From 33a929fa45c8ae31b9bcae2ed94db884ab8a17b0 Mon Sep 17 00:00:00 2001 From: Oliver Gugger Date: Mon, 16 Nov 2020 21:07:59 +0100 Subject: [PATCH 1/4] mod: update pool to v0.3.3-alpha --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 000d6d37b..c78779616 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/lightninglabs/faraday v0.2.2-alpha github.com/lightninglabs/lndclient v0.11.0-3 github.com/lightninglabs/loop v0.11.1-beta - github.com/lightninglabs/pool v0.3.2-alpha + github.com/lightninglabs/pool v0.3.3-alpha github.com/lightningnetwork/lnd v0.11.1-beta github.com/lightningnetwork/lnd/cert v1.0.3 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f diff --git a/go.sum b/go.sum index 4401d311b..9b091f38e 100644 --- a/go.sum +++ b/go.sum @@ -235,8 +235,8 @@ github.com/lightninglabs/loop v0.11.1-beta/go.mod h1:xZfGG0AbxwAoarGGLeEl8TEzGm/ github.com/lightninglabs/neutrino v0.11.0/go.mod h1:CuhF0iuzg9Sp2HO6ZgXgayviFTn1QHdSTJlMncK80wg= github.com/lightninglabs/neutrino v0.11.1-0.20200316235139-bffc52e8f200 h1:j4iZ1XlUAPQmW6oSzMcJGILYsRHNs+4O3Gk+2Ms5Dww= github.com/lightninglabs/neutrino v0.11.1-0.20200316235139-bffc52e8f200/go.mod h1:MlZmoKa7CJP3eR1s5yB7Rm5aSyadpKkxqAwLQmog7N0= -github.com/lightninglabs/pool v0.3.2-alpha h1:5wIXMBAPqxf7vQSRG/PUfrg47kfRssRGsBW+586Uk1k= -github.com/lightninglabs/pool v0.3.2-alpha/go.mod h1:a955Z6GMXMUZWWbm0ytzVWKxU2uighi1h8PZrjFwmhI= +github.com/lightninglabs/pool v0.3.3-alpha h1:WqCw+9jU6atIxlzau6r08xmiJB9CcWrwdpIgU+1/Zh8= +github.com/lightninglabs/pool v0.3.3-alpha/go.mod h1:a955Z6GMXMUZWWbm0ytzVWKxU2uighi1h8PZrjFwmhI= github.com/lightninglabs/protobuf-hex-display v1.3.3-0.20191212020323-b444784ce75d h1:QWD/5MPnaZfUVP7P8wLa4M8Td2DI7XXHXt2vhVtUgGI= github.com/lightninglabs/protobuf-hex-display v1.3.3-0.20191212020323-b444784ce75d/go.mod h1:KDb67YMzoh4eudnzClmvs2FbiLG9vxISmLApUkCa4uI= github.com/lightningnetwork/lightning-onion v1.0.2-0.20200501022730-3c8c8d0b89ea h1:oCj48NQ8u7Vz+MmzHqt0db6mxcFZo3Ho7M5gCJauY/k= From 815d533db717e0d7579c15781f0f14fd7dbe8442 Mon Sep 17 00:00:00 2001 From: Oliver Gugger Date: Mon, 16 Nov 2020 21:08:10 +0100 Subject: [PATCH 2/4] doc: mention lnd-mode when upgrading from old version Users updating from a pre-0.3.0 version need to add the lnd-mode flag and set it to "integrated" if they want to continue running LiT the same way as they did before. This was forgotten to be mentioned in the upgrade doc. --- doc/config-lnd-integrated.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/config-lnd-integrated.md b/doc/config-lnd-integrated.md index d3b2fa3c8..e73fd7001 100644 --- a/doc/config-lnd-integrated.md +++ b/doc/config-lnd-integrated.md @@ -149,6 +149,10 @@ For `lnd`: After: ```text + # New flag to tell LiT to run its own lnd in integrated mode. We need to set + # this because "remote" is the new default value if we don't specify anything. + lnd-mode=integrated + # Application Options lnd.alias=merchant From 6c2b18e2481c69bd94e021dcaccbe6a16bbe583d Mon Sep 17 00:00:00 2001 From: Oliver Gugger Date: Mon, 16 Nov 2020 21:09:25 +0100 Subject: [PATCH 3/4] terminal: disable HTTP timeouts except header read To make sure that long-running calls and indefinitely opened streaming connections aren't terminated by the internal proxy, we need to disable all timeouts except the one for reading the HTTP headers. That timeout shouldn't be removed as we would otherwise be prone to the slowloris attack where an attacker takes too long to send the headers and uses up connections that way. Once the headers are read, we either know it's a static resource and can deliver that very cheaply or check the authentication for other calls. Fixes #140 and #144. --- terminal.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/terminal.go b/terminal.go index 094e6af3b..7188ab9eb 100644 --- a/terminal.go +++ b/terminal.go @@ -555,9 +555,20 @@ func (g *LightningTerminal) startMainWebServer() error { // Create and start our HTTPS server now that will handle both gRPC web // and static file requests. g.httpServer = &http.Server{ - WriteTimeout: defaultServerTimeout, - ReadTimeout: defaultServerTimeout, - Handler: http.HandlerFunc(httpHandler), + // To make sure that long-running calls and indefinitely opened + // streaming connections aren't terminated by the internal + // proxy, we need to disable all timeouts except the one for + // reading the HTTP headers. That timeout shouldn't be removed + // as we would otherwise be prone to the slowloris attack where + // an attacker takes too long to send the headers and uses up + // connections that way. Once the headers are read, we either + // know it's a static resource and can deliver that very cheaply + // or check the authentication for other calls. + WriteTimeout: 0, + IdleTimeout: 0, + ReadTimeout: 0, + ReadHeaderTimeout: defaultServerTimeout, + Handler: http.HandlerFunc(httpHandler), } httpListener, err := net.Listen("tcp", g.cfg.HTTPSListen) if err != nil { From 5c6b893488f9cdefc32216308bfdf47be5263352 Mon Sep 17 00:00:00 2001 From: Oliver Gugger Date: Mon, 16 Nov 2020 21:22:52 +0100 Subject: [PATCH 4/4] README: bump versions --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 0b5904012..ef5ce5cc8 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,7 @@ Lightning Terminal is backwards compatible with `lnd` back to version v0.11.1-be | LiT | LND | | ---------------- | ------------ | +| **v0.3.1-alpha** | v0.11.1-beta | | **v0.3.0-alpha** | v0.11.1-beta | | **v0.2.0-alpha** | v0.11.0-beta | @@ -73,6 +74,7 @@ Lightning Terminal is backwards compatible with `lnd` back to version v0.11.1-be | LiT | LND | Loop | Faraday | Pool | | ---------------- | ------------ | ----------- | ------------ |---------------| +| **v0.3.1-alpha** | v0.11.1-beta | v0.11.1-beta | v0.2.2-alpha | v0.3.3-alpha | | **v0.3.0-alpha** | v0.11.1-beta | v0.11.0-beta | v0.2.2-alpha | v0.3.2-alpha | | **v0.2.0-alpha** | v0.11.1-beta | v0.10.0-beta | v0.2.1-alpha | n/a | | **v0.1.1-alpha** | v0.11.0-beta | v0.8.1-beta | v0.2.0-alpha | n/a |