**bridgeaddr**
bridge server for lightning addresses
This is a server that allows you to receive payments at yourname@yourdomain.com
noncustodially (but not fully trustlessly1).
It will serve the necessary JSON and then use RPC calls to connect to your node and fetch invoices on demand.
You don't have to do anything besides buying a domain and setting up some DNS records. HTTPS will be provided automatically for you.
- LND
- Eclair
- Sparko
- Commando
- LNPay
- LNbits
Considering you own the domain.com
domain, you need to set up these DNS records:
Record | Domain Name | Value |
---|---|---|
CNAME | domain.com | bridgeaddr.fiatjaf.com |
Record | Domain Name | Value |
---|---|---|
TXT | _kind.domain.com | lnd |
TXT | _host.domain.com | http(s)://lnd-ip-or-domain.com:port |
TXT | _macaroon.domain.com | invoice_macaroon_as_base64_or_hex |
It is better to bake a new macaroon with a single authorization to create invoices and nothing else. If you don't know how to do that it's fine to get the built-in "invoices" macaroon.
The host value here must be the address and port to your REST API, not your gRPC API nor your Lightning connection port.
Record | Domain Name | Value |
---|---|---|
TXT | _host.domain.com | http(s)://eclair-domain.com |
Follow instructions here on how to properly expose your Eclair to the external world.
Record | Domain Name | Value |
---|---|---|
TXT | _kind.domain.com | commando |
TXT | _host.domain.com | node.ip.plus.port:9735 |
TXT | _nodeid.domain.com | nodeidlike_02c16cca44562... |
TXT | _rune.domain.com | runeasbase64 |
To use with CLN and Sparko:
Record | Domain Name | Value |
---|---|---|
TXT | _kind.domain.com | sparko |
TXT | _host.domain.com | http(s)://sparko-ip-or-domain.com |
TXT | _key.domain.com | key_with_permission_to_method_invoicewithdescriptionhash |
By default, your Sparko host will be something like http://your.ip:9737.
To use with LNPay:
Record | Domain Name | Value |
---|---|---|
TXT | _pak.domain.com | pak_oooooooo |
TXT | _waki.domain.com | waki_ooooooo |
See keys docs for what "pak" and "waki" mean.
Record | Domain Name | Value |
---|---|---|
TXT | _kind.domain.com | lnbits |
TXT | _host.domain.com | http(s)://lnbits-ip-or-domain.com |
TXT | _key.domain.com | lnbits_invoice_key |
Just setup the records above and it's done. Now you can receive payments at any_name@domain.com
.
DNS records are public. Only put "invoice" keys there, never "payment"/"admin" keys.
If your node is listening on Tor, no problem, you can just use .onion addresses on the _host
entry normally.
Some people have static IPv6 addresses pointing directly to their machines (instead of to their home router). You can use these directly.
If your node doesn't have a public address and it is also not listening on Tor, you can use https://zerotier.com/. It is very easy. Just download it, install it and join the public network a0cbf4b62a1e645f
, then use the IP you'll be assigned and we will be able to connect.
If you want to specify a description for the wallet payment screen:
Record | Domain Name | Value |
---|---|---|
TXT | _description.domain.com | free text |
If you want to specify an image for the wallet payment screen:
Record | Domain Name | Value |
---|---|---|
TXT | _image.domain.com | https://url.to/image |
If you want to receive comments or payment notifications (if you don't know where to send these, I recommend https://t.me/incomingnotificationsbot or https://pipedream.com/):
Record | Domain Name | Value |
---|---|---|
TXT | _webhook.domain.com | https://url.to/receive/webhook |
The webhook will contain a JSON object like {"comment": "...", "pr": "lnbc...", "amount:": 12345}
, amount in millisatoshis. The webhook is dispatched when an invoice is generated, not when it is paid, since we don't know when (or if) it was paid.
If you use a self-signed certificate and want that to be checked:
Record | Domain Name | Value |
---|---|---|
TXT | _cert.domain.com | -----BEGIN CERTIFICATE... |
If you want to reuse the domain root to redirect arbitrary pages to elsewhere (maybe to the www.
subdomain?)(follows the same interface and rules found in redirect.name):
Record | Domain Name | Value |
---|---|---|
TXT | _redirect.domain.com | Redirects to https://somewhere.else |
Footnotes
-
bridgeaddr requires you to trust that the server won't just show their invoice instead of yours when someone tries to send you money. The server can do that and effectively steal the payments you receive until you notice that. It cannot however touch the money you have on your wallet ever. ↩