Bitcoin Blog

Install Bitcoind on Ubuntu Server – Upgrade your Bitcoin Node

If you prefer video and don’t need my help to install Bitcoind on Ubuntu server, see this video for instructions. Use the below text as a way to help when you run in to something you don’t understand. Otherwise, the video should suffice.

Installing Bitcoind on Ubuntu Server

  • Login to your nodebox through SSH using instructions previously shared here
  • Input [mkdir downloads] to make a directory for downloads
  • Type [ls] to confirm your new directory
  • Visit https://bitcoincore.org/en/download/ to find the link to download bitcoind
  • Right click/copy link on the Linux (tgz) download
  • In terminal, go to your downloads directory with [cd downloads]
  • Input [wget] and paste in the link for the linux (tgz) file
  • Hit enter. This should download bitcoin to your downloads folder
  • When it’s done you can type [ls] into the command line and see the download in the directory
  • Follow the instruction in the bitcoincore.org/en/downloads to verify the bitcoin software you downloaded
  • After verifying the file is good, unzip the file using this command: [tar xzf bitcoin-**.0-x86_64-linux-gnu.tar.gz] YOU WILL NEED TO CHANGE THE VERSION NUMBER TO THE ONE YOU DOWNLOADED.
  • Use the command to install in your root directory: [sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-22.0/bin/*] (YOU WILL NEED TO CHANGE THE VERSION NUMBER TO THE ONE YOU DOWNLOADED.)
  • You will be prompted to enter your password
  • Enter the command [bitcoind -daemon] to run Bitcoin. Your nodebox should be downloading the bitcoin blockchain, you can confirm that by following instructions below.
  • Use the command [cd ~] to go back to your home directory
  • Enter the command [ll] to see that .bitcoin has been added to your home directory
  • Go into the .bitcoin directory using the command [cd .bitcoin]
  • Type [ls] to see a list of files there
  • Open a new terminal window and enter the command [tail -f .bitcoin/debug.log] to see the blocks downloading in real time if you’d like
    • A few bitcoin -cli commands:
      • bitcoin -cli getblockchaininfo
      • bitcoin -cli getconectioncount
  • Now we setup bitcoin.conf
    • If you aren’t in the .bitcoin directory go there. [cd .bitcoin]
    • You will create a file there called bitcoin.conf using the command [nano bitcoin.conf]
    • You should see a text editor open up named bitcoin.conf
    • Paste in the following:
server=1
txindex=1
daemon=1
rpcport=8332
rpcbind=0.0.0.0
rpcallowip=127.0.0.1
rpcallowip=10.0.0.0/8
rpcallowip=172.0.0.0/8
rpcallowip=192.0.0.0/8
zmqpubrawblock=tcp://0.0.0.0:28332
zmqpubrawtx=tcp://0.0.0.0:28333
zmqpubhashblock=tcp://0.0.0.0:28334
whitelist=127.0.0.1
  • In a browser, go to https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py
  • Keep the bitcoin.conf file open and open a new terminal
  • Use the [cd downloads] command to go into your downloads directory
  • Use the command [wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py] to download that file
  • We need to make that file executable. The command for that is [chmod +x rpcauth.py]
  • We need to set a password and username for bitcoind. The command for that is [./rpcauth.py bitcoin bitcoin] (in that line “bitcoin” is designated as the password and “bitcoin” is designated as the username. Change that as you’d like.)
  • Hit enter and you will get a string of characters that starts with rpcauth. Starting from the rpcauth part all the way through the rest of the characters, paste that below the “whitelist” line in the bitcoin.conf file you are editing.
  • Hold down the “control” key and the “x” key at the same time to exit. Hit “y” to save the file when prompted. Hit “enter” to exit.
  • In the terminal window with the .bitcoin directory stop bitcoind with the command [bitcoin-cli stop]
  • Start it up again with the command [bitcoind]
  • Use the command [bitcoin-cli blockchaininfo] to see if the timechain has completely downloaded
  • Next… wait until core downloads all of the blocks. Might take 18 hours or so.

Setup the service file so that Bitcoin starts up automatically

  • Go to https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/init/bitcoind.service
  • Enter command [cd /etc/systemd/system/] to move to that directory
  • Enter command [ sudo wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/init/bitcoind.service] to download the service file template
  • In the /etc/systemd/system directory enter command [sudo nano bitcoind.service]
  • This will let you edit the service file to change the directories to be accurate
  • Change lines:
[Service]
ExecStart=/usr/local/bin/bitcoind -daemon \
                            -pid=/run/bitcoind/bitcoind.pid \
                            -conf=/home/<YOURUSERNAME>/.bitcoin/bitcoin.conf \
                            -datadir=/home/<YOURUSERNAME>/.bitcoin
  • Place a # in front of this line:
ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin
  • Should now read:
# ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin
  • Change the username to read the same username for your node login:
# Run as bitcoin:bitcoin
User=<YOURNODEUSERNAME>
Group=<YOURNODEUSERNAME>
  • In the “Hardening Measures” part we will put a # in front of the line that reads “ProtectHome=true”
# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Deny access to /home, /root and /run/user
# ProtectHome=true
  • Control X to save, type “y” to confirm, and enter to return to terminal
  • Enable bitcoind with command [sudo systemctl enable bitcoind]
  • Start bitcoind with command [sudo systemctl start bitcoind]

Enable TOR

  • Install tor with [sudo apt install tor]
  • Verify install using [sudo systemctl status tor]
  • Edit a file in tor with the command [sudo nano /etc/tor/torrc]
  • Add these lines to the bottom of that file:
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
  • Hit control x, ‘y’ to save, enter to leave that file
  • Make those changes effective by typing [sudo systemctl restart tor]
  • Add your username by typing [sudo usermod -a -G debian-tor <username>]
  • Add tor to bitcoin.conf file with the command [nano sudo .bitcoin/bitcoin.conf]
  • Add the following lines to the bottom of the file.
proxy=127.0.0.1:9050
listen=1
bind=127.0.0.1
onlynet=onion
  • Control x, ‘y’ to save, enter to exit
  • Reboot machine using [sudo reboot]
  • SSH back into your machine
  • Now you need to check to see if bitcoind is connecting to peers with the move to tor vs. clearnet
  • Using a second terminal, Type command [tail -f .bitcoin/debug.log] to see if new blocks are coming in
  • Back in the other terminal window, enter command [bitcoin-cli getconnectioncount]
  • If you are getting a ‘0’ for connection count you may need to manually find a connection
  • Instructions for that are:
    • Scroll down a bit and you will see a list of nodes online. Picking the first one should work just fine. Copy that onion address including the :8333 port in it.
    • Now you are going to add that address to your bitcoin.conf file using this command [sudo nano .bitcoin/bitcoin.conf]
    • Next, add that node to the bottom of the bictoin.conf file with the command [addnode=<url of that node>]
    • Control x, save, enter to finally exit
    • Restart bitcoind with command [sudo systemctl restart bitcoind]
    • Wait a minute or so and check the other terminal window to see if you are connecting to peers.
    • You can also type in a terminal [bitcoin-cli getconnectioncount] to see if you have any new peers.
    • Once you have 4 or five peers, you can go into the bitcoin.conf file and remove the node you added at the bottom. Command [sudo nano .bitcoin/bitcoin.conf] will get you back in. Scroll down and delete the text you added earlier, then control x, y, enter.
    • Restart bitcoind again with command [sudo systemctl restart bitcoind] to ensure that your node can now connect to peers on it’s own
    • After a minute or so use [bitcoin-cli getconnectioncount] to very connection to other nodes over tor
  • To verify your traffic is going over tor you can use the command [bitcoin-cli getnetworkinfo]
  • You should see an onion address at the bottom of the information that prints out in terminal. You should also see ipv4 reachable: false. Same for ipv6. Onion ‘reachable’ should say ‘true’
  • Another useful command is bitcoin-cli gettxoutsetinfo to verify the supply of all satoshis

Install Ubuntu Server – Upgrade your Bitcoin Node

This is a text companion guide to Ketan’s instructions for installing Ubuntu server. Ubuntu server is the OS we will be using to build our bitcoin node stack that I mentioned in my previous post upgrading your bitcoin node.

You may not need text based help. If that’s the case, here is Ketan’s video:

Ubuntu server prep

Installation

  • We are going to work with this node “Headless,” meaning we will not need a monitor or keyboard, but first we need a keyboard and monitor attached to the machine in order to install Ubuntu.
  • Figure out how your machine goes to BIOS (sometimes F2, sometimes F12, etc.) The startup screen will tell you what do in order to login to the BIOS.
  • Boot list options in BIOS – should be “Legacy” (may need to disable “secure boot”)
  • Change the boot order. Should be USB first, then SSD.
  • If needed for your computer, choose Advanced boot options in BIOS
  • Power management – change AC Recovery to “Power on” so that the node restarts when it has power loss. Throughout the install guide will we setup all apps to start up from boot so that if you have an interruption of power to the node it should reboot and start up all apps automatically.
  • Insert the USB stick with Ubuntu server and fire up the machine
  • Select language, keyboard layout, Choose “Ubuntu Server”
  • Write down the IP address that the install process shows you, usually something like 192.168.**.*** You will need this to SSH into the machine.
  • No proxy address needed
  • Use default mirror address
  • Choose your preference for where to install Ubuntu server. Be careful you aren’t erasing information you need with “Use entire disk”
  • No need to set up as LVM group, space bar will de-select
  • Confirm your selections
  • Enter your info here. Might be good to use a unique username and password.
  • Username must be lower case
  • Be sure you select “Install OpenSSH” with your spacebar
  • No need to select any of the featured snaps, move the cursor down to “done”
  • Will take a few minutes to setup
  • Confirm the reboot selection
  • Remove the installation USB stick when prompted and press “enter”
  • Login using the username and your password
  • You shouldn’t need the monitor or keyboard on your nodebox from here on out
  • Open up a command line on the computer you usually work with
    • In windows open a command prompt. Search CMD and hit enter.
    • On Linux/Mac open a terminal
  • From the command line type [SSH username@IPaddress] ex. [ssh satoshi@192.168.**.***]
  • At your first login your terminal may ask you to confirm the new connection, type “yes”
  • Enter the password you selected when prompted

You should be logged in

This video does an excellent job of explaining how to navigate your new Ubuntu server installation.

A Companion to Ketan’s Nodebox Guide – Upgrade your Bitcoin Node

Ketan from Ministry of Nodes has created a guide on youtube to help others setup their own Bitcoin node running BTCPay Server and Lightning on a desktop PC and it was exactly a setup I had been interested in myself. I realize this is very niche subject matter but I did the work of documenting this project and thought that others might benefit from the documentation.

I plan on breaking this up into multiple parts in order to mirror Ketan’s youtube videos. There are places throughout his series where it would be helpful if you have a link or a quick copy and paste in order to be able to keep up with his instructions.

Who this isn’t for; most will do fine running a node with a single board computer, like a Raspberry Pi. If all you are doing is confirming your own transactions, occasionally spending with lightning, coinjoining, etc., then I don’t think you need an upgrade to your bitcoin node setup. The beauty of Bitcoin is that anybody can run their own node in order to verify their Bitcoin is real and not trust anyone else with their financial information, and for most a single board computer should work just fine for that.

If however you are looking to run a Lightning routing node where you expect to have a lot of traffic running through it, or if you are looking to run a public facing instance of BTCPay server, I think you should consider upgrading to a computer that is capable of handling the traffic in a more dependable way. I am differentiating here between a “Lightning Node” and a “Lightning Routing Node” on purpose. If you just plan on opening channels in order to spend, and are not so much concerned for earning routing fees and being a central point of the lightning network, then there is no reason to upgrade your node in my opinion.

I can confirm that, after going through Ketan’s guides a few times, and running this stack on a few different computers, it is very dependable and less buggy then when I have tried to run a public facing BTCPay Server on a raspberry pi. Admittedly, I have not run any of those computers where there is a lot of lightning traffic. I have not had the time with the machines to allow for that yet AND my main use case for this setup is for hosting a public facing BTCPay Server in a self-sovereign way. As always it is important to do your own research.

In Ketan’s guide he starts by recommending a dell optiplex 9020 micro for this project. At the top of this post, the picture of a PC next to a Raspiblitz is of a Dell 3060 micro, which has the same form factor as the 9020 micro. You can see it is a small machine, not much bigger than my Raspiblitz, but the difference in capability and dependability is big. Using these instructions, instead of Ketan’s, you will be able to get the 3060 micro to boot to ubuntu server without a windows installation on the computer. The video describes installing ubuntu, not ubuntu server, but just swap in the ubuntu server .iso instead and follow the rest of those instructions if you want to go with a newer machine than the 9020 micro. Of course you can use pretty much any AMD64 computer as long as it is a capable enough machine.

Here is an affiliate link to Amazon selling a Dell 9020.

Here is an affiliate link to a 1TB Samsung SSD. Keep an eye on your M.2 slot and which variety you need for your application.

A few points to keep in mind:

  • If you are going to get one of the 9020 micros, keep in mind that they are not new machines, so get one that has some sort of warranty. There are plenty of other generations of Dell Micro computers, and also HP and IBM make similar sized computers.
  • If you can get it without an SSD, that is preferable since it is best to put a Samsung M.2 SSD into it.
  • Get one that has a single stick of 8gb RAM, not two sticks of 4gb so that you can upgrade to 16gb of RAM if you want to.
  • Be aware that the Dell 9020 also refers to bigger machines which may not have an M.2 ssd slot, which is a critical part to the dependability of this setup. I like to recommend the micro size PCs because of their really small footprint and how easy they are to maintain.
  • If you don’t care about using a bigger machine for this, then it doesn’t really matter what kind you use. You could scale this up to a much larger, higher performing machine if you intend to use in a more industrial-like way.

Here is a peak at the inside of the micro form factor:

Opendime Review – a Bitcoin Bearer Instrument

Tl;dr, my Opendime review recommendation: Buy a 3 pack of Opendime’s as a way to carry and trade with “physical” Bitcoin.

Disclaimer: Take everything I am about to say in this Opendime review with a giant grain of salt. I am admittedly a fan boy of the Opendime product, and this product is for sure not for everyone. Opendimes have specific use cases that aren’t needed for buying and hodling Bitcoin, which is what most people care about.

What is an Opendime?

The Opendime website calls it a Bitcoin bearer instrument. It is the only way I know of to securely hand another party physical Bitcoin. Yeah I know, no such thing as physical Bitcoin if you want to get technical about it. However there is the ability to write down your private key, or a seed phrase that acts the same, and hand that to somebody effectively giving that person possession / access to the Bitcoin attached to that private key. Opendime does that same thing without revealing the private key to anyone involved in the transaction of the Opendime.

How Does an Opendime Work?

For those that prefer videos:

Opendimes come in packs of three. When you first receive them you can place one inside of a PCs usb-a port. Here it will act similar to a flash drive. There will be some files on it including directions on how to use it.

If you are ready to generate a private key, drag a file into the Opendime folder. Almost any file will work as long as it is not too big. What should happen is the Opendime software will use that file to securely and randomly generate a private key. It will eject itself in software, then restart with new files in it. You will be able to see 1 address that you can deposit too, but you will not be able to see the private key.

If the Opendime does not eject itself in software it will be because the file was not big enough, just drag another file in until it does eject itself.

If the holder of the Opendime decides to extract the funds from the Opendime just push a pin through the hole marked on the back. Insert the Opendime into a PCs usb-a port and you will be able to open the file that contains the now visible private key. Once you have copied the private key you can paste that into a Bitcoin wallet to sweep the funds.

Trust and Opendime

It is important to note here that there are several steps in this process in which you are trusting the company that makes Opendime to not be up to no good when it comes to how the address is generated and whether or not they can see your private key for that address. The Opendime software is all open source, so you can review the software yourself. There is also a way to verify an Opendime’s authenticity by going through a link in the Opendime’s folder, but there is some trust involved if you have not read the open source code.

Again, there is a level of trust here, especially if you are not technically proficient enough to review the Opendime’s source code, so do your own research and be certain you are ready to throw some of your hard earned Satoshi’s on an Opendime beforehand.

What are Opendimes For?

Opendime Review

Here are a few use cases for an Opendime:

  • Paying another person for a product or service in Bitcoin off-chain
  • If you are receiving a payment, an Opendime offers a way to accept Bitcoin funds off-chain and KYC free
  • A simple way of storing funds in hardware
  • You can “onboard” a friend or family member by giving them physical Bitcoin

In my opinion, transacting in any way with an Opendime requires at least some level of trust between you and the other party. If both parties feel comfortable with the Opendime product, and comfortable verifying funds on the Opendime itself prior to transacting then that would fix the trust involved.

Opendimes are great for having something physical to hand to somebody who is still skittish about Bitcoin. When you have something physical that they can touch and hold, it can be more compelling for some people and could get a newcomer to “go down the Bitcoin rabbit hole.” This is my favorite use case.