pull down to refresh

running full node on linux server in homelab
5824 sats \ 10 comments \ @trieska 11 Sep 2024 bitcoin

_intro_intro

I am using archlinux on my home server as main OS. I am running several services on it. Once I decided to run bitcoin full node. First motivation was help to network and why not. During deployment I learn a lot so I am happy that I have done it and also I did get more privacy. At begining I did used only clearnet and also forwarded port on router so other nodes could connect to mine. Then I did start using a tor and I ended with configuration that my node is using tor network to connect to other nodes {they can be hidden with onion address or clear net nodes} and accepting connection only from tor.

yes, there are many tutorials how to run full node but I decided to write my journey. Maybe it will be helpful to someone ;-) and of course I am open for improvements or correction if I done something not in good way.

_tor_tor

install
sudo pacman -S tor nyx

/etc/tor/torrc

User tor
Log notice syslog
DataDirectory /var/lib/tor
ControlPort 9051
CookieAuthentication 1
CookieAuthFile /var/lib/tor/control_auth_cookie
CookieAuthFileGroupReadable 1
DataDirectoryGroupReadable 1

enable, so it will start after reboot
sudo systemctl enable tor.service

monitoring
I did add my user {I am not using root account} to tor group so I can run nyx program to see what is going on.

_bitcoind_bitcoind

install
sudo pacman -S bitcoin-daemon bitcoin-tx

init

  • I have two hdd in server, second one has 1TB and is used only for NODE data, there is only one partition and it is mounted to /mnt/node_1
  • creating directory /mnt/node_1/blockchain
  • changing owner and permisions of that directory so only 'bitcoin' user can access it. Also group owner is bitcoin.
  • insert new line into fstab so disk will be mounted after reboot
  • I did add user bitcoin to group tor
  • editing systemd unit and removing datadir argument
    sudo systemctl edit bitcoind.service
[Service]
ExecStart=
ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \
                            -conf=/etc/bitcoin/bitcoin.conf \
                             -startupnotify='systemd-notify --ready' \
                             -shutdownnotify='systemd-notify --stopping'
  • I did change home directory of bitcoin user in /etc/passwd poiting to same directory as data is stored

/etc/bitcoin/bitcoin.conf

datadir=/mnt/node_1/blockchain

blockfilterindex=1
peerblockfilters=1

maxmempool=280
maxorphantx=40
mempoolexpiry=240

txindex=1

bind=127.0.0.1 ## if you want to accept inbound connection from another nodes over clear net then you need to set here your local IP of server if server is behind NAT otherwise public IP of server.
dnsseed=0  
dns=0 ## means that peers are not searching over dns, at begining this is good to have, but when node is running it store peers localy so you can disable this  
listenonion=1
maxconnections=25
maxuploadtarget=512M
onlynet=onion ## means that OutBound connection going to hidden services
onlynet=ipv4  ## meand that OutBound connection going to public clearnet nodes    
proxy=127.0.0.1:9050 ## all outbound connection going to tor proxy, this apply for all network types  

v2transport=1

printtoconsole=0 ## logs are writen to `/mnt/node_1/blockchain/debug` file only

rpcauth=EXPLOR:XYX_XYZ  
rpcauth=FULC:YZX_YZX  ## see below how to create those users

creating access over RPC
you need this python program
python rpcauth.py foo_user will generate hash and password for user foo_user, you will insert hash into bitcoin config like this rpcauth=foo_user:HASH_PASS and password will be used in application which will connect to bitcoind

_fulcrum_fulcrum

electrs alternative which works better for me.

install
sudo pacman -S fulcrum

init

  • creating directory /mnt/node_1/fulcrum
  • changing owner and permisions of that directory
  • editing systemd unit so fulcrum will start after bitcoind and removing datadir argument
    sudo systemctl edit fulcrum.service
[Unit]
Requires=bitcoind.service
After=bitcoind.service
[Service]
ExecStart=
ExecStart=/usr/bin/fulcrum -S /etc/fulcrum.conf

/etc/fulcrum.conf

datadir = /mnt/node_1/fulcrum
bitcoind = 127.0.0.1:8332
rpcuser = FULC
rpcpassword = YZX_YZX ## created by that python program
tcp = 127.0.0.1:50001  ## not encrypted port is open only on localhost
ssl = LOCAL_IP_OF_SERVER:50002
cert = /docker_vols/swag/etc/letsencrypt/live/MY_DOMAIN/fullchain.pem
key = /docker_vols/swag/etc/letsencrypt/live/MY_DOMAIN/privkey.pem
admin = 127.0.0.1:58008  ## there is a fulcrum-admin program whih used this
peering = false
announce = false  ## not participating in network
bitcoind_clients = 4
bitcoind_timeout = 45.0
worker_threads = 2

enable, so it will start after reboot
sudo systemctl enable fulcrum.service

NOTES
I am running also nginx as reverse proxy with Letsencrypt for my domain so I am using that certificate also for fulcrum that is a reason why I am opening only port 50002. For begining you can open also 50001 and access it only in local network. I am forwarding port 50002 on router from wan to server so my wallets can connect to node when I am not at home.

_btc-rpc-explorer_btc-rpc-explorer

this was bit tricky and I did spend few hours to find way which works. These are 3 simplify steps.

  • pull source code from github
  • build docker image
  • start container

container is running on host network because it is easy to connect over rpc to bitcoind and to fulcrum. maybe it could be done over 'host.docker.internal' so container could run in separate net.
here is docker-compose.yml

services:
  btc-rpc-explorer:
    image: btc-rpc-explorer:3.4.0-524
    container_name: btc-rpc-explorer
    user: 1000:984
    environment:
      - BTCEXP_BASEURL=/explorer/
      - BTCEXP_HOST=0.0.0.0
      - BTCEXP_BITCOIND_USER=EXPLOR
      - BTCEXP_BITCOIND_PASS=XYX_XYZ
      - BTCEXP_BITCOIND_RPC_TIMEOUT=30000
      - BTCEXP_ADDRESS_API=electrum
      - BTCEXP_ELECTRUM_SERVERS=tcp://127.0.0.1:50001
      - BTCEXP_SLOW_DEVICE_MODE=true
      - BTCEXP_BASIC_AUTH_PASSWORD=PaSS
      - BTCEXP_NO_RATES=false
      - BTCEXP_PRIVACY_MODE=false
      - BTCEXP_DISPLAY_CURRENCY=btc
      - BTCEXP_LOCAL_CURRENCY=eur
      - BTCEXP_UI_TIMEZONE=local
      - TZ=Europe/Brusel
    restart: unless-stopped
    network_mode: host

NOTES
I am accessing explorer over url subdomain.MY_DOMAIN.com/explorer what is done over nginx reverse proxy {SWAG}

_hidden services_hidden services

I want to access fulcrum and explorer also over TOR net so I did create two hidden services. That is done by adding following lines into config.

HiddenServiceDir /var/lib/tor/btc_rpc_explorer/
HiddenServicePort 80 127.0.0.1:3002

HiddenServiceDir /var/lib/tor/fulcrum/
HiddenServicePort 50001 127.0.0.1:50001

After tor is restarted it will create file hostname in HiddenServiceDir which contain onion address for each service.

_Final NOTES_Final NOTES

I did start only bitcoind and wait until it was synced. Then I did start fulcrum and wait again until it was synced. And finally I did start btc-explorer.

connection string for wallet needs to end with :t or :s depends what connection you use.

  • In case of clearnet, I am using subdomain.MY_DOMAIN.com:50002:s
  • In case of tor, I am using asfalsfjaifjaosfj.onion:50001:t

I am backing up time to time. That means that I stop all programs and rsync blockchain and fulcrum directory to external hdd. I think it is good to have some already verified state so if something happen I will not have to wait for long first sync.

write
preview
related posts
131 sats \ 3 replies \ @nullcount 11 Sep 2024

Nice work! And thanks for seeding blocks to IP and Tor peers (maybe you can add I2P next!)

Many node runners think they are helping the network, but they're just running a tor-only node that is not configured to accept connections or seed blocks, so really, their node is a net-drain on network resources.

reply
20 sats \ 2 replies \ @trieska OP 11 Sep 2024

I need to study I2P a bit ;-) I like to understand what is running on my server ...

week or two the node was accepting inbound connection from clearnet and from tor but nodes from clearnet were much faster making a connection and taking all slots. I did try to balance that by increasing maxconnections but without success. With presented config the node has connection with cca 3 nodes from clearnet and others from onion.

reply
21 sats \ 1 reply \ @nullcount 11 Sep 2024
reply
1010 sats \ 0 replies \ @trieska OP 23 Sep 2024

I done it and write some notes

reply
21 sats \ 1 reply \ @siggy47 11 Sep 2024

Wow! This is fantastic. I am going to try the exact same thing in a month or two, so you can be sure I will bookmark this post.

reply
0 sats \ 0 replies \ @Recongraves 11 Sep 2024

Same. 🤯💯

reply
0 sats \ 0 replies \ @Butterfinger 16 Mar

It would be great to have some guide like raspibolt/minibolt but with arch instead of debian or ubuntu.

reply
0 sats \ 1 reply \ @DarthCoin 11 Sep 2024

Nice! Why also do not activate neutrino for that bitcoind node? That way you could help other anonymous users around you. https://docs.lightning.engineering/lightning-network-tools/lnd/enable-neutrino-mode-in-bitcoin-core

reply
0 sats \ 0 replies \ @trieska OP 11 Sep 2024

I have setup both blockfilterindex and peerblockfilters to 1 so it should be activated OR do I miss something?

explorer showing this

reply
0 sats \ 0 replies \ @kepford 11 Sep 2024

Been a while since I did this and it wasn't on Arch :). Good write up. Thank you!

reply