Install Fulcrum server on Ubuntu Server – Upgrade your Bitcoin Node

If you prefer video and don’t need my help to install Fulcrum Server on Ubuntu server, see this video for instructions. Use the below text as a way to help when you run in to something you don’t understand.

  • Go to https://github.com/cculianu/Fulcrum/releases
  • Find the right download for you (likely the /Fulcrum-*.*.*-x86_64-linux.tar.gz version)
  • Right click and copy that link
  • Go to your downloads folder in terminal with the [cd downloads] command
  • Now download that file using the command [wget <link to file>]
  • You should see the file get downloaded in the terminal window
  • In your home directory make a new folder. You can go to your home folder with the command [cd ~]
  • Then type [mkdir fulcrum] to create that directory in your home directory
  • Make another directory [mkdir fulcrum_db] also in your home directory
  • You can type [ls] to confirm those directories are there
  • Back to downloads directory [cd downloads]
  • Unzip the fulcrum download using [tar xvf <fulcrum filename>] (you can copy the filename by typing [ls] in the downloads directory and copying the file name there.
  • The terminal should show you new filepaths written
  • Copy the file path
  • Now move all of those files to the fulcrum files you already created with the command [mv Fulcrum-1.7.0-x86_64-linux/* /home/<your username>/fulcrum ] (replace with your version number. Replace <your username> with your username)
  • Verify the move by [cd ~] to your home directory, then [cd fulcrum] to go to the fulcrum directory. Use command [ls] to check that the files are there
  • Use this command to allow fulcrum to query the network in an encrypted way [openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem]
  • You will be asked to answer some questions. No need to answer, leave blank hitting ‘enter’ for each.
  • Type [ls] command to verify the key.pem file and the cert.pem are created
  • Change the filename of the fulcrum-example-config.conf file to just fulcrum.conf with the command [mv fulcrum-example-config.conf fulcrum.conf]
  • Edit that file with [sudo nano fulcrum.conf]
  • Under basic options change datadir path to: /home/<username>/fulcrum_db
  • Make rpcuser = <your bitcoin username> (you set this when you installed bitcoind)
  • Make rpcpassword = <your bitcoin password> (you set this when you installed bitcoind)
  • On the line that reads “#ssl = 0.0.0.0:50002” remove the #
  •  Go to the line that reads “#cert = /path/to/server-cert.pem” remove the # and change the path to /home/<yourusername>/fulcrum/cert.pem
  • Go the the line that has the key.pem file, remove the # and change the path to “key = /home/<YOURUSERNAME>/fulcrum/key.pem”
  • Find line that reads #peering = true and remove the hashtag. Change true to false.
  • Find  line that reads #fast-sync = 0 and remove the #. Change zero to 5000. This means you are letting fulcrum use 5 gigs of ram capacity to sync up. Adjust accordingly based on your scenario.
  • Control x, y, enter to save the file and exit
  • Create a service file in order for fulcrum to start up on boot. Do that by going to your home directory with [cd ~] and command [sudo nano /etc/systemd/system/fulcrum.service]
  • Paste this into the fulcrum.service file:
[Unit]
Description=Fulcrum
After=network.target

[Service]
ExecStart=/home/<username>/fulcrum/Fulcrum /home/<yourusername>/fulcrum/fulcrum.conf
User=<username>
LimitNOFILE=8192
TimeoutStopSec=30min

[Install]
WantedBy=multi-user.target
  • Hit control x, y, and enter to save and exit
  • Now we enable the fulcrum service [sudo systemctl enable fulcrum.service]
  • Start it [sudo systemctl start fulcrum.service]
  • Check the status [sudo systemctl status fulcrum.service] to see if it worked
  • Check the logs to see fulcrum downloading in a different terminal with [journalctl -fu fulcrum.service]

This will take hours to finish syncing, maybe half a day. When it is done you should be able to connect Sparrow Wallet to your fulcrum server if you are on the same network. Here are instructions for connecting (if you already have Sparrow Wallet on your computer, you can jump to timestamp 4:45 for connection instructions):

Install Bitcoind on Ubuntu Server – Upgrade your Bitcoin Node

If you prefer video and don’t need my help to install Bitcoind on Ubuntu server, see this video for instructions. Use the below text as a way to help when you run in to something you don’t understand. Otherwise, the video should suffice.

Installing Bitcoind on Ubuntu Server

  • Login to your nodebox through SSH using instructions previously shared here
  • Input [mkdir downloads] to make a directory for downloads
  • Type [ls] to confirm your new directory
  • Visit https://bitcoincore.org/en/download/ to find the link to download bitcoind
  • Right click/copy link on the Linux (tgz) download
  • In terminal, go to your downloads directory with [cd downloads]
  • Input [wget] and paste in the link for the linux (tgz) file
  • Hit enter. This should download bitcoin to your downloads folder
  • When it’s done you can type [ls] into the command line and see the download in the directory
  • Follow the instruction in the bitcoincore.org/en/downloads to verify the bitcoin software you downloaded
  • After verifying the file is good, unzip the file using this command: [tar xzf bitcoin-**.0-x86_64-linux-gnu.tar.gz] YOU WILL NEED TO CHANGE THE VERSION NUMBER TO THE ONE YOU DOWNLOADED.
  • Use the command to install in your root directory: [sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-22.0/bin/*] (YOU WILL NEED TO CHANGE THE VERSION NUMBER TO THE ONE YOU DOWNLOADED.)
  • You will be prompted to enter your password
  • Enter the command [bitcoind -daemon] to run Bitcoin. Your nodebox should be downloading the bitcoin blockchain, you can confirm that by following instructions below.
  • Use the command [cd ~] to go back to your home directory
  • Enter the command [ll] to see that .bitcoin has been added to your home directory
  • Go into the .bitcoin directory using the command [cd .bitcoin]
  • Type [ls] to see a list of files there
  • Open a new terminal window and enter the command [tail -f .bitcoin/debug.log] to see the blocks downloading in real time if you’d like
    • A few bitcoin -cli commands:
      • bitcoin -cli getblockchaininfo
      • bitcoin -cli getconectioncount
  • Now we setup bitcoin.conf
    • If you aren’t in the .bitcoin directory go there. [cd .bitcoin]
    • You will create a file there called bitcoin.conf using the command [nano bitcoin.conf]
    • You should see a text editor open up named bitcoin.conf
    • Paste in the following:
server=1
txindex=1
daemon=1
rpcport=8332
rpcbind=0.0.0.0
rpcallowip=127.0.0.1
rpcallowip=10.0.0.0/8
rpcallowip=172.0.0.0/8
rpcallowip=192.0.0.0/8
zmqpubrawblock=tcp://0.0.0.0:28332
zmqpubrawtx=tcp://0.0.0.0:28333
zmqpubhashblock=tcp://0.0.0.0:28334
whitelist=127.0.0.1
  • In a browser, go to https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py
  • Keep the bitcoin.conf file open and open a new terminal
  • Use the [cd downloads] command to go into your downloads directory
  • Use the command [wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py] to download that file
  • We need to make that file executable. The command for that is [chmod +x rpcauth.py]
  • We need to set a password and username for bitcoind. The command for that is [./rpcauth.py bitcoin bitcoin] (in that line “bitcoin” is designated as the password and “bitcoin” is designated as the username. Change that as you’d like.)
  • Hit enter and you will get a string of characters that starts with rpcauth. Starting from the rpcauth part all the way through the rest of the characters, paste that below the “whitelist” line in the bitcoin.conf file you are editing.
  • Hold down the “control” key and the “x” key at the same time to exit. Hit “y” to save the file when prompted. Hit “enter” to exit.
  • In the terminal window with the .bitcoin directory stop bitcoind with the command [bitcoin-cli stop]
  • Start it up again with the command [bitcoind]
  • Use the command [bitcoin-cli blockchaininfo] to see if the timechain has completely downloaded
  • Next… wait until core downloads all of the blocks. Might take 18 hours or so.

Setup the service file so that Bitcoin starts up automatically

  • Go to https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/init/bitcoind.service
  • Enter command [cd /etc/systemd/system/] to move to that directory
  • Enter command [ sudo wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/init/bitcoind.service] to download the service file template
  • In the /etc/systemd/system directory enter command [sudo nano bitcoind.service]
  • This will let you edit the service file to change the directories to be accurate
  • Change lines:
[Service]
ExecStart=/usr/local/bin/bitcoind -daemon \
                            -pid=/run/bitcoind/bitcoind.pid \
                            -conf=/home/<YOURUSERNAME>/.bitcoin/bitcoin.conf \
                            -datadir=/home/<YOURUSERNAME>/.bitcoin
  • Place a # in front of this line:
ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin
  • Should now read:
# ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin
  • Change the username to read the same username for your node login:
# Run as bitcoin:bitcoin
User=<YOURNODEUSERNAME>
Group=<YOURNODEUSERNAME>
  • In the “Hardening Measures” part we will put a # in front of the line that reads “ProtectHome=true”
# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Deny access to /home, /root and /run/user
# ProtectHome=true
  • Control X to save, type “y” to confirm, and enter to return to terminal
  • Enable bitcoind with command [sudo systemctl enable bitcoind]
  • Start bitcoind with command [sudo systemctl start bitcoind]

Enable TOR

  • Install tor with [sudo apt install tor]
  • Verify install using [sudo systemctl status tor]
  • Edit a file in tor with the command [sudo nano /etc/tor/torrc]
  • Add these lines to the bottom of that file:
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
  • Hit control x, ‘y’ to save, enter to leave that file
  • Make those changes effective by typing [sudo systemctl restart tor]
  • Add your username by typing [sudo usermod -a -G debian-tor <username>]
  • Add tor to bitcoin.conf file with the command [nano sudo .bitcoin/bitcoin.conf]
  • Add the following lines to the bottom of the file.
proxy=127.0.0.1:9050
listen=1
bind=127.0.0.1
onlynet=onion
  • Control x, ‘y’ to save, enter to exit
  • Reboot machine using [sudo reboot]
  • SSH back into your machine
  • Now you need to check to see if bitcoind is connecting to peers with the move to tor vs. clearnet
  • Using a second terminal, Type command [tail -f .bitcoin/debug.log] to see if new blocks are coming in
  • Back in the other terminal window, enter command [bitcoin-cli getconnectioncount]
  • If you are getting a ‘0’ for connection count you may need to manually find a connection
  • Instructions for that are:
    • Scroll down a bit and you will see a list of nodes online. Picking the first one should work just fine. Copy that onion address including the :8333 port in it.
    • Now you are going to add that address to your bitcoin.conf file using this command [sudo nano .bitcoin/bitcoin.conf]
    • Next, add that node to the bottom of the bictoin.conf file with the command [addnode=<url of that node>]
    • Control x, save, enter to finally exit
    • Restart bitcoind with command [sudo systemctl restart bitcoind]
    • Wait a minute or so and check the other terminal window to see if you are connecting to peers.
    • You can also type in a terminal [bitcoin-cli getconnectioncount] to see if you have any new peers.
    • Once you have 4 or five peers, you can go into the bitcoin.conf file and remove the node you added at the bottom. Command [sudo nano .bitcoin/bitcoin.conf] will get you back in. Scroll down and delete the text you added earlier, then control x, y, enter.
    • Restart bitcoind again with command [sudo systemctl restart bitcoind] to ensure that your node can now connect to peers on it’s own
    • After a minute or so use [bitcoin-cli getconnectioncount] to very connection to other nodes over tor
  • To verify your traffic is going over tor you can use the command [bitcoin-cli getnetworkinfo]
  • You should see an onion address at the bottom of the information that prints out in terminal. You should also see ipv4 reachable: false. Same for ipv6. Onion ‘reachable’ should say ‘true’
  • Another useful command is bitcoin-cli gettxoutsetinfo to verify the supply of all satoshis

Install Ubuntu Server – Upgrade your Bitcoin Node

This is a text companion guide to Ketan’s instructions for installing Ubuntu server. Ubuntu server is the OS we will be using to build our bitcoin node stack that I mentioned in my previous post upgrading your bitcoin node.

You may not need text based help. If that’s the case, here is Ketan’s video:

Ubuntu server prep

Installation

  • We are going to work with this node “headless,” meaning we will not need a monitor or keyboard, but first we need a keyboard and monitor attached to the machine in order to install Ubuntu.
  • Figure out how your machine goes to BIOS (sometimes F2, sometimes F12, etc.) The startup screen will tell you what to do in order to login to the BIOS.
  • Boot list options in BIOS – should be “Legacy” (may need to disable “secure boot”)
  • Change the boot order. Should be USB first, then SSD.
  • If needed for your computer, choose Advanced boot options in BIOS
  • Power management – change AC Recovery to “Power on” so that the node restarts when it has power loss. Throughout the install guide will we setup all apps to start up from boot so that if you have an interruption of power to the node it should reboot and start up all apps automatically.
  • Insert the USB stick with Ubuntu server and fire up the machine
  • Select language, keyboard layout, Choose “Ubuntu Server”
  • Write down the IP address that the install process shows you, usually something like 192.168.**.*** You will need this to SSH into the machine.
  • No proxy address needed
  • Use default mirror address
  • Choose your preference for where to install Ubuntu server. Be careful you aren’t erasing information you need with “Use entire disk”
  • No need to set up as LVM group, space bar will de-select
  • Confirm your selections
  • Enter your info here. Might be good to use a unique username and password.
  • Username must be lower case
  • Be sure you select “Install OpenSSH” with your spacebar
  • No need to select any of the featured snaps, move the cursor down to “done”
  • Will take a few minutes to setup
  • Confirm the reboot selection
  • Remove the installation USB stick when prompted and press “enter”
  • Login using the username and your password
  • You shouldn’t need the monitor or keyboard on your nodebox from here on out
  • Open up a command line on the computer you usually work with
    • In windows open a command prompt. Search CMD and hit enter.
    • On Linux/Mac open a terminal
  • From the command line type [SSH username@IPaddress] ex. [ssh satoshi@192.168.**.***]
  • At your first login your terminal may ask you to confirm the new connection, type “yes”
  • Enter the password you selected when prompted

You should be logged in

This video does an excellent job of explaining how to navigate your new Ubuntu server installation.

A Companion to Ketan’s Nodebox Guide – Upgrade your Bitcoin Node

Ketan from Ministry of Nodes has created a guide on youtube to help others setup their own Bitcoin node running BTCPay Server and Lightning on a desktop PC and it was exactly a setup I had been interested in myself. I realize this is very niche subject matter but I did the work of documenting this project and thought that others might benefit from the documentation.

I plan on breaking this up into multiple parts in order to mirror Ketan’s youtube videos. There are places throughout his series where it would be helpful if you have a link or a quick copy and paste in order to be able to keep up with his instructions.

Who this isn’t for; most will do fine running a node with a single board computer, like a Raspberry Pi. If all you are doing is confirming your own transactions, occasionally spending with lightning, coinjoining, etc., then I don’t think you need an upgrade to your bitcoin node setup. The beauty of Bitcoin is that anybody can run their own node in order to verify their Bitcoin is real and not trust anyone else with their financial information, and for most a single board computer should work just fine for that.

If however you are looking to run a Lightning routing node where you expect to have a lot of traffic running through it, or if you are looking to run a public facing instance of BTCPay server, I think you should consider upgrading to a computer that is capable of handling the traffic in a more dependable way. I am differentiating here between a “Lightning Node” and a “Lightning Routing Node” on purpose. If you just plan on opening channels in order to spend, and are not so much concerned for earning routing fees and being a central point of the lightning network, then there is no reason to upgrade your node in my opinion.

I can confirm that, after going through Ketan’s guides a few times, and running this stack on a few different computers, it is very dependable and less buggy then when I have tried to run a public facing BTCPay Server on a raspberry pi. Admittedly, I have not run any of those computers where there is a lot of lightning traffic. I have not had the time with the machines to allow for that yet AND my main use case for this setup is for hosting a public facing BTCPay Server in a self-sovereign way. As always it is important to do your own research.

In Ketan’s guide he starts by recommending a dell optiplex 9020 micro for this project. At the top of this post, the picture of a PC next to a Raspiblitz is of a Dell 3060 micro, which has the same form factor as the 9020 micro. You can see it is a small machine, not much bigger than my Raspiblitz, but the difference in capability and dependability is big. Using these instructions, instead of Ketan’s, you will be able to get the 3060 micro to boot to ubuntu server without a windows installation on the computer. The video describes installing ubuntu, not ubuntu server, but just swap in the ubuntu server .iso instead and follow the rest of those instructions if you want to go with a newer machine than the 9020 micro. Of course you can use pretty much any AMD64 computer as long as it is a capable enough machine.

Here is an affiliate link to Amazon selling a Dell 9020. Really any Dell micro model that has an m.2 slot will work, just be aware of processer efficiency if that is something that is important to you.

Here is an affiliate link to a 1TB Samsung SSD. Keep an eye on your M.2 slot and which variety you need for your application.

A few points to keep in mind:

  • If you are going to get one of the 9020 micros, keep in mind that they are not new machines, so get one that has some sort of warranty. There are plenty of other generations of Dell Micro computers, and also HP and IBM make similar sized computers. Here is my argument for why I like recommending Dell computers.
  • If you can get it without an SSD, that is preferable since it is best to put a Samsung M.2 SSD into it.
  • Get one that has a single stick of 8gb RAM, not two sticks of 4gb so that you can upgrade to 16gb of RAM if you want to. Or if you don’t plan on ever upgrading RAM, go with the two 4gb.
  • Be aware that the Dell 9020 also refers to bigger machines which may not have an M.2 ssd slot, which is a critical part to the dependability of this setup. I like to recommend the micro size PCs because of their really small footprint and how easy they are to maintain.
  • If you don’t care about using a bigger machine for this, then it doesn’t really matter what kind you use. You could scale this up to a much larger, higher performing machine if you intend to use in a more industrial-like way.

Here is a peak at the inside of the micro form factor: