Skip to content

Instantly share code, notes, and snippets.

@fiatjaf
Created September 14, 2021 00:25
Show Gist options
  • Save fiatjaf/8e74740d30763713154de15562e08789 to your computer and use it in GitHub Desktop.
Save fiatjaf/8e74740d30763713154de15562e08789 to your computer and use it in GitHub Desktop.
exposing eclair to the world
http://eclair.yourdomain.com {
@whitelisted {
path /createinvoice
}
@blacklisted {
not path /createinvoice
}
reverse_proxy @whitelisted http://localhost:8877 {
header_up Authorization "Basic OmthYndpNGdhbGlzZGxrYXNiZGE="
}
respond @blacklisted "Nice try." 401
}

You don't want to expose your Eclair API to the external world. Much less you want to input your Eclair password on random websites when they want to generate invoices programmatically on your Eclair node.

But you can put https://caddyserver.com in front of your Eclair API and expose that instead. Steps:

  1. Point a subdomain to your Eclair server host, say eclair.yourdomain.com.
  2. Install and run Caddy on the same machine as Eclair.
  3. Create a reverse_proxy that will just forward /createinvoice requests to Eclair and fail all the others.
  4. That reverse_proxy rule will also append the password (i.e. Authorization header) to the request so the caller from the outside doesn't have to provide a password (and you don't have to give your password to anyone).
  5. For extra security you can even make up a new password and protect your Caddy route with that.

An example Caddyfile is attached (without step 5 because it's not necessary).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment