspiBolt

Bonus guide: LNBits, a lightning wallet/accounts system

LNBits is a free and open-source lightning-network wallet/accounts system.

⚠️ USE WITH CAUTION - LNBits wallet is still in BETA

Difficulty: Easy

Status: Tested v3

LNBits

Table of contents

  1. Preparations
    1. Install dependencies
    2. Firewall & reverse proxy
  2. LNBits
    1. Installation
    2. Configuration
    3. First start
    4. Autostart on boot
    5. Remote access over Tor (optional)
  3. For the future: LNBits update

Preparations

Install dependencies

  • Install necessary dependencies using the apt package manager.

    $ sudo apt install libffi-dev libpq-dev python3-venv

Firewall & reverse proxy

  • Enable NGINX reverse proxy to route external encrypted HTTPS traffic internally to LNBits.

    $ sudo nano /etc/nginx/streams-enabled/lnbits-reverse-proxy.conf

    upstream lnbits {
  server 127.0.0.1:5000;
}
server {
  listen 4003 ssl;
  proxy_pass lnbits;
}

  • Test and reload NGINX configuration.

    $ sudo nginx -t
$ sudo systemctl reload nginx

  • Configure the firewall to allow incoming HTTPS requests.

    $ sudo ufw allow 4003/tcp comment 'allow LNBits SSL'
$ sudo ufw status

LNBits

Installation

  • Create a new user and add it to the “lnd” group.

    $ sudo adduser --disabled-password --gecos "" lnbits
$ sudo adduser lnbits lnd

  • Create a data directory for LNBits and give ownership to the new user.

    $ sudo mkdir /data/LNBits
$ sudo chown -R lnbits:lnbits /data/LNBits

  • Open a new “lnbits” user session and create symlinks to the LND and LNBits data directories.

    $ sudo su - lnbits
$ ln -s /data/lnd /home/lnbits/.lnd
$ ln -s /data/LNBits /home/lnbits/.LNBits

  • Download the source code directly from GitHub, create a virtual environment, and install all dependencies with pip.

    $ git clone --branch 0.8.0 https://github.com/lnbits/lnbits-legend lnbits
$ cd lnbits
$ python3 -m venv venv
$ ./venv/bin/pip install setuptools wheel --upgrade
$ ./venv/bin/pip install -r requirements.txt
$ ./venv/bin/pip install pylightning

Configuration

  • Create a new configuration file for LNBits and paste the following content. Save and exit.

    $ nano .env

    # RaspiBolt: LNBits configuration
# /home/lnbits/lnbits/.env

LNBITS_FORCE_HTTPS=true
LNBITS_DATA_FOLDER=/home/lnbits/.LNBits

LNBITS_BACKEND_WALLET_CLASS=LndRestWallet
LND_REST_ENDPOINT=127.0.0.1:8080
LND_REST_CERT=/home/lnbits/.lnd/tls.cert
LND_REST_ADMIN_MACAROON=/home/lnbits/.lnd/data/chain/bitcoin/mainnet/admin.macaroon
LND_REST_INVOICE_MACAROON=/home/lnbits/.lnd/data/chain/bitcoin/mainnet/invoice.macaroon
LND_REST_READ_MACAROON=/home/lnbits/.lnd/data/chain/bitcoin/mainnet/readonly.macaroon

  • Restrict read/write permission.

    $ chmod 600 /home/lnbits/lnbits/.env

First start

  • Make sure we are in the LNBits app directory and start the application.

    $ cd ~/lnbits
$ ./venv/bin/uvicorn lnbits.__main__:app --port 5000

Now point your browser to the secure access point provided by the NGINX web proxy, for example https://raspibolt.local:4003 (or your node’s IP address like https://192.168.0.20:4003).

Your browser will display a warning because we use a self-signed SSL certificate. Click on “Advanced” and proceed to the LNBits web interface.

  • Stop LNBits in the terminal with Ctrl-C and exit the “lnbits” user session.

    $ exit

Autostart on boot

  • As user “admin”, create the service file.

    $ sudo nano /etc/systemd/system/lnbits.service

  • Paste the following configuration. Save and exit.

    # RaspiBolt: systemd unit for LNBits
# /etc/systemd/system/lnbits.service

Description=lnbits
Wants=lnd.service
After=lnd.service

[Service]
WorkingDirectory=/home/lnbits/lnbits

ExecStart=/bin/sh -c 'cd /home/lnbits/lnbits && ./venv/bin/uvicorn lnbits.__main__:app --port 5000'
User=lnbits
Restart=always
TimeoutSec=120
RestartSec=30
StandardOutput=journal
StandardError=journal

# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true

[Install]
WantedBy=multi-user.target

  • Enable the service, start it, and check the log output.

    $ sudo systemctl enable lnbits.service
$ sudo systemctl start lnbits.service
$ sudo journalctl -f -u lnbits

  • You can now access LNBits from within your local network by browsing to https://raspibolt.local:4003 (or your equivalent IP address).

Remote access over Tor (optional)

  • Add the following three lines in the “location-hidden services” section in the torrc file. Save and exit.

    $ sudo nano /etc/tor/torrc

    ############### This section is just for location-hidden services ###
HiddenServiceDir /var/lib/tor/hidden_service_lnbits/
HiddenServiceVersion 3
HiddenServicePort 443 127.0.0.1:4003

  • Reload Tor configuration and get your connection address.

    $ sudo systemctl reload tor
$ sudo cat /var/lib/tor/hidden_service_lnbits/hostname
> abcdefg..............xyz.onion

  • With the Tor browser, you can access this onion address from any device.

For the future: LNBits update

Updating to a new release is straight-forward, but make sure to check out the release notes first.

  • From user “admin”, stop the service and open a “lnbits” user session.

    $ sudo systemctl stop lnbits
$ sudo su - lnbits

  • Fetch the latest GitHub repository information, display the release tags (use the latest 0.8.0 in this example), and update:

    $ cd /home/lnbits/lnbits
$ git fetch
$ git reset --hard HEAD
$ git tag
$ git checkout 0.8.0
$ ./venv/bin/pip install -r requirements.txt
$ exit

  • Start the service again.

    $ sudo systemctl start lnbits



« Back: + Lightning