Bonus Guide: Install ThunderHub

ThunderHub is an open source LND node manager where you can manage and monitor your node on any device or browser. It allows you to take control of the lightning network with a simple and intuitive UX and the most up-to-date tech stack.

Difficulty: Medium

Status: Tested v3


Table of contents

  1. Bonus Guide: Install ThunderHub
    1. Preparations
      1. Check Node.js
      2. Firewall & Reverse Proxy
    2. ThunderHub
      1. Installation
      2. Configuration
    3. First Start
    4. Autostart on boot
    5. Remote access over Tor (optional)
    6. Upgrade
    7. Uninstall
      1. Uninstall service
      2. Uninstall FW configuration
      3. Uninstall Thunderhub
      4. Uninstall Tor hidden service
    8. Extras
      1. Access to your Amboss node account
      2. Enable auto backups and healthcheck notifications to Amboss account
      3. Recovering channels using Thunderhub method


Check Node.js

  • Node.js v16 should have been installed for the BTC RPC Explorer and RTL. We can check our version of Node.js with user “admin”:

    $ node -v
    > v16.14.2
  • If the version is v14.15 or above, you can move to the next section. If Node.js is not installed, follow this guide to install it.

Firewall & Reverse Proxy

  • Configure firewall to allow incoming HTTP requests from your local network to the web server.

    $ sudo ufw allow 4002 comment 'allow ThunderHub SSL'
  • Enable NGINX reverse proxy to route external encrypted HTTPS traffic internally to Thunderhub

    $ sudo nano /etc/nginx/streams-enabled/thunderhub-reverse-proxy.conf
    upstream thunderhub {
    server {
      listen 4002 ssl;
      proxy_pass thunderhub;
  • Test and reload NGINX configuration

    $ sudo nginx -t
    $ sudo systemctl reload nginx



We do not want to run Thunderhub code alongside bitcoind and lnd because of security reasons. For that we will create a separate user and we will be running the code as the new user. We are going to install Thunderhub in the home directory since it doesn’t need too much space.

  • Create a new “thunderhub” user. The new user needs read-only access to the tls.cert and our admin.macaroon, so we add him to the “lnd” group. Open a new session.

    $ sudo adduser --disabled-password --gecos "" thunderhub
    $ sudo adduser thunderhub lnd
    $ sudo cp /data/lnd/data/chain/bitcoin/mainnet/admin.macaroon /home/thunderhub/admin.macaroon
    $ sudo chown thunderhub:thunderhub /home/thunderhub/admin.macaroon
    $ sudo su - thunderhub
  • Download the source code directly from GitHub and install all dependencies using NPM.

    $ git clone
    $ cd thunderhub
    $ npm install
    $ npm run build


  • Still with user “thunderhub”, create a symbolic link pointing to your lnd data directory. Check if the link is working. If nothing is displayed in red you are good to go.

    $ ln -s /data/lnd /home/thunderhub/.lnd
    $ ls -la
  • Copy and open the configuration file

    $ cd ~/thunderhub
    $ cp .env .env.local
    $ nano .env.local
  • Edit the following lines, save and exit:

    # -----------
    # Server Configs
    # -----------
    # -----------
    # Account Configs
    # -----------
  • If not already done, change your directory and edit your thubConfig.yaml. Change your accountpassword.

    $ cd ~/thunderhub
    $ nano thubConfig.yaml 
    masterPassword: 'PASSWORD' # Default password unless defined in account
      - name: 'RaspiBolt'
        serverUrl: ''
        macaroonPath: '/home/thunderhub/admin.macaroon'
        certificatePath: '/home/thunderhub/.lnd/tls.cert'
        password: 'accountpassword'

First Start

Test starting Thunderhub manually first to make sure it works.

  • Let’s do a first start to make sure it’s running as expected. Make sure we are in the Thunderhub directory and start the web server.

    $ cd ~/thunderhub
    $ npm run start:prod
  • Now point your browser to https://raspibolt.local:4002 (or whatever you chose as hostname) or the ip address (e.g. You should see the home page of ThunderHub.

  • Stop ThunderHub in the terminal with Ctrl-C and exit the “thunderhub” user session.

    $ exit

Autostart on boot

Now we’ll make sure ThunderHub starts as a service on the Raspberry Pi so it’s always running. In order to do that we create a systemd unit that starts the service on boot directly after LND.

  • As user “admin”, create the service file.

    $ sudo nano /etc/systemd/system/thunderhub.service
  • Paste the following configuration. Save and exit.

    # RaspiBolt: systemd unit for Thunderhub
    # /etc/systemd/system/thunderhub.service
    Wants=lnd.service lnd.service
    ExecStart=/usr/bin/npm run start:prod
  • Enable the service, start it and check log logging output.

    $ sudo systemctl enable thunderhub.service
    $ sudo systemctl start thunderhub.service
    $ sudo journalctl -f -u thunderhub
  • You can now access ThunderHub from within your local network by browsing to https://raspibolt.local:4002 (or your equivalent ip address).

Remote access over Tor (optional)

Do you want to access ThunderHub remotely? You can easily do so by adding a Tor hidden service on the RaspiBolt and accessing ThunderHub with the Tor browser from any device.

  • Add the following three lines in the section for “location-hidden services” in the torrc file. Save and exit.

    $ sudo nano /etc/tor/torrc
    ############### This section is just for location-hidden services ###
    # Hidden Service Thunderhub
    HiddenServiceDir /var/lib/tor/hidden_service_thunderhub/
    HiddenServiceVersion 3
    HiddenServicePort 80
  • Restart Tor and get your connection address.

    $ sudo systemctl reload tor
    $ sudo cat /var/lib/tor/hidden_service_thunderhub/hostname
  • With the Tor browser, you can access this onion address from any device. Please be aware that this access is not password protected and should not be shared widely.

Congratulations! You now have Thunderhub up and running.


Updating to a new release should be straight-forward.

  • From user “admin”, stop the service and open a “thunderhub” user session.

    $ sudo systemctl stop thunderhub
    $ sudo su - thunderhub
  • Run the update command provided within the package:

    $ cd ~/thunderhub
    $ npm run update
    $ exit
  • Start the service again.

    $ sudo systemctl start thunderhub


Uninstall service

  • Stop, disable and delete the Thunderhub systemd service

    $ sudo systemctl stop thunderhub
    $ sudo systemctl disable thunderhub
    $ sudo rm /etc/systemd/system/thunderhub.service

Uninstall FW configuration

  • Display the UFW firewall rules and notes the numbers of the rules for Thunderhub (e.g., X and Y below)

    $ sudo ufw status numbered
    > [...]
    > [X] 4002                   ALLOW IN    Anywhere                   # allow Thunderhub SSL
    > [...]
    > [Y] 4002 (v6)              ALLOW IN    Anywhere (v6)              # allow Thunderhub SSL
  • Delete the two Thunderhub rules (check that the rule to be deleted is the correct one and type “y” and “Enter” when prompted)

    $ sudo ufw delete Y
    $ sudo ufw delete X  

Uninstall Thunderhub

  • Delete the “thunderhub” user. It might take a long time as the Thunderhub user directory is big. Do not worry about the userdel: thunderhub mail spool (/var/mail/thunderhub) not found.

    $ sudo su -
    $ userdel -r thunderhub
    > userdel: thunderhub mail spool (/var/mail/thunderhub) not found

Uninstall Tor hidden service

  • Comment or remove fulcrum hidden service in torrc. Save and exit

    $ sudo nano /etc/tor/torrc
    ############### This section is just for location-hidden services ###
    # Hidden Service Thunderhub
    #HiddenServiceDir /var/lib/tor/hidden_service_thunderhub/
    #HiddenServiceVersion 3
    #HiddenServicePort 80
  • Reload torrc config

    $ sudo systemctl reload tor


Access to your Amboss node account

  • In the “Home” screen - “Quick Actions” section, click on Amboss icon “Login”, wait to the top right corner notification to show you “Logged in” and click again on the Amboss icon “Go to”. This will open a secondary tab in your browser to access your Amboss account node.

Advice: If you can’t do “Login”, maybe the cause is because you don’t have a channel opened yet. Planning to open a small size channel to be connected with the Lightning Network and to the Amboss node.

  • Making sure we are connected to the Amboss account, now back to Thunderhub for the next steps.

Enable auto backups and healthcheck notifications to Amboss account

  1. Open the “Settings” by pressing the cogwheel in the top right corner of the Thunderhub
  2. Switch to “Yes” -> Amboss: “Auto backups” and “Healthcheck Pings”
  3. Test pushing a backup to Amboss by entering in the “Tools” section, to the left main menu
  4. Press to “Push” button to test the correct working
  5. Go back to Amboss website and access “Account” in the main menu
  6. Access to “Backup” and ensure that the last date of the backup is the same as before done. It is recommended to download the backup file and store it in a safe place for future recovers. The backup file will be updated automatically in Amboss for every channel opening and closing. You could do this too in the “Tools” section in Thunderhub, “Backups” -> “Backup all channels” -> “Download” button.
  7. In Amboss, access “Monitoring” to configure “Healthcheck Settings”.

💡 Feel free to link to Telegram bot notifications, enable different notifications, complete your public node profile in Amboss, and other things in the different sections of your account.

Recovering channels using Thunderhub method

After possible data corruption of your LND node, ensure that this old node is completely off. Once you have synced the new node, on-chain recovered with seeds, full on-chain re-scan complete and Thunderhub installed, access to the Thunderhub dashboard

  1. Access to the “Tools” section, “Backups” -> “Recover Funds from channels” -> “Recover” button
  2. Enter the complete string text of your previously downloaded channels backup file in the step before and push the “Recover” button. All of the channels that you had opened in your old node will be forced closed and they will appear in the “Pending” tab in the “Channels” section until closings are confirmed

⚠️ Use this guide as a last resort if you have lost access to your node or are unable to start LND due to a fatal error. This guide will close all your channels. Your funds will become available on-chain at varying speeds.

«Back: + Lightning