Lightning over Bitcoin Core (lnd)

This is a step-by-step guide for adding lnd as a Hot Wallet Buy source. The following example is based on the presumption that the lnd daemon has been installed, configured, and tested for proper use.

Assemble the required information for CAS:

url : macaroon : cert

url: the fully qualified address for the RPC port of the Lightning server. The RPC port must also be specified, and for this example it will be assumed to be the default port: 8088.

• If using a SSH tunnel, the URL uses the localhost loopback, and would be: https://127.0.0.1:8088

• When using the GB Wallet Tunnel, the URL uses the server's public IP instead,

  • e.g. https://123.123.123.123:8088

  • assuming the Lightning server is at public IP 123.123.123.123 (your actual IP will be different).

macaroon: is a type of cryptographic token used in the context of lnd (Lightning Network Daemon) to handle authentication and authorization. It is similar to a cookie, and is required for RPC authentication.

The macaroon must be converted to HEX for use by CAS. Example bash command:

Open

• Copy the entire string, and append it to the colon “:” separator at the end of the url.

cert: represents the contents of the tls.cert file from the lnd node. CAS checks the certificate to ensure it is communicating with the intended server. It is required for RPC authentication and encryption.

The file contents must be converted to HEX for use by CAS. Example bash command:

Open

• Copy the entire string, and append it to the colon “:” separator at the end of macaroon.

The entire parameter string, once fully assembled, will look something like this:

Create a new Crypto Setting

1. Select “lnd” as your “Hot Wallet Buy” provider, and

2. enter the parameter string (as assembled above).

3. If implemented (highly recommended) enable the Wallet Tunnel and enter the password.

Save it!

Test it.

• Now you know that CAS is communicating with your Lightning node, it’s time for the final leg.

Setup LNURL

You must enable Lightning wallets to interact with your CAS. Lightning is different from other coins; it will get the wallet address after inserting the fiat. CAS will communicate with your node and your customer’s wallet in 2 separate channels simultaneously while broadcasting this transaction.

Expose the LNURL on your CAS server:

1. The LNURL must be exposed to the wild. You have several choices:

   1. NGINX to proxy and publish: https://generalbytes.atlassian.net/l/cp/ZeQdinqS

   2. A Cloudflare tunnel as described here: https://generalbytes.atlassian.net/l/cp/V4Me1X2b

   3. NGROK (unsupported by GB): https://ngrok.com/docs/tls/tls-termination

2. When using NGINX, open the exposed proxy port to incoming traffic in your firewall (e.g. using UFW).

   2. Port 443 is demonstrated in the NGINX example, so use sudo ufw allow https to expose it.

This endpoints must be certified (via a CA), and publicly accessible from the Internet. The User’s wallet app will connect to it directly when your customer scans the LNURL QR code presented to them - so you must not restrict access to the endpoint by: IP, authorization, or location.

Create the lnurl configuration file.

This file enables LNURL withdrawals (for BUY transactions). If set incorrectly, the wallet be unable to complete the transaction. The LNURL can only be used once (then it is invalidated).

Create the /batm/config/lnurl file:

Add this single line to the file:

• Replace lnurl.yourcasdomain.com with your publicly accessible LNURL domain name.

• Save the file (Ctrl+X).

You're done!