Add option to disable the local UI

[gkrizek]

Describe the solution you'd like

I'd like the ability to run litd without having any local UI available, however still have all the APIs available. This would allow me to not have to worry about exposing only a password protected webpage to the internet, but still be able to generate LNC sessions to connect to my Terminal instance from something like Terminal Web.

Describe alternatives you've considered
Some sort of reverse proxy in front of litd that blocks requests to the UI. It'd be a lot of work and a big hack.

Additional context
I started to work on this, but realized that currently you set the uipassword in your litd config file. This password is used for authentication to the grpc-web and REST proxies. So we would need to come up with a solution for that or just enable macaroon based authentication for those APIs when the UI is disabled.

Created based on #444

[Roasbeef]

AFAICT, it's off by default since it's only on local host?

lightning-terminal/config.go

Line 282 in 7497edf

HTTPSListen: defaultHTTPSListen,

[gkrizek]

@Roasbeef but wouldn't that disable the Terminal API as well? We'd want to still use the Terminal API on 8443 but not serve any of the UI

[levmi]

I just want to clarify the ask a little bit on this one so we can prioritize it on our end and figure out how to deliver what y'all need. It sounds like the main priority is actually just not having the password functionality? The removal of UI sounds like a path to get to not having a password. But, correct me if I'm wrong there.

If that's the case, one thing we could explore is replacing the password with something else. Ideally, this could be the super macaroon that Voltage is already baking for their user. Would a path like that work for y'all? It would get rid of the need for a password, but not meet everything outlined here with regard to removing/disabling the UX.

[gkrizek]

Thanks for the reply @levmi, the removal of both the UI and the password would be ideal. Being able to turn off the UI should be pretty trivial.

The password is obviously the harder part. It's problematic because it's different than all other Lightning Labs product authentication and you must know it to start Litd, which is not the case with any other product. I see two possible solutions to replace the password:

• Super Macaroon that can be used to authenticate to the Litd API. This already exists for authentication into LND, Pool, Loop, etc. We would just need to make the Litd API use to too.
• Make the Litd password the same password as the LND main wallet password (set when creating LND wallet). I have no clue how hard it would be to use this or validate that the password is correct, but it would make it act very similar to how LND works today.