72dec5aaa5
The LND UI container was unreachable on .228 after the v1.7.43-alpha
deploy because three sources of truth disagreed on which port nginx
listens on inside the container:
- docker/lnd-ui/nginx.conf listen 8081
- docker/lnd-ui/Dockerfile EXPOSE 8080
- apps/lnd-ui/manifest.yml host networking, ports: []
- scripts/first-boot-containers.sh -p 8081:8080
- scripts/deploy-to-target.sh -p 8081:80 (de-facto)
- scripts/deploy-tailscale.sh -p 8081:80
- scripts/container-specs.sh SPEC_PORTS=8081:80
Result: podman published host 8081 to container port 80, but no one was
listening on 80 inside, so connections were reset. Canonicalize on
container:80 with host:8081 publish, matching the three deploy paths
already in agreement.
Changes:
- docker/lnd-ui/nginx.conf: listen 8081 -> listen 80
- docker/lnd-ui/Dockerfile: EXPOSE 8080 -> EXPOSE 80
- apps/lnd-ui/manifest.yml: replace host-network (never true) with
bridge networking and explicit 8081:80 port mapping, correcting a
documentation-vs-reality mismatch
- scripts/first-boot-containers.sh: -p 8081:8080 -> -p 8081:80, and
fix the internal-port comment
Verified on .228 after rebuild: curl http://127.0.0.1:8081/ returns HTTP
200 and the /app/lnd/ host-nginx proxy resolves cleanly.
Archipelago App Manifests
Containerized applications for the Archipelago Bitcoin Node OS. All apps run in rootless Podman with security hardening (cap-drop ALL, readonly root, non-root user, memory limits).
App Categories
Bitcoin & Lightning
- bitcoin-knots — Full Bitcoin node (v28.1)
- lnd — Lightning Network Daemon (v0.17.4-beta)
- btcpay-server — Payment processor (v1.13.5)
- thunderhub — Lightning management UI (v0.13.31)
- mempool — Block explorer and fee estimator (v2.5.0)
- electrumx — Electrum server
- fedimint — Federated Bitcoin minting (v0.10.0)
Nostr
- nostr-rs-relay — High-performance Rust relay (v0.9.0)
- nostrudel — Nostr web client (v0.40.0)
Web5 & Identity
- web5-dwn — Decentralized Web Node (v0.4.0)
- did-wallet — Web5 DID Wallet
Self-Hosted Services
- nextcloud (v28), jellyfin (v10.8.13), immich (release), photoprism (v240915)
- vaultwarden (v1.30.0-alpine), onlyoffice (v7.5.1), penpot (v2.4)
- homeassistant (v2024.1), filebrowser (v2.27.0), searxng (2024.11.17)
- ollama (v0.5.4), grafana (v10.2.0), portainer (v2.19.4)
Networking
- tailscale (stable), nginx-proxy-manager (v2.12.1)
Custom & External
- indeedhub — Bitcoin documentary streaming (custom build)
- router — Mesh routing and network management
- botfights, nwnn, 484-kitchen, call-the-operator, arch-presentation, syntropy-institute, t-zero — External web apps
Manifest Format
Each app has a manifest.yml defining container image, resources, dependencies, security policies, health checks, and network config. See docs/app-manifest-spec.md for the spec.
Quick Reference
- PORTS.md — Complete port mapping
- QUICKSTART.md — Build and run apps
- DEVELOPMENT.md — Development workflow