You don't want to expose your Eclair API to the external world. Much less you want to input your Eclair password on random websites when they want to generate invoices programmatically on your Eclair node.
But you can put https://caddyserver.com in front of your Eclair API and expose that instead. Steps:
- Point a subdomain to your Eclair server host, say
- Install and run Caddy on the same machine as Eclair.
- Create a
reverse_proxythat will just forward
/createinvoicerequests to Eclair and fail all the others.
reverse_proxyrule will also append the password (i.e.
Authorizationheader) to the request so the caller from the outside doesn't have to provide a password (and you don't have to give your password to anyone).
- For extra security you can even make up a new password and protect your Caddy route with that.
Caddyfile is attached (without step 5 because it's not necessary).