Let’s create a routing LND node, part 10 - Docker

Series: Let’s create a routing LND node

Supporting this series

If you want to support this series, you can:

  • Use tippin.me to send me a tip.
  • Use Tootmoney to ask for a Lightning invoice. On Mastodon, just send a toot like ‘@OpinionatedGeek #TootMoney #send 10000’ to have it reply with an invoice QR code.
  • Send bitcoin to this address: bc1qsaampnjm5ykcpd40pstcewt75xrtfy5cxpnpdf

Docker

I mentioned docker on the LND Slack earlier today and figured I should expand on it here. Some hilarious(?) server issues mean I can’t do much else.

I use docker to run things on my ‘real’ servers - servers that are on testnet or mainnet 24 hours a day. I like the idea of it. It does take a bit of knowledge to get up and running with it, and it takes a bit more to see the point and think it’s worth doing, but it does help.

For me it makes a bunch of things easier:

  • Encapsulation of services.
  • Build-time versus run-time requirements.
  • Server maintenance and ease of migration

I’ll try to explain each of these.

Encapsulation of services

When you run your program inside a docker ‘container’, what it can do is quite limited. It looks to the program like it has the whole machine to itself - it has the OS kernel, the whole filesystem, all the network ports and so on, all to itself. It doesn’t really though - it’s all just contained in a special ‘box’. It looks like it has a filesystem, and it can read and write however it likes - but those changes don’t make it to your actual machine unless they’re in an area you have specifically mapped for that container. And it can listen on any port it likes, but they’re not your machine’s ports - if you want to actually expose one of the container’s ports to the world, you have to explicitly choose to do that.

You limit how your program can read, save and listen by running it in a container. By limiting it this way, you make it more predictable and easier to manage. (It doesn’t matter if your program accidentally or maliciously decides to listen on port 12345 - if you haven’t declared your container is to listen on that port, no traffic will get to your program.)

By looking at how the container is configured you can easily see which files or directories it can access, and which ports is uses.

Build-time versus run-time requirements

There are a lot of great tools out there for LND. But if I’m running a ‘production’ server, I want to limit its attach surface by having as little on it as possible. I don’t want to install dev tools like the ‘go’ compiler if I don’t have to. I can reduce my exposure to problems here by using containers, either ones I build myself or - better - ones validated by the projects who own the containers.

It goes beyond just dev tools like the ‘go’ compiler though. If you’ve used ‘node’, you’ll know you can sometimes get into weird versioning issues with files in your node_modules. (It’s better now than it used to be.) But if a project supplies its own docker image, you can be assured that they’ve addressed any versioning issues and supplied the versions that work - all embedded in the container so you don’t need to npm install anything. If you’ve used ‘python’ you’ll know how you have different virtual environments for different situations, but if the project supplies its own docker image it already comes with the right version of python installed and ready to run in its own container. Versioning problems are addressed by those most capable of handling them - the project team - rather than every single person that wants to deploy that project.

And since you’re running the same container as everyone else, you don’t have to worry about particular issues with a particular compiler - you are running the exact same binaries as everyone else running that container, and in exactly the same OS image and environment. The only differences between your setup and someone else’s are due to the docker configuration - usually either the networking or filesystem mappings.

Server maintenance and ease of migration

To use containers, you need to install docker. (Or something else - other container options are available.) But once you have that installed and set up, you don’t have to worry about much else.

If you want to move everything to another server, you just need to get that new server running docker and then copy across any mapped data. You don’t need to go through a litany of dependencies to install every time you want to create a new server.

In practice

How does all this work in practice with LND? Well, Lightning Labs don’t currently provide their own docker images, so you’ll have to build them yourself or use ones others have built (if you trust them). I just build them myself.

It’s pretty easy. Once you’ve got the lnd repo, you just:

cd docker

docker-compose build

Note: if you intend to run Loop with your LND server, you need to update your local file docker/lnd/Dockerfile with the changes in my pull request: Build LND subservers when building docker image.

One really neat thing here - the build itself happens inside the docker image building process, so you don’t have to have ‘go’ installed - a docker image with the right version of go is used to build the binaries, and then discarded once they’re successfully built.

Then you - somehow - push that lnd image to your server. There are a bunch of ways to do this, and the one you choose is up to you. I push to a private docker repository but you might prefer to use docker’s own free hub.

On the server, you can use the normal docker commands to run and manage the container. I usually don’t bother. These days I prefer putting things into a docker-compose.yml file, describing the containers and all their dependencies in one place.

Here’s (most of) my docker-compose.yml file:

version: '2'

services:

lnd:

command: >-

lnd

--debuglevel=info

--alias="OpinionatedGeek ⚡"

--color="#990099"

--bitcoin.active

--bitcoin.mainnet

--bitcoin.node=bitcoind

--bitcoind.rpchost=1.2.3.4

--bitcoind.rpcuser=NoChance

--bitcoind.rpcpass=NoWay

--bitcoind.zmqpubrawblock=tcp://1.2.3.4:28332

--bitcoind.zmqpubrawtx=tcp://1.2.3.4:28333

--rpclisten 0.0.0.0:10009

--externalip=5.6.7.8:9735

--tlsextraip=5.6.7.8

--tlsextradomain=lnd.opinionatedgeek.com

--minchansize=1000000

--workers.read=100

--workers.write=100

--workers.sig=100

--unsafe-disconnect

image: my-private-container-repository/lightning-lnd:latest

restart: always

logging:

options:

max-size: '10m'

max-file: '5'

ports:

- "9735:9735"

volumes:

- ./home:/root

- ./rpc:/rpc

loop:

image: my-private-container-repository/loop:latest

restart: always

command: >-

loopd

--network=mainnet

--rpclisten=0.0.0.0:11010

--lnd.host lnd.opinionatedgeek.com:10009

--lnd.tlspath=/root/.lnd/tls.cert

--lnd.macaroondir=/root/.lnd/data/chain/bitcoin/mainnet

depends_on:

- lnd

links:

- lnd:lnd.opinionatedgeek.com

logging:

options:

max-size: '10m'

max-file: '5'

volumes:

- ./home:/root

From this you can see all the command-line parameters I’m specifying, which saves me having to remember them every time.

And you can see that the only network port I’m allowing it to use is 9735. No public incoming connections to 8080 or 10009 will make it to LND.

And you can see that the only mapped filesystems are the home and rpc directories - anything in those directories is persisted to the real filesystem, anything outside those directories is discarded when the container terminates. If I want to copy this LND server to new hardware, I just need to copy the home and rpc directories.

I use Loop as well, and it requires a way to talk to LND. Launching both from the same docker-compose.yml file means they ‘share’ a network, so Loop can happily talk to LND on port 10009 with none of that traffic ever leaving the machine.

The ‘restart’ settings mean the services will run when I log off, and will restart automatically if the machine reboots. (I’ll still have the problem of unlocking the wallet though.)

Upgrading LND is then a straightforward process of:

  • Building the new docker image.
  • Pushing that docker image to some shared repository.
  • Pulling that image down to every server you want to run it on.
  • Running docker-compose down followed by docker-compose up -d

And finally here’s the latest report:

OpinionatedGeek ⚡ - synced: ✅

Total Balance: 48,741,402 satoshi, Wallet: 16,499,900 satoshi (16,499,900 satoshi/0 satoshi)

Fees: 4 this month, 4 this week, 0 today

Channels: 22 active, 0 inactive, 0 pending, containing: 32,241,502 satoshi

Version: 0.6.0-beta commit=v0.6-beta-dirty

URI: 023c5b5667b16cd7fcca5591a8c0f47beb76c9405e16a4f2d6b42c7b9904a7f0e6@95.179.191.59:9735

Pending:

None.

Unbalanced - High:

✅ 👪 ECRYPTO[LND]: 632502860122357761 (Last update: 19:12 UTC on Thursday, 9 May 2019)

Pubkey: 03d40870a931fe2e978f01b26117b64d15d68119f2840c30f1b69b59955b1e7846

Fees: 1,000+1/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 984,889 / 0 [capacity: 1,000,000]

✅ 👪 ln.taborsky.cz: 632189499363622912 (Last update: 19:00 UTC on Thursday, 9 May 2019)

Pubkey: 0265fae305778b7cb157365f70cf3a2047d2cad5c1ccc5f550c6d8a033084a8ea5

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,479 / 0 [capacity: 1,000,000]

✅ 👪 1ML.com node ALPHA: 632050960770990080 (Last update: 08:36 UTC on Friday, 10 May 2019)

Pubkey: 0217890e3aad8d35bc054f43acc00084b25229ecff0ab68debd82883ad65ee8266

Fees: 0+10/40 / 1,000+1/144

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,476 / 0 [capacity: 1,000,000]

✅ 👪 BitMEXResearch: 631655136611991552 (Last update: 06:35 UTC on Friday, 10 May 2019)

Pubkey: 0395033b252c6f40e3756984162d68174e2bd8060a129c0d3462a9370471c6d28f

Fees: 0+10/40 / 1+10/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,476 / 0 [capacity: 1,000,000]

✅ 👪 SLL: 632187300239048704 (Last update: 15:49 UTC on Tuesday, 7 May 2019)

Pubkey: 039401f72bc0d40efb58b01de15527a2a5ae1943d7c29067b725a1467a93c7e66f

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,476 / 0 [capacity: 1,000,000]

✅ 👪 ACINQ: 632050960761552897 (Last update: 07:42 UTC on Friday, 10 May 2019)

Pubkey: 03864ef025fde8fb587d989186ce6a4a186895ee44a926bfc370e2c366597a3f8f

Fees: 0+10/40 / 1,000+100/144

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,476 / 0 [capacity: 1,000,000]

✅ 👪 blackgold: 632112533487681536 (Last update: 11:32 UTC on Friday, 10 May 2019)

Pubkey: 02f40890af885da4673f0ee9725ee74bb2c66d6491cc4334056a2701057993e61d

Fees: 0+10/40 / 250+10/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,469 / 0 [capacity: 1,000,000]

✅ 👪 hirish-ln: 632189499363557376 (Last update: 12:07 UTC on Thursday, 9 May 2019)

Pubkey: 036d81bb87af589f949dec53af1b3121c84048d0913eb56945cbbb62c5cb4fcb6f

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,461 / 0 [capacity: 1,000,000]

✅ 👪 VIX18: 632187300238983168 (Last update: 04:21 UTC on Thursday, 9 May 2019)

Pubkey: 03f8ab9b7496be92ce370e0224661d5d2de80bca8f505d66f1226d0e6002007d2a

Fees: 0+10/40 / 1,000+100/144

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,402 / 0 [capacity: 1,000,000]

✅ 👪 kornpow: 632376416256983040 (Last update: 17:17 UTC on Wednesday, 8 May 2019)

Pubkey: 03077d02d11d2ade200c7fc5ba4fc66c1c599424fb945e88b3896fee6eedc07147

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,398 / 0 [capacity: 1,000,000]

✅ 👪 LightningTo.Me: 632050960802447360 (Last update: 23:45 UTC on Thursday, 9 May 2019)

Pubkey: 03bb88ccc444534da7b5b64b4f7b15e1eccb18e102db0e400d4b9cfe93763aa26d

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,380 / 0 [capacity: 1,000,000]

✅ 👪 021c97a90a411ff2b10d: 632366520641650689 (Last update: 22:27 UTC on Thursday, 9 May 2019)

Pubkey: 021c97a90a411ff2b10dc2a8e32de2f29d2fa49d41bfbb52bd416e460db0747d0d

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥕🥕] 13,732,236 / 3,029,865 [capacity: 16,777,215]

Unbalanced - Low:

✅ 🚶 03f175627ecd2b736fdd: 631605658598703105 (Last update: 14:20 UTC on Friday, 3 May 2019)

Pubkey: 03f175627ecd2b736fdd29f40414c02169716f884b4b45762483142ed81834141c

Fees: 0+10/40 / 1,000+1/40

Balances: [🥕🥕🥕🥕🥕🥕🥕🥕🥕🥕] 96,416 / 1,031,326 [capacity: 1,144,265]

All Channels:

✅ 👪 ECRYPTO[LND]: 632502860122357761 (Last update: 19:12 UTC on Thursday, 9 May 2019)

Pubkey: 03d40870a931fe2e978f01b26117b64d15d68119f2840c30f1b69b59955b1e7846

Fees: 1,000+1/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 984,889 / 0 [capacity: 1,000,000]

✅ 👪 ln.taborsky.cz: 632189499363622912 (Last update: 19:00 UTC on Thursday, 9 May 2019)

Pubkey: 0265fae305778b7cb157365f70cf3a2047d2cad5c1ccc5f550c6d8a033084a8ea5

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,479 / 0 [capacity: 1,000,000]

✅ 👪 1ML.com node ALPHA: 632050960770990080 (Last update: 08:36 UTC on Friday, 10 May 2019)

Pubkey: 0217890e3aad8d35bc054f43acc00084b25229ecff0ab68debd82883ad65ee8266

Fees: 0+10/40 / 1,000+1/144

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,476 / 0 [capacity: 1,000,000]

✅ 👪 BitMEXResearch: 631655136611991552 (Last update: 06:35 UTC on Friday, 10 May 2019)

Pubkey: 0395033b252c6f40e3756984162d68174e2bd8060a129c0d3462a9370471c6d28f

Fees: 0+10/40 / 1+10/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,476 / 0 [capacity: 1,000,000]

✅ 👪 SLL: 632187300239048704 (Last update: 15:49 UTC on Tuesday, 7 May 2019)

Pubkey: 039401f72bc0d40efb58b01de15527a2a5ae1943d7c29067b725a1467a93c7e66f

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,476 / 0 [capacity: 1,000,000]

✅ 👪 ACINQ: 632050960761552897 (Last update: 07:42 UTC on Friday, 10 May 2019)

Pubkey: 03864ef025fde8fb587d989186ce6a4a186895ee44a926bfc370e2c366597a3f8f

Fees: 0+10/40 / 1,000+100/144

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,476 / 0 [capacity: 1,000,000]

✅ 👪 blackgold: 632112533487681536 (Last update: 11:32 UTC on Friday, 10 May 2019)

Pubkey: 02f40890af885da4673f0ee9725ee74bb2c66d6491cc4334056a2701057993e61d

Fees: 0+10/40 / 250+10/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,469 / 0 [capacity: 1,000,000]

✅ 👪 hirish-ln: 632189499363557376 (Last update: 12:07 UTC on Thursday, 9 May 2019)

Pubkey: 036d81bb87af589f949dec53af1b3121c84048d0913eb56945cbbb62c5cb4fcb6f

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,461 / 0 [capacity: 1,000,000]

✅ 👪 VIX18: 632187300238983168 (Last update: 04:21 UTC on Thursday, 9 May 2019)

Pubkey: 03f8ab9b7496be92ce370e0224661d5d2de80bca8f505d66f1226d0e6002007d2a

Fees: 0+10/40 / 1,000+100/144

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,402 / 0 [capacity: 1,000,000]

✅ 👪 kornpow: 632376416256983040 (Last update: 17:17 UTC on Wednesday, 8 May 2019)

Pubkey: 03077d02d11d2ade200c7fc5ba4fc66c1c599424fb945e88b3896fee6eedc07147

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,398 / 0 [capacity: 1,000,000]

✅ 👪 LightningTo.Me: 632050960802447360 (Last update: 23:45 UTC on Thursday, 9 May 2019)

Pubkey: 03bb88ccc444534da7b5b64b4f7b15e1eccb18e102db0e400d4b9cfe93763aa26d

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 983,380 / 0 [capacity: 1,000,000]

✅ 👪 021c97a90a411ff2b10d: 632366520641650689 (Last update: 22:27 UTC on Thursday, 9 May 2019)

Pubkey: 021c97a90a411ff2b10dc2a8e32de2f29d2fa49d41bfbb52bd416e460db0747d0d

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥕🥕] 13,732,236 / 3,029,865 [capacity: 16,777,215]

✅ 👪 Bitrefill.com: 631589165900038144 (Last update: 00:49 UTC on Friday, 10 May 2019)

Pubkey: 030c3f19d742ca294a55c00376b3b355c3c90d61c6b6b39554dbc7ac19b141c14f

Fees: 0+10/40 / 4,000+20/144

Balances: [🥝🥝🥝🥝🥝🥝🥝🥕🥕🥕] 2,991,404 / 992,071 [capacity: 4,000,000]

✅ 👪 Sagittarius A: 632050960773152769 (Last update: 09:28 UTC on Friday, 10 May 2019)

Pubkey: 03a503d8e30f2ff407096d235b5db63b4fcf3f89a653acb6f43d3fc492a7674019

Fees: 0+10/40 / 0+1/40

Balances: [🥝🥝🥝🥝🥝🥝🥕🥕🥕🥕] 683,476 / 300,001 [capacity: 1,000,000]

✅ 👪 rompert.com🔵: 631590265456623616 (Last update: 05:39 UTC on Thursday, 9 May 2019)

Pubkey: 02ad6fb8d693dc1e4569bcedefadf5f72a931ae027dc0f0c544b34c1c6f3b9a02b

Fees: 0+10/40 / 0+1/144

Balances: [🥝🥝🥝🥝🥝🥕🥕🥕🥕🥕] 586,393 / 397,082 [capacity: 1,000,000]

✅ 👪 CoinGate: 631562777641943040 (Last update: 23:39 UTC on Thursday, 9 May 2019)

Pubkey: 0242a4ae0c5bef18048fbecf995094b74bfb0f7391418d71ed394784373f41e4f3

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥝🥕🥕🥕🥕🥕] 501,419 / 482,056 [capacity: 1,000,000]

✅ 👪 powernode.io: 631589165899972608 (Last update: 18:26 UTC on Thursday, 9 May 2019)

Pubkey: 02809e936f0e82dfce13bcc47c77112db068f569e1db29e7bf98bcdd68b838ee84

Fees: 0+10/40 / 0+100/40

Balances: [🥝🥝🥝🥝🥕🥕🥕🥕🥕🥕] 991,414 / 992,061 [capacity: 2,000,000]

✅ 👪 LightningPowerUsers.com: 631590265456689152 (Last update: 06:49 UTC on Friday, 10 May 2019)

Pubkey: 0331f80652fb840239df8dc99205792bba2e559a05469915804c08420230e23c7c

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥕🥕🥕🥕🥕🥕] 491,417 / 492,060 [capacity: 1,000,000]

✅ 👪 ln1.satoshilabs.com: 631652937637363712 (Last update: 04:50 UTC on Friday, 10 May 2019)

Pubkey: 0279c22ed7a068d10dc1a38ae66d2d6461e269226c60258c021b1ddcdfe4b00bc4

Fees: 0+10/40 / 0+1,000/144

Balances: [🥝🥝🥝🥝🥕🥕🥕🥕🥕🥕] 490,920 / 492,555 [capacity: 1,000,000]

✅ 👪 lightning-roulette.com: 631563877105729536 (Last update: 02:30 UTC on Friday, 10 May 2019)

Pubkey: 031678745383bd273b4c3dbefc8ffbf4847d85c2f62d3407c0c980430b3257c403

Fees: 0+10/40 / 1,000+1/40

Balances: [🥝🥝🥝🥝🥕🥕🥕🥕🥕🥕] 481,417 / 502,058 [capacity: 1,000,000]

✅ 👪 ln.BitSoapBox.com: 632113632926957568 (Last update: 01:44 UTC on Friday, 10 May 2019)

Pubkey: 021607cfce19a4c5e7e6e738663dfafbbbac262e4ff76c2c9b30dbeefc35c00643

Fees: 0+10/40 / 220+21/144

Balances: [🥝🥝🥝🥝🥝🥝🥝🥝🥝🥝] 375,608 / 0 [capacity: 1,000,000]

✅ 🚶 03f175627ecd2b736fdd: 631605658598703105 (Last update: 14:20 UTC on Friday, 3 May 2019)

Pubkey: 03f175627ecd2b736fdd29f40414c02169716f884b4b45762483142ed81834141c

Fees: 0+10/40 / 1,000+1/40

Balances: [🥕🥕🥕🥕🥕🥕🥕🥕🥕🥕] 96,416 / 1,031,326 [capacity: 1,144,265]


Tags: Lightning
Created by on Logo15659OpinionatedGeek Ltd.Logo15659