Skip to main content

Set up LND with Docker

We're making progress!

You should now have two Terminal windows open on your Ubuntu desktop:

  1. The TOR container running, showing logs.
  2. The Bitcoind container running, showing logs.

You'll need to keep both of these running 24/7, so feel free to move and resize the windows so the desktop is organized in a way that you like.

As we go through these directions, you'll have even more Terminal windows open, which might seem messy, but you'll get the benefit of visibility into the all the processes.

By the way -- "real nerds" use multiplexers like tmux and screen so they can run multiple CLI processes in the same Terminal window.

My experience is that multiplexers can add extra complexity. I instead like to keep multiple Terminal windows open on my desktop.

But, if you'd rather use a multiplexer to keep things tidy, by all means, do so. (If you don't want to see logs, you can also launch the docker containers with the -d flag, which will run them in the background.)

Make the lnd.conf file

Review this Docker Compose file: https://github.com/MegalithicBTC/LND-With-Docker/blob/master/lnd/dlnd.yml

in case you are curious

You might have noticed that the LND Docker Compose and the TOR Docker Compose are sharing the volume ../tmp. This is so LND can have access to TOR's cookie. There are other ways to authenticate between LND and TOR, for example this, but I found them to be too complicated, and I fail to see why they are a more secure solution than this shared folder. If you think this "share-the-tmp-folder" strategy is bad, please tell me why. Maybe you are right.

Next, run these commands

cd lnd/PRIVATE
touch lnd.conf

Next, copy the contents of the LND-With-Docker/lnd/COPY-THIS-lnd.conf, into the lnd.conf file you made.

Change the Bitcoind password and node alias

You will see that at the very top of lnd.conf is this section:

alias=megalith-tutorial-change-this
bitcoind.rpcuser=change-me-generate-a-unique-username-for-bitcoin-rpc
bitcoind.rpcpass=change-me-generate-a-unique-password-for-bitcoin-rpc

Now is the time to change these values!

Set the rpcuser and rpcpass values to the same ones you chose during the setup of Bitcoin Core, and you should now be able to find in docker-bitcoind/PRIVATE/bitcoin.conf.

For the alias, choose any name you like. This is the "node name" that other node operators will see. You can change it any time, so no need to agonize over finding the perfect name right now!

Start LND

Before you do this step, you need to be sure that your Bitcoind container has fully downloaded the blockchain. Look at the logs in the Bitcoind terminal window: If you no longer see log lines with a progress= value, you should be good to go.

Go back to the root of our project, the LND-With-Docker folder, and Let's start LND: `

./start-lnd.sh

You should see some logs, and then the last line you should see is this:

lnd-lnd-1 | 2024-03-28 00:26:32.808 [INF] LTND: Waiting for wallet encryption password. Use `lncli create` to create a wallet, `lncli unlock` to unlock an existing wallet, or `lncli changepassword` to change the password of an existing wallet and unlock it.

Since this is a "fresh" LND installation, you don't have a wallet set up.

We're now going to set up the wallet. If you're tired or not in 100% great mental shape, take a break and come back to this later. These steps are very important. If you mess them up, you are at the risk of losing all funds that you deposit onto your node!

Take a break here and come back to this next section when your mind is clear

This next step is critical: You will have only this one chance to record your wallet seed!

Let's meet our script which provides CLI access in the running LND container

So, following the steps above, we got to a point where LND is running, but it wants us to type something into the terminal. It asked us:

Use `lncli create` to create a wallet, `lncli unlock` to unlock an existing wallet, or `lncli changepassword` to change the password of an existing wallet and unlock it.

You should know that the terminal window we have open with LND is "non-interactive" -- this means you can't type anything into it.

This is actually a good thing, because we are going to use a separate window to type commands into LND... this will keep your interaction with LND very tidy and understandable, while allowing the LND application to continue to generate lots of logs.

Here is the (complicated) documentation for the docker exec command. You don't need to understand all of that, because we already have a script that runs the exec command for you.

First, open a new terminal window.

You should now have four (4) open terminal windows on your Ubuntu desktop:

  1. The TOR container running, showing logs.
  2. The Bitcoind container running, showing logs.
  3. The LND container running, showing logs.
  4. A new terminal window

In terminal #4, Make sure you are in the LND-With-Docker parent directory, and run this command:

./exec-lncli.sh

You should then see a NEW command line prompt, probably that looks like this

:/$

Take a moment to understand where you are

This can be one of the most confusing parts of working with Docker, so we're going to address this head-on to be sure you understand.

You are now on a command line that is RUNNING INSIDE the LND container.

This is super-powerful, but also can be confusing.

Try the ls command. You should see a bunch of files and folders listed... and note, these files and folders are in the container's filesystem, not your Ubuntu filesystem!

Then try the exit command. This quits out of the container's command line.

Then try ls again... and you will see you are back in Ubuntu, listing the contents of the LND-With-Docker directory.

Then run ./exec-lncli.sh ... and you are back in the container.

Again: This can be confusing. Take your time to understand that you can switch, basically between two different running computers, one being your Ubuntu "host", and the other being your running lnd container. Take time to try this a few more times and be 100% sure you understand what is going on.

Set up the LND wallet

We're going to now set up the LND wallet, which is a one-time and critical operation. Proceed with these steps extra-carefully!

Make sure you are on a command line INSIDE the running LND container. (You can get there by running ./exec-lncli.sh).

Next, create your wallet with this command:

lncli create

You should this message:

Input wallet password:

This is a very important moment.

You need to choose a password.

I can't tell you how to choose a password, or where to store that password, but you need to know the following things:

  1. This password will be required every time you start LND.
  2. If someone steals your computer, they will only be able to access your funds if they have this password.
  3. If you lose this password, you will permanently lose access to the funds on your node.

For the Megalith Node, we have a ridiculously complicated setup where parts of the password is held by several different people at several different locations (with additional distributed backups), and the password is too long for any one person to remember. This kind of complicated setup is a tradeoff: It means, every time we start LND, we have to coordinate a shared phone call!

You need to make your own decisions on how you will handle the password.

Once you enter the password, you will see:

Confirm password:

Do that, and you'll see this line next:

Do you have an existing cipher seed mnemonic or extended master root key you want to use?
Enter 'y' to use an existing cipher seed mnemonic, 'x' to use an extended master root key
or 'n' to create a new seed (Enter y/x/n):

This is another important juncture. Press n to make a new seed. You'll then see this:

Your cipher seed can optionally be encrypted.
Input your passphrase if you wish to encrypt it (or press enter to proceed without a cipher seed passphrase)

Here is another place you must make a decision. There are no "right" answers. It depends on how much funds you are planning to secure. The advantage of setting a passphrase for your seed will be greater security, but the disadvantage will be that you will have one more password to manage, along with seed itself.

So either enter a password, or press ENTER to skip this. And then you'll see a 24-word seed, plus this line:

!!!YOU MUST WRITE DOWN THIS SEED TO BE ABLE TO RESTORE THE WALLET!!!

You can tell from all the exclamation points that this is important. Treat this 24-word seed like you would treat the seed backup from your hardware wallet. This is what you should know about it:

  1. This is your ONE chance to write down this seed phrase. LND will never show you this phrase again!
  2. Typically it's recommended to write down this seed phrase by hand, on paper, and never copy and paste it from this window into any other program. Double, tripe, and quadruple-check that you have written all the words down in the correct order.
  3. If someone gets this seed, they can close all your channels and try to withdraw funds from your wallet.
  4. If your node blows up, and you need to restore from scratch, you will need this seed.
  5. Don't store this seed online or any place where it could be hacked.

Finally, after you have written down your seed phrase, then look at your window running the LND container. You should see activity like this....


lnd-lnd-1 | 2024-03-28 03:13:54.498 [INF] LNWL: Opened wallet
lnd-lnd-1 | 2024-03-28 03:13:54.637 [INF] CHRE: Primary chain is set to: bitcoin

This shows you that LND has started!