normandmickey/setup_clightning.md

## setup_clightning.md

      
    Raw
  

              setup_clightning.md
            
          
    E-Commerce c-lightning node on Digital Ocean

Prerequisites


based on small Digital Ocean VPS (1CPU / 1GB RAM) with Ubuntu 16.04
SSH keys are recommended, but not described here
(sub) domain name necessary for SSL certificate

UFW & basic stuff

Login as "root"
$ apt update
$ apt upgrade
$ apt install ufw fail2ban

$ ufw app list
$ ufw default deny incoming
$ ufw default allow outgoing
$ ufw allow OpenSSH
$ ufw allow 9735 comment 'allow Lightning'
$ ufw allow 9000 comment 'allow Lightning Charge HTTP'
$ ufw allow 9001 comment 'allow Lightning Charge HTTPS'
$ ufw enable
$ systemctl enable ufw
$ ufw status

### create sudo user
$ adduser stadicus
$ adduser stadicus sudo

### create service user
$ adduser bitcoin
$ exit

sPRUNED

https://github.com/gdassori/spruned
### with sudo user
$ sudo apt install libleveldb-dev python3-dev git virtualenv gcc g++
$ sudo su - bitcoin

### with bitcoin user
$ git clone https://github.com/gdassori/spruned.git
$ cd spruned
$ virtualenv -p python3.5 venv
$ . venv/bin/activate
$ pip install -r requirements.txt
$ python setup.py install
$ exit

### systemd startup
$ sudo nano /etc/systemd/system/spruned.service

# sPRUNED: systemd unit
# /etc/systemd/system/spruned.service

[Unit]
Description=sPRUNED Bitcoin node
After=network.target

[Service]
ExecStart=/home/bitcoin/spruned/venv/bin/spruned --network bitcoin.mainnet --rpcuser xxx --rpcpassword xxx 
Type=simple
User=bitcoin
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

### start and enable the new service
$ sudo systemctl start spruned
$ sudo systemctl status spruned
$ sudo systemctl enable spruned
$ sudo tail -f /home/bitcoin/.spruned/spruned.log

bitcoin-cli

https://bitcoin.org/en/download
### with sudo user
$ mkdir download && cd download
$ wget https://bitcoin.org/bin/bitcoin-core-0.16.1/bitcoin-0.16.1-x86_64-linux-gnu.tar.gz
$ tar -xvf bitcoin-0.16.1-x86_64-linux-gnu.tar.gz
$ sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-0.16.1/bin/bitcoin-cli
$ cd
$ rm -rf download

### bitcoin-cli configuration
$ sudo mkdir /home/bitcoin/.bitcoin
$ sudo nano /home/bitcoin/.bitcoin/bitcoin.conf

# Connection settings
rpcuser=xxx
rpcpassword=xxx

c-lightning

https://github.com/ElementsProject/lightning
### with admin user
$ sudo apt-get install -y autoconf automake build-essential git libtool libgmp-dev libsqlite3-dev python python3 net-tools zlib1g-dev
$ cd 
$ git clone https://github.com/ElementsProject/lightning.git
$ cd lightning
$ git tag -l
$ git checkout tags/v0.6
$ ./configure
$ make
$ sudo make install

### systemd startup
$ sudo nano /etc/systemd/system/lightning.service

# c-Lightning: systemd unit
# /etc/systemd/system/lightning.service

[Unit]
Description=c-Lightning daemon
Requires=spruned.service
After=spruned.service

[Service]
ExecStart=/usr/local/bin/lightningd --pid-file=/home/bitcoin/.lightning/lightning.pid --daemon
PIDFile=/home/bitcoin/.lightning/lightning.pid
User=bitcoin
Type=forking
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

### c-lightning configuration
sudo mkdir /home/bitcoin/.lightning
sudo nano /home/bitcoin/.lightning/config

alias=Your_Node_Alias
log-level=debug
network=bitcoin
bitcoin-rpcuser=xxx
bitcoin-rpcpassword=xxx
bitcoin-rpcconnect=localhost
bitcoin-rpcport=8332
log-file=/home/bitcoin/.lightning/lightning.log

### set bitcoin as owner, start and enable 
$ sudo chown -R bitcoin:bitcoin /home/bitcoin/.lightning/
$ sudo systemctl start lightning
$ sudo systemctl status lightning
$ sudo systemctl enable lightning
$ sudo tail -f /home/bitcoin/.lightning/lightning.log

### Check setup
$ sudo su - bitcoin
$ bitcoin-cli getblockchaininfo
{
  "blocks": 533666,
  "pruned": false,
  "chainwork": null,
  "headers": 533666,
  "bestblockhash": "0000000000000000001b65cc396bfdd8cff3a712f2f31b5ee7feb963314a5acd",
  "difficulty": null,
  "mediantime": 1532556068,
  "chain": "main",
  "warning": "spruned 0.0.2a3, emulating bitcoind v0.16",
  "verificationprogress": 100
}
$ lightning-cli -h
$ lightning-cli connect 03943....4bfa31@34.205.147.134:9735              ## get a random node from 1ml.com
$ lightning-cli listpeers
$ lightning-cli newaddr

Nginx

https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04
### as sudo user
$ sudo apt-get install nginx
$ sudo ufw allow "Nginx Full"
$ systemctl status nginx

### point domain name to this server and check Nginx website with your browser

### configure Nginx
$ sudo nano /etc/nginx/sites-available/charged

server {
    listen 9000;
    server_name your.domainname.com;

    location / {
        proxy_pass http://127.0.0.1:9112;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

### enable Nginx block
$ sudo rm /etc/nginx/sites-enabled/default
$ sudo ln /etc/nginx/sites-available/charged /etc/nginx/sites-enabled/charged
$ sudo nginx -t
$ sudo systemctl reload nginx

Node.js

### as sudo user
$ curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
$ sudo apt-get install -y nodejs build-essential

Lightning Charge

### sometimes, this step caused some errors. Not sure why
$ npm install -g lightning-charge

### if you get an error, try this
$ sudo npm install --unsafe-perm -g lightning-charge

### check operations (optional)
### in "bitcoin" user session
$ charged --api-token REPLACE_WITH_YOUR_SECRET_TOKEN defaults: --ln-path /home/bitcoin/.lightning --db-path /home/bitcoin/.lightning/charge.db --port 9112
### different user session on the same machine:
$ curl localhost:9112

### as sudo user
$ sudo nano /etc/systemd/system/charged.service`

# Lightning Charge: systemd unit
# /etc/systemd/system/charged.service

[Unit]
Description=Lightning Charge
After=lightning.service
Requires=lightning.service

[Service]
WorkingDirectory=/home/bitcoin/.lightning
ExecStartPre=/bin/sh -c 'sleep 30'
ExecStart=/usr/bin/charged --api-token REPLACE_WITH_YOUR_SECRET_TOKEN --ln-path /home/bitcoin/.lightning --db-path /home/bitcoin/.lightning/charge.db --port 9112
User=bitcoin
Type=simple
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

### start & enable
$ sudo systemctl start lightning
$ sudo systemctl status lightning
$ sudo systemctl enable lightning
$ sudo tail -f 

Enable SSL

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt update
$ sudo apt install python-certbot-nginx
$ sudo certbot --nginx -d your.domainname.com

### when asked, do not redirect HTTPS traffic at the moment

### check website again, using https://....

### open nginx block and change "443" to "9001"
$ sudo nano /etc/nginx/sites-available/charged
$ sudo systemctl reload nginx

### check https://your.domainname.com:9001 in your browser