BitGo · saravanan7mani · Jan 28, 2025 · Jan 30, 2025 · Jan 30, 2025
@@ -7,7 +7,7 @@ This ensures your keys never leave your network, and are not seen by BitGo. BitG
 
 # Documentation
 
-Comprehensive documentation on the APIs provided by BitGo Express can be found at our [Platform API Reference](https://app.bitgo.com/docs/#tag/Express).
+Comprehensive documentation on the APIs provided by BitGo Express can be found at our [Developer Portal API Reference]([https://app.bitgo.com/docs/#tag/Express](https://developers.bitgo.com/api/express.wallet.acceleratetx)).
 
 # Running BitGo Express
 

@@ -0,0 +1,6 @@
+FROM lightninglabs/lnd:v0.18.4-beta
+
+COPY init.sh /init.sh
+COPY example.conf /config.conf
+
+ENTRYPOINT "/init.sh"
@@ -0,0 +1,28 @@
+# Remote Signer LND Node Setup for Self Custodial Lightning Wallets
+
+This guide helps you set up a remote signer LND node in Docker to use BitGo self-custodial lightning wallets.
+
+---
+
+## Prerequisites
+
+- Docker installed on your system.
+
+## Docker Environment Variables
+- `BITCOIN_NETWORK` environment variable set to one of: `mainnet`, `testnet`.
+- Optional: Base64-encoded TLS certificate `TLS_CERT` and TLS key `TLS_KEY`, in case if you want to use your own TLS certificate. If they are not provided, LND will create a self-signed certificate and print the certificate in log.
+
+---
+
+## LND configuration through example.conf
+
+- You can configure your signer LND node's domain/IP by editing `tlsextradomain` and `tlsextraip` in `example.conf` file.
+- Do not change other configurations in the `example.conf` file.
+
+## Example Docker Setup
+
+The `tlsextradomain=signernode` entry in the `example.conf` file is used to set the domain name for the signer LND node in the Docker network `lnd-network`. This domain name is used to generate the TLS certificate for the signer LND node.
+
+`docker run --name signernode --network lnd-network -p 8080:8080 --init -e BITCOIN_NETWORK=testnet -e TLS_CERT=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNQRENDQWVLZ0F3SUJBZ0lSQU02TEFoaGxOMGo4ZlhxV2dLTWdENmN3Q2dZSUtvWkl6ajBFQXdJd09ERWYKTUIwR0ExVUVDaE1XYkc1a0lHRjFkRzluWlc1bGNtRjBaV1FnWTJWeWRERVZNQk1HQTFVRUF4TU1aV1UxTVdZeApOREV4TUdVMk1CNFhEVEkwTURneE9ERXlNVE14TWxvWERUSTFNVEF4TXpFeU1UTXhNbG93T0RFZk1CMEdBMVVFCkNoTVdiRzVrSUdGMWRHOW5aVzVsY21GMFpXUWdZMlZ5ZERFVk1CTUdBMVVFQXhNTVpXVTFNV1l4TkRFeE1HVTIKTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFclA0d2NXWFEwUWFFazhsVFNVTXBCa1d3ditFbQpxNTNyOWVSeVJUOTRkZGdVR0tTMFlRK0liZzFseVBRU3hiN0dXYloyWG9GUFdiK1VOM0lFMVlMQ2thT0J6RENCCnlUQU9CZ05WSFE4QkFmOEVCQU1DQXFRd0V3WURWUjBsQkF3d0NnWUlLd1lCQlFVSEF3RXdEd1lEVlIwVEFRSC8KQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVb3JmUkNVQytmaUNjZlE4cEhEUTFWaE1uMXBBd2NnWURWUjBSQkdzdwphWUlNWldVMU1XWXhOREV4TUdVMmdnbHNiMk5oYkdodmMzU0NDbk5wWjI1bGNtNXZaR1dDQ1d4dlkyRnNhRzl6CmRJSUVkVzVwZUlJS2RXNXBlSEJoWTJ0bGRJSUhZblZtWTI5dWJvY0Vmd0FBQVljUUFBQUFBQUFBQUFBQUFBQUEKQUFBQUFZY0VyQlFBQWpBS0JnZ3Foa2pPUFFRREFnTklBREJGQWlFQXJuQ0xRTlgzeDZ1NjhIM2xCOG9wOUFKaApBd2RrUjhXOXNSaUZnZDJKM2tZQ0lHczFOVGM0T0toRzByNzVHUWpXb2x0SkJyOUtjWWVyR1V3aklCaCtvZ1h0Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K -e TLS_KEY=LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUFFamQ0Qng3M3VPYllGSW42VlZpZTJmeG9lbXVYZFBob2FkS2JscHpnaTBvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFclA0d2NXWFEwUWFFazhsVFNVTXBCa1d3ditFbXE1M3I5ZVJ5UlQ5NGRkZ1VHS1MwWVErSQpiZzFseVBRU3hiN0dXYloyWG9GUFdiK1VOM0lFMVlMQ2tRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= signer`
+
+
@@ -0,0 +1,39 @@
+[Application Options]
+
+# Make sure LND Directory is set.
+lnddir=/lnd
+
+# Don't listen on the p2p port.
+nolisten=true
+
+# Don't reach out to the bootstrap nodes, we don't need a synced graph.
+nobootstrap=true
+
+# Just an example, this is the port that needs to be opened in the firewall and
+# reachable from the node "watch-only".
+restlisten=0.0.0.0:8080
+
+# Adds an extra domain to the generate certificate. Setting multiple tlsextradomain= entries is allowed.
+# (old tls files must be deleted if changed).
+# But it has to contain a domain name that is reachable from public internet.
+tlsextradomain=signernode
+tlsextradomain=localhost
+
+# Adds an extra ip to the generated certificate. Setting multiple tlsextraip= entries is allowed.
+# (old tls files must be deleted if changed).
+# Recommended if DNS (tlsextradomain) is not preferred.
+# But it has to contain an IP that is reachable from public internet.
+# tlsextraip=
+
+# The signer node will not look at the chain at all, it only needs to sign
+# things with the keys contained in its wallet. So we don't need to hook it up
+# to any chain backend.
+[bitcoin]
+# We still need to signal that we're using the Bitcoin chain.
+bitcoin.active=true
+
+# And we're making sure network parameters are used.
+bitcoin.networkreplace=true
+
+# But we aren't using a "real" chain backed but a mocked one.
+bitcoin.node=nochainbackend
@@ -0,0 +1,48 @@
+#!/bin/bash -e
+
+echo "== Configuring Remote Signer =="
+
+echo "  --- Ensuring LND Directory Exists ---"
+mkdir -p /lnd
+
+echo "  --- Checking Environment Variables ---"
+if [[ ${BITCOIN_NETWORK} ]];
+then
+    if [[ "$BITCOIN_NETWORK" =~ ^(mainnet|testnet|signet|regtest)$ ]];
+    then
+        echo "  --- Found network: $BITCOIN_NETWORK. Continuing... ---"
+    else
+        echo "  --- Unsupported value for BITCOIN_NETWORK: $BITCOIN_NETWORK! Exiting... ---"
+        exit 1
+    fi
+else
+    echo "  --- Required variable BITCOIN_NETWORK not set! Exiting... ---"
+    exit 1
+fi
+
+echo "  --- Checking TLS Settings ---"
+if [[ ${TLS_CERT} && ${TLS_KEY} ]];
+then
+    echo "  --- Writing TLS Certificate ---"
+    echo $TLS_CERT | base64 -d > /lnd/tls.cert
+    echo "  --- Done writing TLS Certificate ---"
+    echo "  --- Writing TLS Private Key ---"
+    echo $TLS_KEY | base64 -d > /lnd/tls.key
+    echo "  --- Done writing TLS Private Key ---"
+else
+    echo "  --- TLS Variables Not Set. Skipping... ---"
+fi
+
+echo "  --- Writing the configuration file ---"
+cat /config.conf | sed "s/networkreplace/$BITCOIN_NETWORK/g" > /lnd/lnd.conf
+
+echo "== Starting LND =="
+/bin/lnd --configfile=/lnd/lnd.conf > /dev/null &
+
+sleep 2
+
+echo "  --- Found the following TLS Cert: ---"
+cat /lnd/tls.cert
+
+echo "  --- LND Logs: ---"
+tail -f /lnd/logs/bitcoin/${BITCOIN_NETWORK}/lnd.log