Issue with externalip and externalhosts configuration in LND

[damanic]

There is currently no way to set externalip to an IP address through btcpay vars.

Btcpay will use the value of BTCPAY_HOST for externalip= which is the primary DOMAIN name for the site.

If you set the var BTCPAY_ANNOUNCEABLE_HOST to an IP address it will be overridden by btcpay-setup.sh and reset to the BTCPAY_HOST domain.

This can cause issues when migrating to new IP or if serving the btcpay webservice behind a DNS proxy like cloudflare which will resolve the domain to cloudflares IP address instead of the LND nodes public IP address.

The assignment of a domain to externalip also seems to not be best practice when there is a configuration variable called externalhosts that is intended for DNS resolution.

; A list of domains for lnd to periodically resolve, and advertise the resolved
; IPs for the backing node. This is useful for users that only have a dynamic IP,
; or want to expose the node at a domain.
; Default:
;   externalhosts=
; Example (option can be specified multiple times):
;   externalhosts=my-node-domain.com
;   externalhosts=my-second-domain.com

Shouldn't BTCPAY allow for the externalip in LND conf to be set as an IP address through ENV vars for servers that have a static IP, and have the option to add BTCPAY_HOST / BTCPAY_ADDITIONAL_HOSTS as externalhosts entries for those that have a dynamic IP?

[dennisreimann]

@rockstardev I'm not sure why we are using the externalip with hostnames, but I assume it might be a remainder from back in the days where there wasn't an externalhosts option.

The docker entrypoint has two lines where it sets externalip= in the lnd.conf file:

• To $LND_EXTERNALIP, which is defined by the docker fragment, the value being $BTCPAY_ANNOUNCEABLE_HOST
• To $HIDDENSERVICE_ONION, which is a .onion hostname

For the latter I haven't found any hints regarding why even use the externalip/externalhosts with a Tor address. Maybe this isn't necessary anymore.

For the former it would always be a hostname rather than an IP address. Imho it would be good to clarify that in the variable name and set externalhosts rather than externalip.

What are your thoughts?

[warioishere]

@rockstardev I'm not sure why we are using the externalip with hostnames, but I assume it might be a remainder from back in the days where there wasn't an externalhosts option.

The docker entrypoint has two lines where it sets externalip= in the lnd.conf file:

• To $LND_EXTERNALIP, which is defined by the docker fragment, the value being $BTCPAY_ANNOUNCEABLE_HOST
• To $HIDDENSERVICE_ONION, which is a .onion hostname

For the latter I haven't found any hints regarding why even use the externalip/externalhosts with a Tor address. Maybe this isn't necessary anymore.

For the former it would always be a hostname rather than an IP address. Imho it would be good to clarify that in the variable name and set externalhosts rather than externalip.

What are your thoughts?

First of all:

you dont need to set an onion adress for lnd as an external IP

Most importantly you need to set:

[tor]
tor.active=true
tor.v3=true
tor.privatekeypath=/path/to/v3_onion_private_key
tor.socks=9050
tor.control=9051

for lnd to get an onion address.

externalip= should be only used when you have a fixed IP adress. No port needed to be set, it takes the port from the port given at the listen config

for dynamic IP adresses use:

externalhosts="dyndnsaddress.com"

should be used so lnd resolveds this adress periodically to set and advertise this adress as its own. You need a ddns client that updates the IP adress to your dyndnsprovider.

Externalhosts actually can also be used to resolve a domain for a fixed IP not only for dydns

You should let users set indepentently and optionally set an externalip for example to make use of wireguard vpn infront of lnd like for example tunnelsats

[warioishere]

a future possible setup-way could be:

setup externalhosts=$BTCPAY_HOST
an optional variable where externalip can be set for example if you want to hide LND behind tunnelsats or a VPN, you can set IP of the external tunnelsats server here. externalhosts should then be replaced by this when using externalip

remove externalip=xyz.onion