ThunderHub is an **open-source** LND node manager where you can manage and monitor your node on any device or browser. It allows you to take control of the lightning network with a simple and intuitive UX and the most up-to-date tech stack.
ThunderHub is currently integrated into BTCPay for easier deployment. If you already have a BTCPay server and want to add ThunderHub or even want to start a BTCPay server from zero, be sure to check out this [tutorial](https://apotdevin.com/blog/thunderhub-btcpay)
**Raspiblitz**
For Raspiblitz users you can also get ThunderHub running by following this [gist](https://gist.github.com/openoms/8ba963915c786ce01892f2c9fa2707bc)
This repository consists of a **NextJS** server that handles both the backend **Graphql Server** and the frontend **React App**. ThunderHub connects to your Lightning Network node by using the gRPC ports.
You can define some environment variables that ThunderHub can start with. To do this create a `.env.local` (or use the template `.env`) file in the root directory with the following parameters:
**Important - If you want to use the `.env` template file and don't want it to be replaced after an update please duplicate and rename to `.env.local`**
You can DANGEROUSLY remove SSO authentication. This is useful for example if you plan on running ThunderHub **only** on your local network or through TOR.
**DO NOT enable this option if your ThunderHub instance is available on the internet or your funds will probably be lost.**
The configuration for a non authenticated SSO account would look like this:
```bash
# -----------
# SSO Account Configs
# -----------
SSO_SERVER_URL = 'url and port to node'; # i.e. '127.0.0.1:10009'
SSO_CERT_PATH = '/path/to/tls/certificate'; # i.e. '\lnd\alice\tls.cert'
SSO_MACAROON_PATH = '/path/to/macaroon/folder'; # i.e. '\lnd\alice\data\chain\bitcoin\regtest\'
It's possible to set different parts of the accounts based on environment variables.
You can use the following environment variables: `YML_ENV_1`, `YML_ENV_2`, `YML_ENV_3`, `YML_ENV_4` and fill your accounts in the following way:
```yaml
accounts:
- name: '{YML_ENV_1}'
serverUrl: '{YML_ENV_2}'
macaroon: 'macaroonforthisaccount'
certificate: '{YML_ENV_4}'
```
ThunderHub will take care of replacing the fields with the correct environment variables. The `{YML_ENV_[1-4]}` can only be used for fields inside the accounts. So for example using it for the `masterPassword` will not work.
You can also specify the main LND directory and ThunderHub will look for the certificate and the macaroon in the default folders (based on the network).
You can use AES encrypted macaroons and have ThunderHub decrypt them and store them in memory. This allows you to have encrypted macaroons on your server and avoid having them in cleartext.
Macaroons should be AES encrypted. This is an example for Javascript:
```js
const encrypted = CryptoJS.AES.encrypt(
'Hex or Base64 encoded Macaroon',
'Secret Passphrase'
).toString();
```
You can use the `macaroonPath` field and let ThunderHub look for the file or directly use the `macaroon` field and paste your encrypted macaroon.
You must let ThunderHub know that the macaroon is encrypted by adding an `encrypted` field to your account like such:
```yaml
masterPassword: 'password'
accounts:
- name: 'Account 1'
serverUrl: 'url:port'
macaroonPath: '/path/to/encrypted.admin.macaroon'
encrypted: true # This field is necessary
- name: 'Account 2'
serverUrl: 'url:port'
macaroon: 'EnCrYpTeD-MaCaRoOn'
encrypted: true # This field is necessary
```
To login you must use the same secret passphrase that you used to encrypt the macaroon.
On the first start of the server, the `masterPassword` and all account `password` fields will be **hashed** and the file will be overwritten with these new values to avoid having cleartext passwords on the server.
ThunderHub fetches fiat prices from [Blockchain.com](https://blockchain.info/ticker)'s api and bitcoin on chain fees from [Earn.com](https://bitcoinfees.earn.com/api/v1/fees/recommended)'s api.
If you want to deactivate these requests you can set `FETCH_PRICES=false` and `FETCH_FEES=false` in your `.env` file or manually change them inside the settings view of ThunderHub.
ThunderHub shows you links for quick viewing of nodes by public key on [1ml.com](https://1ml.com/) and for viewing onchain transactions on [Blockchain.com](https://www.blockchain.com/).
If you don't want to show these links, you can set `DISABLE_LINKS=true` in your `.env` file.
**Version Check**
ThunderHub gets the latest available version from [Github](https://api.github.com/repos/apotdevin/thunderhub/releases/latest) and shows you a message if you are on an older version.
If you want to disable this option you can set `NO_VERSION_CHECK=true` in your `.env` file.
**You need to add this environment variable BEFORE building the application**
There is a prebuilt [Docker](https://hub.docker.com/repository/docker/apotdevin/thunderhub) image with a preset `BASE_PATH=/thub` in case you need it and prefer not building your own Docker image.
```bash
# Normal docker image
docker pull apotdevin/thunderhub:v0.11.1
# Preset basePath docker image
docker pull apotdevin/thunderhub:base-v0.11.1
```
To build your own docker image with the `basePath` of your choice you can use `docker build --build-arg BASE_PATH='/thub' -t myOwnDockerImage .`
Thunderhub has the ability to automatically provision SSL certificates for itself via [ZeroSSL](https://zerossl.com). In order to use this, you must configure the `SSL Config` section of the [`.env`](.env) file. To options are as follows:
-`PUBLIC_URL` is the publicly reachable URL that Thunderhub would be servered from.
-`SSL_PORT` is the port the Certificate Validation server will run on. This _must_ either be running on port `80` or you must proxy this port to port `80` with something like Nginx.
-`SSL_SAVE` specifies whether you want Thunderhub to save the generate SSL private key and certificate to disk or not.
You must also specify your ZeroSSL API key either in the [`.env`](.env) file or export it as an environment variable:
```
$ export ZEROSSL_API_KEY="a1b2c3d4e5f6g7h8i9"
```
Once you have Thunderhub configured you can start the secure server with:
This will request a certificate from ZeroSSL for the given `PUBLIC_URL` and serve the HTTP challenge via the Certificate Validation server. Once the certificate is verified and issued, Thunderhub downloads the certificate and shuts down the Certificate Validation server. Then it will bring up the Thunerhub web server and use the newly provisioned SSL certificates.
