layout | title | nav_order |
---|---|---|
default |
Bitcoin |
30 |
{: .no_toc }
Let's get your Bitcoin full node operational.
{: .no_toc .text-delta }
- TOC {:toc}
The base of a sovereign Bitcoin node is a fully validating Bitcoin client. We are using Bitcoin Core{:target="_blank"}, the reference implementation, but not the only option available. This application will download the whole blockchain from other peers and validate every single transaction that ever happened. After validation, the client can check all future transactions whether they are valid or not.
The validated blocks are also the base layer for other applications, like Electrs (to use with hardware wallets) or LND (the Lightning Network client).
Be already warned that the downloading and validation of all transactions since 2009, more than 600'000 blocks with a size of over 300 GB, is not an easy task. It's great that the Raspberry Pi 4 can do it, even if it takes a few days, as this was simply not possible with the Raspberry Pi 3.
🚨 Familiarize yourself with signature verification An important part of the trust-minimization setup is to verify signatures of software you install. Take your time to read through a detailed guide from Luke-Jr.
We download the latest Bitcoin Core binaries (the application) and compare the file with the signed checksum. This is a precaution to make sure that this is an official release and not a malicious version trying to steal our money.
-
Login as "admin" and change to the
tmp
directory, which is cleared on reboot.cd /tmp
-
Get the latest download links at bitcoincore.org/en/download{:target="_blank"} (ARM Linux 32 bit), they change with each update. Then run the following commands (with adjusted filenames) and check the output where indicated:
# download Bitcoin Core binary $ wget https://bitcoincore.org/bin/bitcoin-core-0.21.1/bitcoin-0.21.1-aarch64-linux-gnu.tar.gz $ wget https://bitcoincore.org/bin/bitcoin-core-0.21.1/SHA256SUMS.asc $ wget https://bitcoin.org/laanwj-releases.asc # check that the reference checksum matches the real checksum # (ignore the "lines are improperly formatted" warning) $ sha256sum --check SHA256SUMS.asc --ignore-missing > bitcoin-0.21.1-aarch64-linux-gnu.tar.gz: OK # import the public key of Wladimir van der Laan, verify the signed checksum file # and check the fingerprint again in case of malicious keys $ gpg --import ./laanwj-releases.asc $ gpg --refresh-keys $ gpg --verify SHA256SUMS.asc > gpg: Good signature from "Wladimir J. van der Laan ..." > Primary key fingerprint: 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964
-
Extract the Bitcoin Core binaries, install them and check the version.
$ tar -xvf bitcoin-0.21.1-aarch64-linux-gnu.tar.gz $ sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-0.20.1/bin/* $ bitcoind --version > Bitcoin Core version v0.21.1
We use the Bitcoin daemon, called bitcoind
, that runs in the background without user interface.
It stores all data in a the directory /home/bitcoin/.bitcoin
.
Instead of creating a real directory, we create a link that points to a directory on the external hard disk.
-
Change to user “bitcoin” and add a symbolic link that points to the external drive.
$ sudo su bitcoin $ ln -s /mnt/ext/bitcoin /home/bitcoin/.bitcoin
-
Navigate to the home directory and check the symbolic link (the target must not be red). The content of this directory will actually be on the external drive.
$ ls -la
Now, the configuration file for bitcoind needs to be created. Still as user "bitcoin", open it with Nano and paste the configuration below. Save and exit.
$ nano /mnt/ext/bitcoin/bitcoin.conf
# RaspiBolt: bitcoind configuration
# /mnt/ext/bitcoin/bitcoin.conf
# Bitcoin daemon
server=1
txindex=1
# Network
proxy=127.0.0.1:9050
bind=127.0.0.1
onlynet=onion
dnsseed=0
dns=0
addnode=nkf5e6b7pl4jfd4a.onion
addnode=ecoc5q34tmbq54wl.onion
# Connections
rpcuser=raspibolt
rpcpassword=PASSWORD_[B]
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28333
# Raspberry Pi optimizations
maxconnections=40
maxuploadtarget=5000
# Initial block download optimizations
dbcache=2000
blocksonly=1
#serving compact filters to peers
blockfilterindex=1
peercfilters=1
peerbloomfilters=1
🚨 Change the rpcpassword to your secure password [B]
.
🔍 more: configuration options{:target="_blank"} in Bitcoin Wiki
By default the above configuration enables transaction indexing. This allows other applications to query Bitcoin Core about any transaction. One example that needs this feature is the BTC RPC Explorer, your personal blockchain explorer.
If you know that you don't need this feature, you can delete the line txindex=1
in the configuration above.
This results in a faster initial blockchain verification, and saves about 20 GB of storage.
If in doubt, just leave it as-is, otherwise you might need to enable it later and reindex the whole blockchain again.
Still logged in as user "bitcoin", let's start "bitcoind" manually.
Monitor the log file a few minutes to see if it works fine (it may stop at "dnsseed thread exit", that's ok).
Stop "bitcoind" with Ctrl-C
.
$ bitcoind
Note: the following screencast skips longer waiting times, the initial start is longer in real life.
<script id="asciicast-U8pYWC4noOazqJgXhoUzDoafC" src="https://asciinema.org/a/U8pYWC4noOazqJgXhoUzDoafC.js" async></script>The system needs to run the bitcoin daemon automatically in the background, even when nobody is logged in. We use “systemd“, a daemon that controls the startup process using configuration files.
-
Exit the “bitcoin” user session back to user “admin”
$ exit
-
Create the configuration file in the Nano text editor and copy the following paragraph. Save and exit.
$ sudo nano /etc/systemd/system/bitcoind.service
# RaspiBolt: systemd unit for bitcoind # /etc/systemd/system/bitcoind.service [Unit] Description=Bitcoin daemon After=network.target [Service] # Service execution ################### ExecStart=/usr/local/bin/bitcoind -daemon \ -pid=/run/bitcoind/bitcoind.pid \ -conf=/mnt/ext/bitcoin/bitcoin.conf \ -datadir=/mnt/ext/bitcoin # Process management #################### Type=forking PIDFile=/run/bitcoind/bitcoind.pid Restart=on-failure TimeoutSec=300 RestartSec=30 # Directory creation and permissions #################################### # Run as bitcoin:bitcoin User=bitcoin Group=bitcoin # /run/bitcoind RuntimeDirectory=bitcoind RuntimeDirectoryMode=0710 # Hardening measures #################### # Provide a private /tmp and /var/tmp. PrivateTmp=true # Mount /usr, /boot/ and /etc read-only for the process. ProtectSystem=full # Deny access to /home, /root and /run/user ProtectHome=true # Disallow the process and all of its children to gain # new privileges through execve(). NoNewPrivileges=true # Use a new /dev namespace only populated with API pseudo devices # such as /dev/null, /dev/zero and /dev/random. PrivateDevices=true # Deny the creation of writable and executable memory mappings. MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target
-
Enable the service
$ sudo systemctl enable bitcoind.service
-
Link the Bitcoin data directory in the user "admin" home. As a member or the group "bitcoin", admin has read-only access to certain files.
$ ln -s /mnt/ext/bitcoin/ /home/admin/.bitcoin
-
Restart the Raspberry Pi
$ sudo reboot
After rebooting, the bitcoind should start and begin to sync and validate the Bitcoin blockchain.
-
Wait a bit, reconnect via SSH and login with the user “admin”.
-
Check the status of the bitcoin daemon that was started by systemd (exit with
Ctrl-C
)$ systemctl status bitcoind.service
-
See bitcoind in action by monitoring its log file (exit with
Ctrl-C
)$ sudo tail -f /mnt/ext/bitcoin/debug.log
-
Use the Bitcoin Core client
bitcoin-cli
to get information about the current blockchain$ bitcoin-cli getblockchaininfo
-
Please note:
- When “bitcoind” is still starting, you may get an error message like “verifying blocks”. That’s normal, just give it a few minutes.
- Among other infos, the “verificationprogress” is shown. Once this value reaches almost 1 (0.999…), the blockchain is up-to-date and fully validated.
🚨 Please let Bitcoin Core sync fully before proceeding.
This can take up to a week when using a Raspberry Pi 4, depending mostly on your external drive (SSD good, HDD bad; USB3 good, USB2 bad).
If everything is running smoothly, this is the perfect time to familiarize yourself with Bitcoin, the technical aspects of Bitcoin Core and play around with bitcoin-cli
until the blockchain is up-to-date.
-
The Little Bitcoin Book{:target="_blank"} is a fantastic introduction to Bitcoin, focusing on the "why" and less on the "how".
-
Mastering Bitcoin{:target="_blank"} by Andreas Antonopoulos is a great point to start, especially chapter 3 (ignore the first part how to compile from source code):
-
Learning Bitcoin from the Command Line{:target="_blank"} by Christopher Allen gives a thorough deep dive into understanding the technical aspects of Bitcoin.
-
Also, check out the bitcoin-cli reference{:target="_blank"}
Once Bitcoin Core is fully synced, we can reduce the size of the database cache. A bigger cache speeds up the initial block download, now we want to reduce memory consumption to allow LND and Electrs to run in parallel. We also now want to enable the node to listent to and relay transactions.
-
As user "admin", comment the following lines out (add a
#
at the beginning) in the Bitcoin settings file. Bitcoin Core will then just use the default of 300 MB instead of 2 GB. Save and exit.$ sudo nano /mnt/ext/bitcoin/bitcoin.conf
#dbcache=2000 #blocksonly=1
-
Restart Bitcoin Core for the settings to take effect.
$ sudo systemctl restart bitcoind
If you want to upgrade to a new release of Bitcoin Core in the future, check out the FAQ section: How to upgrade Bitcoin Core
Next: Lightning >>