Skip to content

Instantly share code, notes, and snippets.

Created Sep 14, 2021
What would you like to do?
exposing eclair to the world {
@whitelisted {
path /createinvoice
@blacklisted {
not path /createinvoice
reverse_proxy @whitelisted http://localhost:8877 {
header_up Authorization "Basic OmthYndpNGdhbGlzZGxrYXNiZGE="
respond @blacklisted "Nice try." 401

You don't want to expose your Eclair API to the external world. Much less you want to input your Eclair password on random websites when they want to generate invoices programmatically on your Eclair node.

But you can put in front of your Eclair API and expose that instead. Steps:

  1. Point a subdomain to your Eclair server host, say
  2. Install and run Caddy on the same machine as Eclair.
  3. Create a reverse_proxy that will just forward /createinvoice requests to Eclair and fail all the others.
  4. That reverse_proxy rule will also append the password (i.e. Authorization header) to the request so the caller from the outside doesn't have to provide a password (and you don't have to give your password to anyone).
  5. For extra security you can even make up a new password and protect your Caddy route with that.

An example Caddyfile is attached (without step 5 because it's not necessary).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment