You don't want to expose your Eclair API to the external world. Much less you want to input your Eclair password on random websites when they want to generate invoices programmatically on your Eclair node.
But you can put https://caddyserver.com in front of your Eclair API and expose that instead. Steps:
- Point a subdomain to your Eclair server host, say
eclair.yourdomain.com
. - Install and run Caddy on the same machine as Eclair.
- Create a
reverse_proxy
that will just forward/createinvoice
requests to Eclair and fail all the others. - That
reverse_proxy
rule will also append the password (i.e.Authorization
header) to the request so the caller from the outside doesn't have to provide a password (and you don't have to give your password to anyone). - For extra security you can even make up a new password and protect your Caddy route with that.
An example Caddyfile
is attached (without step 5 because it's not necessary).