Calling lncli from remote via Umbrel's onion address:

[hieblmi]

Hi Umbrel team,

I am working on an improvement to allow lncli to specify a tor-proxy over which the RPCs can be placed.

I tried testing my change like this(a tor proxy runs on localhost:9050):
lncli --rpcserver umbrel.onion:10009 --socksproxy localhost:9050 --tlscertpath ./tls.cert --macaroonpath ./a.macaroon getinfo

...which results in
[lncli] rpc error: code = Unavailable desc, connection refused

...and I can see the following in the logs of my tor proxy:
Edge got end (closed normally) before we're connected. Marking for close.

...which apparently means that the remote end is refusing to accept connections on the port I am specifying.(10009 which lnd's rpc server runs on.)

The obvious question here is - how can enable Umbrel to accept requests on 10009 and also whether that's a secure thing to do?

All comments appreciated.

EDIT: Just found issue getumbrel/umbrel-lightning#30 which suggests adding the onion address as extra tls domain to lnd.conf and then regenerated the tls.cert.
From my example above:
tlsextradomain=umbrel.onion

Does that sound like a viable solution?

[hieblmi]

I've found a workable solution.

Umbrel exposes the lnd-grpc interface as isolated hidden service. The onion hostname can be found here:
/home/umbrel/umbrel/tor/data/lnd-grpc/hostname

This onion host can be added as:
tlsextradomain=....lnd-grpc.onion