Create the CT:
- Debian 12 image
- 4GB system disk in local-lvm
- 6GB RAM, 0 swap
In the CT's "Resources" > "Add" > "Mount point":
- Storage: "Directory" disk from above
- Disk size: 1024 GB
- Path: /data
apt update && apt upgrade -y
apt install gpg -y
nano /etc/ssh/sshd_config
# In sshd_config:
PermitRootLogin yes
Exit and save changes, restart ssh
/etc/init.d/ssh restart
Download a pre-built binary and follow the verification instructions on that page.
Now complete installation
tar xvf bitcoin-27.1-x86_64-linux-gnu.tar.gz
Copy the binaries: See: https://bitcoin.org/en/full-node#linux-instructions
install -m 0755 -o root -g root -t /usr/local/bin bitcoin-27.1/bin/*
nano /etc/systemd/system/bitcoind.service
# configuration:
[Unit]
Description=bitcoind
After=network.target
[Service]
ExecStart=bitcoind -conf=/data/bitcoin.conf
PIDFile=/data/bitcoind.pid
Restart=always
TimeoutSec=120
RestartSec=30
[Install]
WantedBy=multi-user.target
CTRL-X
, y
to exit and save.
Load the new service and run:
systemctl enable bitcoind
systemctl start bitcoind
If you make further service config changes, load your new changes with:
systemctl daemon-reload
bitcoind will run fine and find outbound peers to connect to as-is, but will need port 8333 forwarded to it if you want inbound peers to be able to connect to you.
Note: You can run Tor in its own VM but that adds some additional requirements to get the two VMs communicating securely that probably aren't worth the effort. So instead we run Tor directly in the same VM as bitcoind.
The debian default repos do not have up to date Tor releases (only up to 0.4.7.16 as of this writing).
from: https://support.torproject.org/apt/
apt install apt-transport-https
# Create a new file:
nano /etc/apt/sources.list.d/tor.list
# In the text editor (assumes debian 12.5 "bookworm"):
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main
CTRL-X
, y
to exit and save.
Back on the command line:
# Add the repo's signing key
wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
# Read the new repo
apt update
# Install Tor and its package that keeps the signing key updated
apt install tor deb.torproject.org-keyring
from: https://github.com/bitcoin/bitcoin/blob/master/doc/tor.md#control-port
# Edit the tor conf file:
nano /etc/tor/torrc
# In the text editor:
# Uncomment:
ControlPort 9051
CookieAuthentication 1
# Based on info from the bitcoin guide linked above, also add:
CookieAuthFileGroupReadable 1
DataDirectoryGroupReadable 1
# Restart the Tor service
systemctl restart tor
nano /data/bitcoin.conf
# In the text editor:
# add:
debug=tor
# anonymize all outgoing connections
proxy=127.0.0.1:9050
# automatically create an onion service to listen on (support incoming onion connections)
listen=1
# Restart bitcoind with the changes.
systemctl restart bitcoind
bitcoind should automatically locate the Tor authentication cookie and set up its own onion service. Monitor bitcoind's logs during startup to verify:
tail -f -n 1000 /data/debug.log
Look for log entries that are prefixed with [tor]
, e.g.:
[tor] Successfully connected!
[tor] Connected to Tor version 0.4.8.12
[tor] Supported authentication method: COOKIE
Supported authentication method: SAFECOOKIE
[tor] Using SAFECOOKIE authentication, reading cookie authentication from /run/tor/control.authcookie
init message: Done loading
[tor] SAFECOOKIE authentication challenge successful
[tor] AUTHCHALLENGE ServerHash [...] ServerNonce [...]
[tor] Authentication successful
[tor] Get SOCKS port command yielded 127.0.0.1:9050
[tor] Configuring onion proxy for 127.0.0.1:9050
[tor] ADD_ONION successful
Got tor service ID [...], advertising service [...].onion:8333
[tor] Cached service private key to /data/onion_v3_private_key
Note: I could not get bitcoind to connect to i2pd (C++) or I2P (Java) running in a different VM. But running i2pd locally in the same VM as bitcoind "just worked". 🤷♂️
Steps from: https://jonatack.github.io/articles/using-alternative-p2p-networks-with-bitcoin-core
Learn more: https://github.com/bitcoin/bitcoin/blob/master/doc/i2p.md
apt install i2pd
# Load the i2pd service
systemctl enable i2pd
# Start the service
systemctl start i2pd
Then edit your bitcoin.conf to enable i2p p2p connections
nano /data/bitcoin.conf
# In the text editor add:
debug=i2p
# [i2p]
# I2P SAM proxy <ip:port> to reach I2P peers and accept I2P connections.
i2psam=127.0.0.1:7656
CTRL-X
, y
to exit and save.
Restart bitcoind:
systemctl restart bitcoind
Monitor bitcoind's logs during startup to verify:
tail -f -n 1000 /data/debug.log
Look for log entries that are prefixed with [i2p]
, e.g.:
[i2p] Creating persistent SAM session 0b3c53fc4b with 127.0.0.1:7656
[i2p] Persistent SAM session 0b3c53fc4b created, my address=[...].b32.i2p:0
2024-06-23T13:45:59Z AddLocal([...].b32.i2p:0,4)