dev-stack: pin nostr-transport keypair + allow LAN HTTP for dev
Some checks failed
ci / regtest (push) Has been cancelled
Some checks failed
ci / regtest (push) Has been cancelled
Two small fixes that surfaced during the v2-bitspire end-to-end test on 2026-05-15 against a real Sintra ATM: 1. `NOSTR_TRANSPORT_PRIVATE_KEY` / `NOSTR_TRANSPORT_PUBLIC_KEY` are now forwarded from the local `.env` into the lnbits container's environment. Without a pinned key LNbits auto-generates a fresh server keypair on every container restart, which breaks any ATM previously provisioned against the old pubkey (encryption target no longer exists from LNbits' point of view → RPCs land on the relay but the dispatcher never picks them up → cash-out hangs at "generating invoice"). The `.env` file is gitignored so the actual keypair stays out of the repo; rotate by regenerating + re- provisioning all ATMs. 2. `AUTH_HTTPS_ONLY: "false"` — LNbits' auth cookies default to requiring HTTPS, which blocks LAN access from a non-localhost browser (e.g. another machine on 192.168.0.x reaching the dev instance). Safe to disable for the dev stack; production-shaped deployments must keep it true.
This commit is contained in:
parent
0be64e13ae
commit
7d04e40a48
2 changed files with 16 additions and 5 deletions
|
|
@ -21,6 +21,9 @@ services:
|
|||
LNBITS_PORT: 5001
|
||||
DEBUG: true
|
||||
LNBITS_ADMIN_UI: true
|
||||
# Allow LAN/HTTP access for dev (auth cookies don't require HTTPS).
|
||||
# Keep TRUE for any production-shaped deployment.
|
||||
AUTH_HTTPS_ONLY: "false"
|
||||
LNBITS_BACKEND_WALLET_CLASS: "FakeWallet"
|
||||
LNBITS_DATA_FOLDER: "./data"
|
||||
LNBITS_EXTENSIONS_PATH: "/shared"
|
||||
|
|
@ -29,13 +32,18 @@ services:
|
|||
LNBITS_ADMIN_EXTENSIONS: "nostrclient,nostrrelay,satmachineadmin"
|
||||
LNBITS_USER_DEFAULT_EXTENSIONS: "lnurlp,nostrmarket,events,libra,satmachineclient"
|
||||
# Nostr transport layer (HTTP-free RPC over kind-21000 events).
|
||||
# On first boot a keypair is auto-generated and logged; copy the
|
||||
# printed pubkey into your driver script. The relay points at the
|
||||
# nostrrelay extension running inside the same container — a relay
|
||||
# named "test" must be created via the UI before the transport
|
||||
# will successfully connect (the reconnect loop retries every 5s).
|
||||
# The keypair below is pinned via the local `.env` so it survives
|
||||
# container restarts. Without a pinned key LNbits auto-generates a
|
||||
# fresh one on every boot, which breaks any ATM provisioned against
|
||||
# the prior pubkey (encryption target no longer exists). The relay
|
||||
# points at the nostrrelay extension running inside the same
|
||||
# container — a relay named "test" must be created via the UI
|
||||
# before the transport will successfully connect (the reconnect
|
||||
# loop retries every 5s).
|
||||
NOSTR_TRANSPORT_ENABLED: "true"
|
||||
NOSTR_TRANSPORT_RELAYS: '["ws://localhost:5001/nostrrelay/test"]'
|
||||
NOSTR_TRANSPORT_PRIVATE_KEY: ${NOSTR_TRANSPORT_PRIVATE_KEY}
|
||||
NOSTR_TRANSPORT_PUBLIC_KEY: ${NOSTR_TRANSPORT_PUBLIC_KEY}
|
||||
# Lowered from the 40_000 default just to make sharding easy to
|
||||
# exercise in local tests without seeding hundreds of payments.
|
||||
# Production runs should leave this unset (defaults to 40_000).
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue