Setup a Full Bitcoin Node in 10 minutes

bitcoin-full-node.md

Setup a Full Bitcoin Node

Get syncing in 10 minutes

A. Provision server

1. Provision Ubuntu/Debian. (2 GB RAM, 2 CPUs, ~500 GB for txindex=1, or use pruning to limit size to 2-3 GB if disk space is scarce), ssh into as root.
2. Update your server: $ apt update && apt upgrade
3. Optional: on your local $ ssh-copy-id root@ip (disable ssh password auth at step B.5.)

B. Add bitcoin user

1. As root: $ adduser bitcoin
2. Add bitcoin to sudoers: $ usermod -aG sudo bitcoin
3. $ su - bitcoin
4. Optional: on your local $ ssh-copy-id bitcoin@ip
5. Disable password authentication via ssh by sudo editing the line PasswordAuthentication no in file /etc/ssh/sshd_config
6. $ sudo systemctl restart ssh

C. Install bitcoin

1. $ wget https://bitcoin.org/bin/bitcoin-core-0.21.1/bitcoin-0.21.1-x86_64-linux-gnu.tar.gz
2. $ tar xzf bitcoin-0.21.1-x86_64-linux-gnu.tar.gz
3. $ sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-0.21.1/bin/*
4. $ sudo mkdir /etc/bitcoin && sudo chown -R bitcoin:bitcoin /etc/bitcoin

D. Configure bitcoin

1. Create /etc/bitcoin/bitcoin.conf. Use this for guidance. Mine is below. (I needed a non-pruned full node with txindex=1, server=1 and JSON RPC enabled.)

# dbcache is how much RAM in megabytes to dedicate
# increase dbcache (and provisioned memory on server if possible) during initial sync to speed up
# dbcache=7500 # for 8196 MiB
dbcache=1500
listen=1
txindex=1
server=1
rpcauth=bitcoin:<get this using rpcauth.py>
rpcallowip=10.0.0.0/24

• To generate rpcauth:
  • $ wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py && chmod +x rpcauth.py
  • $ ./rpcauth.py <rpc_username>

E. Setup systemd service to keep your node running, even after restarts

1. Setup systemd by sudo creating /etc/systemd/system/bitcoind.service.

[Unit]
Description=Bitcoin daemon
Documentation=https://github.com/bitcoin/bitcoin/blob/master/doc/init.md

After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/usr/local/bin/bitcoind -daemon \
                            -pid=/run/bitcoind/bitcoind.pid \
                            -conf=/etc/bitcoin/bitcoin.conf \
                            -datadir=/var/lib/bitcoind

PermissionsStartOnly=true
ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin

Type=forking
PIDFile=/run/bitcoind/bitcoind.pid
Restart=on-failure
#TimeoutStartSec=infinity
TimeoutStopSec=600

User=bitcoin
Group=bitcoin

RuntimeDirectory=bitcoind
RuntimeDirectoryMode=0710
ConfigurationDirectory=bitcoin
ConfigurationDirectoryMode=0710
StateDirectory=bitcoind
StateDirectoryMode=0710
PrivateTmp=true
ProtectSystem=full
ProtectHome=true
NoNewPrivileges=true
PrivateDevices=true
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target

2. $ sudo systemctl daemon-reload
3. $ sudo systemctl enable bitcoind

F. Start bitcoind

1. $ sudo systemctl start bitcoind
2. Optional: $ tail -f /var/lib/bitcoind/debug.log to see status

G. Tor only (for privacy)

1. $ sudo apt install tor
2. $ sudo systemctl enable tor // start on boot
3. edit /etc/tor/torrc, add these:

ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
HiddenServiceDir /var/lib/tor/bitcoin-service/
HiddenServicePort 8333 127.0.0.1:8334

3. $ sudo systemctl restart tor
4. $ sudo usermod -a -G debian-tor bitcoin
5. copy your onion address from this: $ cat /var/lib/tor/bitcoin-service/hostname
6. add these lines to /etc/bitcoin/bitcoin.conf:

externalip=<youronionaddress>
listenonion=1
onlynet=onion
bind=127.0.0.1

7. $ sudo systemctl restart bitcoind
8. $ bitcoin-cli -conf=/etc/bitcoin/bitcoin.conf getnetworkinfo should show you're only reachable via onion

That's it! Stack sats.