Setting the password for thunderhub on Umbrel (Eng)

lcodes

2021/06/18

Categories: Tutorial Tags: lightning,umbrel,thunderhub,password

How to set password for thunderhub at Umbrel

Sadly, it is not possible to set the password of thunderhub with Umbrel by the webinterface. You must use the default password which is: “moneyprintergobrrr” and not secure, as it is well known. Everyone being able to access the ip and port may login with this default password and open, close channels doing transactions and so on. As a result it is important that you are able to change it. I will show you how.

  1. Connect via ssh to your umbrel node. The user is umbrel the password is the one you use to login into the webfrontend.
  2. Linux:

    ssh umbrel@<internal ip/external ip/tor-name>
    

This is how the structure of your umbrel node should look like if you run it on a raspi with the raspi image:

umbrel@umbrel:~ $ ls
umbrel
umbrel@umbrel:~ $ cd umbrel/
umbrel@umbrel:~/umbrel $ ls
LICENSE.md  README.md  SECURITY.md  app-data  apps  bin  bitcoin  db  docker-compose.yml  electrs  events  info.json  karen  lnd  logs  nginx  scripts  statuses  templates  tor
umbrel@umbrel:~/umbrel $ id
uid=1000(umbrel) gid=1000(umbrel) groups=1000(umbrel),4(adm),20(dialout),24(cdrom),27(sudo),29(audio),44(video),46(plugdev),60(games),100(users),105(input),109(netdev),996(docker),997(gpio),998(i2c),999(spi)
  1. Lets go to the thunderhub data and open the configuration file:

    umbrel@umbrel:~/umbrel $ cd app-data/thunderhub/data/
    umbrel@umbrel:~/umbrel/app-data/thunderhub/data $ nano thubConfig.yaml 
    

Nano is a simple texteditor. Of course you can also use vi/m, emacs or sed if you like :). In the first line you will see the masterPassword. Here is an example output:

masterPassword: thunderhub-$2b$12$UUIWQCLKOIQWTF123uNMASDGWPDAPDJ
accounts:
  - name: Umbrel
    serverUrl: '{YML_ENV_1}'
    certificatePath: /lnd/tls.cert
    macaroonPath: /lnd/data/chain/bitcoin/mainnet/admin.macaroon

This(line 1) is a bcrypt hash which starts behind the “thunderhub-”. Bcrypt is a well known and until now secure hashing algorithm designed by Niels Provos at the end of the 1999. For generating a new password you can use an online generator like this one or you use a simple python script i have added to my project repo. Enter your new password, get it hashed and replace the complete string in the file after “thunderhub-” with the new hash. The python tool with thunderhub prefix and parameter name using the tool:

$ python thundercrypt.py -p securepassword
masterPassword: thunderhub-$2b$12$dysPVg6cRkoz0Qkq1EjMTu.iCXKOVSEybza8b8z3kxVlgyhLPpEW2

If the python library bcrypt is missing:

pip install bcrypt

Close the file with CTRL+X, Y and possible Carriage Return/Enter.

As the configuration is only read at the start of thunderhub process/docker container we need to restart it.

  1. Lets check the running containers and find thunderhub.

    umbrel@umbrel:~/umbrel $ docker ps
    

Now we get a quick overview of whats going on.

ad488d7a9ceb   shahanafarooqui/rtl:0.10.1             "/sbin/tini -g -- no…"   3 days ago       Up 3 days       3000/tcp, 0.0.0.0:3001->3001/tcp                                                                ride-the-lightning_web_1
1d8bd7ab81ca   louneskmt/loop:v0.12.1-beta            "/bin/loopd --networ…"   3 days ago       Up 3 days       8081/tcp, 11010/tcp                                                                             ride-the-lightning_loop_1
ef244d3e2483   apotdevin/thunderhub:v0.12.14          "docker-entrypoint.s…"   4 days ago       Up 4 days       0.0.0.0:3000->3000/tcp                                                                          thunderhub_web_1
7902c05d3b86   mempool/frontend:v2.1.2                "/patch/entrypoint.s…"   4 days ago       Up 4 days       80/tcp, 0.0.0.0:3006->3006/tcp                                                                  mempool_web_1
7ace30a30c42   mariadb:10.5.8                         "docker-entrypoint.s…"   4 days ago       Up 4 days       3306/tcp                                                                                        mempool_mariadb_1
a53c3e3b2489   mempool/backend:v2.1.2                 "docker-entrypoint.s…"   4 days ago       Up 4 days       8999/tcp                                                                             

Umbrel sorts all services in their own container, this is best practise.

umbrel@umbrel:~/umbrel $ docker ps|grep thunderhub
ef244d3e2483   apotdevin/thunderhub:v0.12.14 "docker-entrypoint.s…" 4 days ago Up 4 days 0.0.0.0:3000->3000/tcp thunderhub_web_1

We pick the first field (ef244d3e2483) as our id. With another docker command we can easily restart the container.

umbrel@umbrel:~/umbrel $ docker restart ef244d3e2483
ef244d3e2483

Lets check if it is really restartet:

ef244d3e2483   apotdevin/thunderhub:v0.12.14 "docker-entrypoint.s…"   4 days ago Up 34 seconds 0.0.0.0:3000->3000/tcp thunderhub_web_1

If everything worked, you can now access your thunderhub with the new password.

The End

I hope this was useful and there is no need anymore to go with default passwords.

>> Home