lnd.xprv/sample-lnd.conf
Dennis Reimann dcfeebaa1b
Document setting multiple tlsextra entries
Minor addition to #2704, because I was wondering how to set multiple tlsextra entries.
2019-11-22 10:22:28 +01:00

391 lines
14 KiB
Plaintext

[Application Options]
; The directory that lnd stores all wallet, chain, and channel related data
; within The default is ~/.lnd/data on POSIX OSes, $LOCALAPPDATA/Lnd/data on
; Windows, ~/Library/Application Support/Lnd/data on Mac OS, and $home/lnd/data
; on Plan9. Environment variables are expanded so they may be used. NOTE:
; Windows environment variables are typically %VARIABLE%, but they must be
; accessed with $VARIABLE here. Also, ~ is expanded to $LOCALAPPDATA on Windows.
; datadir=~/.lnd/data
; The directory that logs are stored in. The logs are auto-rotated by default.
; Rotated logs are compressed in place.
; logdir=~/.lnd/logs
; Number of logfiles that the log rotation should keep. Setting it to 0 disables deletion of old log files.
; maxlogfiles=3
;
; Max log file size in MB before it is rotated.
; maxlogfilesize=10
; Path to TLS certificate for lnd's RPC and REST services.
; tlscertpath=~/.lnd/tls.cert
; Path to TLS private key for lnd's RPC and REST services.
; tlskeypath=~/.lnd/tls.key
; Adds an extra ip to the generated certificate. Setting multiple tlsextraip= entries is allowed.
; (old tls files must be deleted if changed)
; tlsextraip=
; Adds an extra domain to the generate certificate. Setting multiple tlsextradomain= entries is allowed.
; (old tls files must be deleted if changed)
; tlsextradomain=
; Disable macaroon authentication. Macaroons are used are bearer credentials to
; authenticate all RPC access. If one wishes to opt out of macaroons, uncomment
; the line below.
; no-macaroons=true
; Path to write the admin macaroon for lnd's RPC and REST services if it
; doesn't exist. This can be set if one wishes to store the admin macaroon in a
; distinct location. By default, it is stored within lnd's network directory.
; Applications that are able to read this file, gain admin macaroon access.
; adminmacaroonpath=~/.lnd/data/chain/bitcoin/simnet/admin.macaroon
; Path to write the read-only macaroon for lnd's RPC and REST services if it
; doesn't exist. This can be set if one wishes to store the read-only macaroon
; in a distinct location. The read only macaroon allows users which can read
; the file to access RPCs which don't modify the state of the daemon. By
; default, it is stored within lnd's network directory.
; readonlymacaroonpath=~/.lnd/data/chain/bitcoin/simnet/readonly.macaroon
; Path to write the invoice macaroon for lnd's RPC and REST services if it
; doesn't exist. This can be set if one wishes to store the invoice macaroon in
; a distinct location. By default, it is stored within lnd's network directory.
; The invoice macaroon allows users which can read the file to gain read and
; write access to all invoice related RPCs.
; invoicemacaroonpath=~/.lnd/data/chain/bitcoin/simnet/invoice.macaroon
; Specify the interfaces to listen on for p2p connections. One listen
; address per line.
; All ipv4 on port 9735:
; listen=0.0.0.0:9735
; On all ipv4 interfaces on port 9735 and ipv6 localhost port 9736:
; listen=0.0.0.0:9735
; listen=[::1]:9736
; Disable listening for incoming p2p connections. This will override all
; listeners.
; nolisten=1
; Specify the interfaces to listen on for gRPC connections. One listen
; address per line.
; Only ipv4 localhost on port 10009:
; rpclisten=localhost:10009
; On ipv4 localhost port 10009 and ipv6 port 10010:
; rpclisten=localhost:10009
; rpclisten=[::1]:10010
; On an Unix socket:
; rpclisten=unix:///var/run/lnd/lnd-rpclistener.sock
; Specify the interfaces to listen on for REST connections. One listen
; address per line.
; All ipv4 interfaces on port 8080:
; restlisten=0.0.0.0:8080
; On ipv4 localhost port 80 and 443:
; restlisten=localhost:80
; restlisten=localhost:443
; On an Unix socket:
; restlisten=unix:///var/run/lnd-restlistener.sock
; Adding an external IP will advertise your node to the network. This signals
; that your node is available to accept incoming channels. If you don't wish to
; advertise your node, this value doesn't need to be set. Unless specified
; (with host:port notation), the default port (9735) will be added to the
; address.
; externalip=
;
; Instead of explicitly stating your external IP address, you can also enable
; UPnP or NAT-PMP support on the daemon. Both techniques will be tried and
; require proper hardware support. In order to detect this hardware support,
; `lnd` uses a dependency that retrieves the router's gateway address by using
; different built-in binaries in each platform. Therefore, it is possible that
; we are unable to detect the hardware and `lnd` will exit with an error
; indicating this. This option will automatically retrieve your external IP
; address, even after it has changed in the case of dynamic IPs, and advertise
; it to the network using the ports the daemon is listening on. This does not
; support devices behind multiple NATs.
; nat=true
; Debug logging level.
; Valid levels are {trace, debug, info, warn, error, critical}
; You may also specify <subsystem>=<level>,<subsystem2>=<level>,... to set
; log level for individual subsystems. Use lncli debuglevel --show to list
; available subsystems.
; debuglevel=info
; Write CPU profile to the specified file.
; cpuprofile=
; Enable HTTP profiling on given port -- NOTE port must be between 1024 and
; 65536. The profile can be access at: http://localhost:<PORT>/debug/pprof/.
; profile=
; The maximum number of incoming pending channels permitted per peer.
; maxpendingchannels=1
; If true, then automatic network bootstrapping will not be attempted. This
; means that your node won't attempt to automatically seek out peers on the
; network.
; nobootstrap=1
; The smallest channel size (in satoshis) that we should accept. Incoming
; channels smaller than this will be rejected, default value 20000.
; minchansize=
; The alias your node will use, which can be up to 32 UTF-8 characters in
; length.
; alias=My Lightning ☇
; The color of the node in hex format, used to customize node appearance in
; intelligence services.
; color=#3399FF
[Bitcoin]
; If the Bitcoin chain should be active. Atm, only a single chain can be
; active.
bitcoin.active=1
; Use Bitcoin's test network.
; bitcoin.testnet=1
;
; Use Bitcoin's simulation test network
bitcoin.simnet=1
; Use Bitcoin's regression test network
; bitcoin.regtest=false
; Use the btcd back-end
bitcoin.node=btcd
; Use the bitcoind back-end
; bitcoin.node=bitcoind
; Use the neutrino (light client) back-end
; bitcoin.node=neutrino
; The default number of confirmations a channel must have before it's considered
; open. We'll require any incoming channel requests to wait this many
; confirmations before we consider the channel active.
; bitcoin.defaultchanconfs=3
[Btcd]
; The host that your local btcd daemon is listening on. By default, this
; setting is assumed to be localhost with the default port for the current
; network.
; btcd.rpchost=localhost
; Username for RPC connections to btcd. By default, lnd will attempt to
; automatically obtain the credentials, so this likely won't need to be set
; (other than for simnet mode).
; btcd.rpcuser=kek
; Password for RPC connections to btcd. By default, lnd will attempt to
; automatically obtain the credentials, so this likely won't need to be set
; (other than for simnet mode).
; btcd.rpcpass=kek
; File containing the daemon's certificate file. This only needs to be set if
; the node isn't on the same host as lnd.
; btcd.rpccert=~/.btcd/rpc.cert
; The raw bytes of the daemon's PEM-encoded certificate chain which will be used
; to authenticate the RPC connection. This only needs to be set if the btcd
; node is on a remote host.
; btcd.rawrpccert=
[Bitcoind]
; The host that your local bitcoind daemon is listening on. By default, this
; setting is assumed to be localhost with the default port for the current
; network.
; bitcoind.rpchost=localhost
; Username for RPC connections to bitcoind. By default, lnd will attempt to
; automatically obtain the credentials, so this likely won't need to be set
; (other than for a remote bitcoind instance).
; bitcoind.rpcuser=kek
; Password for RPC connections to bitcoind. By default, lnd will attempt to
; automatically obtain the credentials, so this likely won't need to be set
; (other than for a remote bitcoind instance).
; bitcoind.rpcpass=kek
; ZMQ socket which sends rawblock and rawtx notifications from bitcoind. By
; default, lnd will attempt to automatically obtain this information, so this
; likely won't need to be set (other than for a remote bitcoind instance).
; bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
; bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333
[neutrino]
; Connect only to the specified peers at startup. This creates a persistent
; connection to a target peer. This is recommended as there aren't many
; neutrino compliant full nodes on the test network yet.
; neutrino.connect=
; Add a peer to connect with at startup.
; neutrino.addpeer=
; Set a URL source for fee estimates.
; neutrino.feeurl=
[Litecoin]
; If the Litecoin chain should be active. Atm, only a single chain can be
; active.
; litecoin.active=1
; Use Litecoin's test network.
; litecoin.testnet=1
; Use the ltcd back-end
litecoin.node=ltcd
; Use the litecoind back-end
; litecoin.node=litecoind
[Ltcd]
; The host that your local ltcd daemon is listening on. By default, this
; setting is assumed to be localhost with the default port for the current
; network.
; ltcd.rpchost=localhost
; Username for RPC connections to ltcd. By default, lnd will attempt to
; automatically obtain the credentials, so this likely won't need to be set
; (other than for simnet mode).
; ltcd.rpcuser=kek
; Password for RPC connections to ltcd. By default, lnd will attempt to
; automatically obtain the credentials, so this likely won't need to be set
; (other than for simnet mode).
; ltcd.rpcpass=kek
; File containing the daemon's certificate file. This only needs to be set if
; the node isn't on the same host as lnd.
; ltcd.rpccert=~/.ltcd/rpc.cert
; The raw bytes of the daemon's PEM-encoded certificate chain which will be used
; to authenticate the RPC connection. This only needs to be set if the ltcd
; node is on a remote host.
; ltcd.rawrpccert=
[Litecoind]
; The host that your local litecoind daemon is listening on. By default, this
; setting is assumed to be localhost with the default port for the current
; network.
; litecoind.rpchost=localhost
; Username for RPC connections to litecoind. By default, lnd will attempt to
; automatically obtain the credentials, so this likely won't need to be set
; (other than for a remote litecoind instance).
; litecoind.rpcuser=kek
; Password for RPC connections to litecoind. By default, lnd will attempt to
; automatically obtain the credentials, so this likely won't need to be set
; (other than for a remote litecoind instance).
; litecoind.rpcpass=kek
; ZMQ socket which sends rawblock and rawtx notifications from litecoind. By
; default, lnd will attempt to automatically obtain this information, so this
; likely won't need to be set (other than for a remote litecoind instance).
; litecoind.zmqpubrawblock=tcp://127.0.0.1:28332
; litecoind.zmqpubrawtx=tcp://127.0.0.1:28333
[autopilot]
; If the autopilot agent should be active or not. The autopilot agent will
; attempt to automatically open up channels to put your node in an advantageous
; position within the network graph.
; autopilot.active=1
; The maximum number of channels that should be created.
; autopilot.maxchannels=5
; The fraction of total funds that should be committed to automatic channel
; establishment. For example 0.6 means that 60% of the total funds available
; within the wallet should be used to automatically establish channels. The total
; amount of attempted channels will still respect the maxchannels param.
; autopilot.allocation=0.6
[tor]
; The port that Tor's exposed SOCKS5 proxy is listening on. Using Tor allows
; outbound-only connections (listening will be disabled) -- NOTE port must be
; between 1024 and 65535
; tor.socks=9050
; The DNS server as IP:PORT that Tor will use for SRV queries - NOTE must have
; TCP resolution enabled. The current active DNS server for Testnet listening is
; nodes.lightning.directory
; tor.dns=nodes.lightning.directory
; Enable Tor stream isolation by randomizing user credentials for each
; connection. With this mode active, each connection will use a new circuit.
; This means that multiple applications (other than lnd) using Tor won't be mixed
; in with lnd's traffic.
; tor.streamisolation=1
[watchtower]
; Enable integrated watchtower listening on :9911 by default.
; watchtower.active=1
; Specify the interfaces to listen on for watchtower client connections. One
; listen address per line. If no port is specified the default port of 9911 will
; be added implicitly.
; All ipv4 on port 9911:
; watchtower.listen=0.0.0.0:9911
; On all ipv4 interfaces on port 9911 and ipv6 localhost port 9912:
; watchtower.listen=0.0.0.0:9911
; watchtower.listen=[::1]:9912
; Configure the external IP address of your watchtower. Setting this field does
; not have any behavioral changes to the tower or enable any sort of discovery,
; however it will make the full URI (pubkey@host:port) available via
; WatchtowerRPC.GetInfo and `lncli tower info`.
; watchtower.externalip=1.2.3.4
; Configure the default watchtower data directory. The default directory is
; data/watchtower relative to the chosen lnddir. This can be useful if one needs
; to move the database to a separate volume with more storage. In the example
; below, the database will be stored at:
; /path/to/towerdir/bitcoin/<network>/watchtower.db.
; watchtower.towerdir=/path/to/towerdir
; Duration the watchtower server will wait for messages to be received before
; hanging up on client connections.
; watchtower.readtimeout=15s
; Duration the watchtower server will wait for messages to be written before
; hanging up on client connections
; watchtower.writetimeout=15s
[wtclient]
; Configure the private tower to which lnd will connect to backup encrypted
; justice transactions. The format should be pubkey@host:port, where the port is
; optional and assumed to be 9911 otherwise. At most one private tower URI is
; supported at this time; if none are provided then the watchtower client will
; be inactive.
; wtclient.private-tower-uris=
; Specify the fee rate with which justice transactions will be signed. This fee
; rate should be chosen as a maximum fee rate one is willing to pay in order to
; sweep funds if a breach occurs while being offline. The fee rate should be
; specified in sat/byte, the default is 10 sat/byte.
; wtclient.sweep-fee-rate=10