[c-lightning] rpc command whitelist

William Casarin jb55 at jb55.com
Sun Dec 30 02:01:24 AEDT 2018

Hello clightningers,

I'm looking to isolate my clightning node from one of my applications.
The reasoning is: I'm currently hosting my app in an untrusted
environment, a digital ocean vps. To avoid potential side channel
attacks I figured it would be better to simply host my node on a machine
I control.

To make this work I had to use socat to forward the lightning socket
over a VPS.

The main issue now is I would like to restrict the application to only a
few commands, such as invoice, waitforinvoices, listinvoices, etc.

What do you think would be the best way to go about this? An idea I had
was to make a proxy server that intercepts and filters the jsonrpc

Does it make sense to implement something like this directly in



More information about the c-lightning mailing list