ThunderHub
Configure

Configuration

Tune ThunderHub's server, interface, privacy, and subscription behavior with environment variables.

ThunderHub reads its configuration from environment variables. Put them in .env.local (committed defaults live in .env) or pass them to the Docker container with -e. This page covers the runtime toggles; for the full list including auth and database, see the env var reference.

If you started from the .env template, copy what you want to change into .env.local so updates won't overwrite your settings.

Server

LOG_LEVEL='info'           # silly | debug | verbose | http | info | warn | error
LOG_JSON=false             # true → emit JSON lines (useful for log aggregators)
NODE_ENV='production'      # affects JWT secret, HTTPS hints, encrypted-macaroon support
PORT=3000                  # HTTP port (dev default is 3001)
HOST='0.0.0.0'             # bind address
USE_HTTPS=false            # set true when fronted by HTTPS — tightens Helmet CSP, marks cookies secure
BASE_PATH=''               # URL prefix when behind a reverse proxy (e.g. '/thub')
TOR_PROXY_SERVER=''        # SOCKS5 proxy for outbound calls, e.g. 'socks://127.0.0.1:9050'

BASE_PATH and USE_HTTPS need to be set before building the client. See Reverse proxy.

Interface defaults

THEME='dark'               # 'dark' | 'light'
CURRENCY='sat'             # 'sat' | 'btc' | fiat code

These are starting defaults — each user can change them from the Settings page once logged in.

Privacy

ThunderHub pulls a few things from external APIs by default. Each can be turned off:

ServiceWhat ThunderHub pullsDisable with
Mempool.space (override with MEMPOOL_URL)On-chain fee estimates, block heightFETCH_FEES=false
blockchain.info tickerBTC fiat exchange ratesFETCH_PRICES=false
GitHub Releases APILatest-version checkNO_VERSION_CHECK=true
LnMarketsLN Markets integrationDISABLE_LNMARKETS=true
External links in UIBlock explorers, node directoriesDISABLE_LINKS=true

Each of these can also be flipped from the in-app settings.

Real-time subscriptions

ThunderHub opens long-lived LND streams to power the dashboard's live data. Each stream can be disabled individually if the node can't keep them open, or all at once:

DISABLE_ALL_SUBS=false
DISABLE_INVOICE_SUB=false
DISABLE_PAYMENT_SUB=false
DISABLE_FORWARD_SUB=false
DISABLE_CHANNEL_SUB=false
DISABLE_BACKUP_SUB=false

DISABLE_ALL_SUBS=true is the lightest option — the UI will still work but updates require a manual refresh.

Amboss integration

The Amboss integration runs a periodic health check and pushes balance updates. Two independent toggles:

DISABLE_HEALTHCHECK_PINGS=false   # stop periodic health pings to Amboss
DISABLE_BALANCE_PUSHES=false      # stop on-chain / channel balance pushes

Rate limiting

ThunderHub puts NestJS Throttler in front of the public auth endpoints. The defaults are conservative:

THROTTLE_TTL=10            # window in seconds
THROTTLE_LIMIT=10          # requests per window

Increase these if your environment proxies many requests through one IP (e.g. a corporate NAT). Decrease them if you're worried about brute-force on the login endpoint.

Mempool source

MEMPOOL_URL='https://mempool.space'

Point this at a self-hosted mempool.space instance if you'd rather not hit the public API. ThunderHub derives the fee and block-height endpoints from this base.

Next steps

LiT SSO

Authenticate via a Lightning Terminal cookie + macaroon — including multi-SSO setups and the dev-only bypass.

Database

Enable SQLite or Postgres persistence, configure AES-256-GCM at-rest encryption, and back up your data.

On this page

ServerInterface defaultsPrivacyReal-time subscriptionsAmboss integrationRate limitingMempool sourceNext steps