Hello,

I recently take a quite big server where I'm running Bitcoind with txindex=1 and I think it can be interesting for people to have access to this.

In order to make it accessible I activated rpcbindaddress=0.0.0.0. For now I whitelisted two IPs but my idea is to put accessible to everyone. But it seems to be very dangerous according to every documentations and help.


I put here my conf  and I'm very interested to understand how to give endpoints accessible by anyone to have Bitcoin info. I removed some unused options.
I own the server and can modify everything.

Hope to understand all of this and don't make too many mistakes in order to do this.

##
## bitcoin.conf configuration file.
## Generated by contrib/devtools/gen-bitcoin-conf.sh.
##
## Lines beginning with # are comments.
## All possible configuration options are provided. To use, copy this file
## to your data directory (default or specified by -datadir), uncomment
## options you would like to change, and save the file.
##


### Options


# Execute command when an alert is raised (%s in cmd is replaced by
# message)
#alertnotify=<cmd>

# For backwards compatibility, treat an unused bitcoin.conf file in the
# datadir as a warning, not an error.
#allowignoredconf=1

# If this block is in the chain assume that it and its ancestors are valid
# and potentially skip their script verification (0 to verify all,
# default:
# 000000000000000000026811d149d4d261995ec5b3f64f439a0a10e1a464af9a,
# testnet:
# 000000000001323071f38f21ea5aae529ece491eadaccce506a59bcc2d968917,
# signet:
# 0000000870f15246ba23c16e370a7ffb1fc8a3dcf8cb4492882ed4b0e3d4cd26)
#assumevalid=<hex>

# Maintain an index of compact filters by block (default: 0, values:
# basic). If <type> is not supplied or if <type> = 1, indexes for
# all known types are enabled.
#blockfilterindex=<type>

# Execute command when the best block changes (%s in cmd is replaced by
# block hash)
#blocknotify=<cmd>

# Extra transactions to keep in memory for compact block reconstructions
# (default: 100)
#blockreconstructionextratxn=<n>

# Specify directory to hold blocks subdirectory for *.dat files (default:
# <datadir>)
#blocksdir=<dir>

# Whether to reject transactions from network peers. Disables automatic
# broadcast and rebroadcast of transactions, unless the source peer
# has the 'forcerelay' permission. RPC transactions are not
# affected. (default: 0)
#blocksonly=1

# Maintain coinstats index used by the gettxoutsetinfo RPC (default: 0)
coinstatsindex=1

# Maintain a full transaction index, used by the getrawtransaction rpc
# call (default: 0)
txindex=1

# Print version and exit
#version=1


### Connection options


# Add a node to connect to and attempt to keep the connection open (see
# the addnode RPC help for more info). This option can be specified
# multiple times to add multiple nodes; connections are limited to
# 8 at a time and are counted separately from the -maxconnections
# limit.
#addnode=<ip>

# Specify asn mapping used for bucketing of the peers (default:
# ip_asn.map). Relative paths will be prefixed by the net-specific
# datadir location.
#asmap=<file>

# Default duration (in seconds) of manually configured bans (default:
# 86400)
#bantime=<n>

# Bind to given address and always listen on it (default: 0.0.0.0). Use
# [host]:port notation for IPv6. Append =onion to tag any incoming
# connections to that address and port as incoming Tor connections
# (default: 127.0.0.1:8334=onion, testnet: 127.0.0.1:18334=onion,
# signet: 127.0.0.1:38334=onion, regtest: 127.0.0.1:18445=onion)
#bind=<addr>[:<port>][=onion]

# If set, then this host is configured for CJDNS (connecting to fc00::/8
# addresses would lead us to the CJDNS network, see doc/cjdns.md)
# (default: 0)
#cjdnsreachable=1

# Connect only to the specified node; -noconnect disables automatic
# connections (the rules for this peer are the same as for
# -addnode). This option can be specified multiple times to connect
# to multiple nodes.
#connect=<ip>

# Discover own IP addresses (default: 1 when listening and no -externalip
# or -proxy)
#discover=1

# Allow DNS lookups for -addnode, -seednode and -connect (default: 1)
#dns=1

# Query for peer addresses via DNS lookup, if low on addresses (default: 1
# unless -connect used or -maxconnections=0)
#dnsseed=1

# Specify your own public address
externalip=94.16.123.98

# Allow fixed seeds if DNS seeds don't provide peers (default: 1)
#fixedseeds=1

# Always query for peer addresses via DNS lookup (default: 0)
#forcednsseed=1

# Whether to accept inbound I2P connections (default: 1). Ignored if
# -i2psam is not set. Listening for inbound I2P connections is done
# through the SAM proxy, not by binding to a local address and
# port.
#i2pacceptincoming=1

# I2P SAM proxy to reach I2P peers and accept I2P connections (default:
# none)
#i2psam=<ip:port>

# Accept connections from outside (default: 1 if no -proxy, -connect or
# -maxconnections=0)
listen=1

# Automatically create Tor onion service (default: 1)
#listenonion=1

# Maintain at most <n> automatic connections to peers (default: 125). This
# limit does not apply to connections manually added via -addnode
# or the addnode RPC, which have a separate limit of 8.
#maxconnections=<n>

# Maximum per-connection receive buffer, <n>*1000 bytes (default: 5000)
#maxreceivebuffer=<n>

# Maximum per-connection memory usage for the send buffer, <n>*1000 bytes
# (default: 1000)
#maxsendbuffer=<n>

# Maximum allowed median peer time offset adjustment. Local perspective of
# time may be influenced by outbound peers forward or backward by
# this amount (default: 4200 seconds).
#maxtimeadjustment=1

# Tries to keep outbound traffic under the given target per 24h. Limit
# does not apply to peers with 'download' permission or blocks
# created within past week. 0 = no limit (default: 0M). Optional
# suffix units [k|K|m|M|g|G|t|T] (default: M). Lowercase is 1000
# base while uppercase is 1024 base
#maxuploadtarget=<n>

# Use NAT-PMP to map the listening port (default: 0)
#natpmp=1

# Enable all P2P network activity (default: 1). Can be changed by the
# setnetworkactive RPC command
networkactive=1

# Use separate SOCKS5 proxy to reach peers via Tor onion services, set
# -noonion to disable (default: -proxy). May be a local file path
# prefixed with 'unix:'.
#onion=<ip:port|path>

# Make automatic outbound connections only to network <net> (ipv4, ipv6,
# onion, i2p, cjdns). Inbound and manual connections are not
# affected by this option. It can be specified multiple times to
# allow multiple networks.
#onlynet=<net>

# Serve compact block filters to peers per BIP 157 (default: 0)
#peerblockfilters=1

# Support filtering of blocks and transaction with bloom filters (default:
# 0)
#peerbloomfilters=1

# Listen for connections on <port>. Nodes not using the default ports
# (default: 8333, testnet: 18333, signet: 38333, regtest: 18444)
# are unlikely to get incoming connections. Not relevant for I2P
# (see doc/i2p.md).
#port=<port>

# Connect through SOCKS5 proxy, set -noproxy to disable (default:
# disabled). May be a local file path prefixed with 'unix:' if the
# proxy supports it.
#proxy=<ip:port|path>

# Randomize credentials for every proxy connection. This enables Tor
# stream isolation (default: 1)
#proxyrandomize=1

# Connect to a node to retrieve peer addresses, and disconnect. This
# option can be specified multiple times to connect to multiple
# nodes.
#seednode=<ip>

# Specify socket connection timeout in milliseconds. If an initial attempt
# to connect is unsuccessful after this amount of time, drop it
# (minimum: 1, default: 5000)
#timeout=<n>

# Tor control host and port to use if onion listening enabled (default:
# 127.0.0.1:9051). If no port is specified, the default port of
# 9051 will be used.
#torcontrol=<ip>:<port>

# Tor control port password (default: empty)
#torpassword=<pass>

# Use UPnP to map the listening port (default: 1 when listening and no
# -proxy)
#upnp=1

# Support v2 transport (default: 1)
#v2transport=1

# Bind to the given address and add permission flags to the peers
# connecting to it. Use [host]:port notation for IPv6. Allowed
# permissions: bloomfilter (allow requesting BIP37 filtered blocks
# and transactions), noban (do not ban for misbehavior; implies
# download), forcerelay (relay transactions that are already in the
# mempool; implies relay), relay (relay even in -blocksonly mode,
# and unlimited transaction announcements), mempool (allow
# requesting BIP35 mempool contents), download (allow getheaders
# during IBD, no disconnect after maxuploadtarget limit), addr
# (responses to GETADDR avoid hitting the cache and contain random
# records with the most up-to-date info). Specify multiple
# permissions separated by commas (default:
# download,noban,mempool,relay). Can be specified multiple times.
#whitebind=<[permissions@]addr>

# Add permission flags to the peers using the given IP address (e.g.
# 1.2.3.4) or CIDR-notated network (e.g. 1.2.3.0/24). Uses the same
# permissions as -whitebind. Additional flags "in" and "out"
# control whether permissions apply to incoming connections and/or
# manual (default: incoming only). Can be specified multiple times.
#whitelist=<[permissions@]IP address or network>


### Wallet options


# What type of addresses to use ("legacy", "p2sh-segwit", "bech32", or
# "bech32m", default: "bech32")
#addresstype=1

# Group outputs by address, selecting many (possibly all) or none, instead
# of selecting on a per-output basis. Privacy is improved as
# addresses are mostly swept with fewer transactions and outputs
# are aggregated in clean change addresses. It may result in higher
# fees due to less optimal coin selection caused by this added
# limitation and possibly a larger-than-necessary number of inputs
# being used. Always enabled for wallets with "avoid_reuse"
# enabled, otherwise default: 0.
#avoidpartialspends=1

# What type of change to use ("legacy", "p2sh-segwit", "bech32", or
# "bech32m"). Default is "legacy" when -addresstype=legacy, else it
# is an implementation detail.
#changetype=1

# The maximum feerate (in BTC/kvB) at which transaction building may use
# more inputs than strictly necessary so that the wallet's UTXO
# pool can be reduced (default: 0.0001).
#consolidatefeerate=<amt>

# Do not load the wallet and disable wallet RPC calls
#disablewallet=1

# The fee rate (in BTC/kvB) that indicates your tolerance for discarding
# change by adding it to the fee (default: 0.0001). Note: An output
# is discarded if it is dust at this rate, but we will always
# discard up to the dust relay fee and a discard fee above that is
# limited by the fee estimate for the longest target
#discardfee=<amt>

# A fee rate (in BTC/kvB) that will be used when fee estimation has
# insufficient data. 0 to entirely disable the fallbackfee feature.
# (default: 0.00)
#fallbackfee=<amt>

# Set key pool size to <n> (default: 1000). Warning: Smaller sizes may
# increase the risk of losing funds when restoring from an old
# backup, if none of the addresses in the original keypool have
# been used.
#keypool=<n>

# Spend up to this amount in additional (absolute) fees (in BTC) if it
# allows the use of partial spend avoidance (default: 0.00)
#maxapsfee=<n>

# Fee rates (in BTC/kvB) smaller than this are considered zero fee for
# transaction creation (default: 0.00001)
#mintxfee=<amt>

# Fee rate (in BTC/kvB) to add to transactions you send (default: 0.00)
#paytxfee=<amt>

# External signing tool, see doc/external-signer.md
#signer=<cmd>

# Spend unconfirmed change when sending transactions (default: 1)
#spendzeroconfchange=1

# If paytxfee is not set, include enough fee so transactions begin
# confirmation on average within n blocks (default: 6)
#txconfirmtarget=<n>

# Specify wallet path to load at startup. Can be used multiple times to
# load multiple wallets. Path is to a directory containing wallet
# data and log files. If the path is not absolute, it is
# interpreted relative to <walletdir>. This only loads existing
# wallets and does not create new ones. For backwards compatibility
# this also accepts names of existing top-level data files in
# <walletdir>.
#wallet=<path>

# Make the wallet broadcast transactions (default: 1)
#walletbroadcast=1

# Specify directory to hold wallets (default: <datadir>/wallets if it
# exists, otherwise <datadir>)
#walletdir=<dir>

# Execute command when a wallet transaction changes. %s in cmd is replaced
# by TxID, %w is replaced by wallet name, %b is replaced by the
# hash of the block including the transaction (set to 'unconfirmed'
# if the transaction is not included) and %h is replaced by the
# block height (-1 if not included). %w is not currently
# implemented on windows. On systems where %w is supported, it
# should NOT be quoted because this would break shell escaping used
# to invoke the command.
#walletnotify=<cmd>

# Send transactions with full-RBF opt-in enabled (RPC only, default: 1)
walletrbf=1



### Node relay options


# Equivalent bytes per sigop in transactions for relay and mining
# (default: 20)
#bytespersigop=1

# Relay and mine data carrier transactions (default: 1)
#datacarrier=1

# Relay and mine transactions whose data-carrying raw scriptPubKey is of
# this size or less (default: 83)
#datacarriersize=1

# Accept transaction replace-by-fee without requiring replaceability
# signaling (default: 0)
mempoolfullrbf=1

# Fees (in BTC/kvB) smaller than this are considered zero fee for
# relaying, mining and transaction creation (default: 0.00001)
#minrelaytxfee=<amt>

# Relay non-P2SH multisig (default: 1)
#permitbaremultisig=1

# Add 'forcerelay' permission to whitelisted peers with default
# permissions. This will relay transactions even if the
# transactions were already in the mempool. (default: 0)
#whitelistforcerelay=1

# Add 'relay' permission to whitelisted peers with default permissions.
# This will accept relayed transactions even when not relaying
# transactions (default: 1)
#whitelistrelay=1


### Block creation options


# Set maximum BIP141 block weight (default: 3996000)
#blockmaxweight=<n>

# Set lowest fee rate (in BTC/kvB) for transactions to be included in
# block creation. (default: 0.00001)
#blockmintxfee=<amt>


### RPC server options


# Accept public REST requests (default: 0)
rest=1

# Allow JSON-RPC connections from specified source. Valid values for <ip>
# are a single IP (e.g. 1.2.3.4), a network/netmask (e.g.
# 1.2.3.4/255.255.255.0), a network/CIDR (e.g. 1.2.3.4/24), all
# ipv4 (0.0.0.0/0), or all ipv6 (::/0). This option can be
# specified multiple times
rpcallowip=MY_IP_1
rpcallowip=MY_IP_2

# Username and HMAC-SHA-256 hashed password for JSON-RPC connections. The
# field <userpw> comes in the format: <USERNAME>:<SALT>$<HASH>. A
# canonical python script is included in share/rpcauth. The client
# then connects normally using the
# rpcuser=<USERNAME>/rpcpassword=<PASSWORD> pair of arguments. This
# option can be specified multiple times
rpcauth=USER:0949c0b552d208e24608d4896e706422$15b778b47156bc76545a262452a6475db8d78a8a3639c2d044ee2a6a73675ea7

# Bind to given address to listen for JSON-RPC connections. Do not expose
# the RPC server to untrusted networks such as the public internet!
# This option is ignored unless -rpcallowip is also passed. Port is
# optional and overrides -rpcport. Use [host]:port notation for
# IPv6. This option can be specified multiple times (default:
# 127.0.0.1 and ::1 i.e., localhost)
rpcbind=0.0.0.0:8332

# Location of the auth cookie. Relative paths will be prefixed by a
# net-specific datadir location. (default: data dir)
#rpccookiefile=<loc>

# Password for JSON-RPC connections
#rpcpassword=<pw>

# Listen for JSON-RPC connections on <port> (default: 8332, testnet:
# 18332, signet: 38332, regtest: 18443)
#rpcport=<port>

# Set the number of threads to service RPC calls (default: 4)
rpcthreads=1000

# Username for JSON-RPC connections
#rpcuser=<user>

# Set a whitelist to filter incoming RPC calls for a specific user. The
# field <whitelist> comes in the format: <USERNAME>:<rpc 1>,<rpc
# 2>,...,<rpc n>. If multiple whitelists are set for a given user,
# they are set-intersected. See -rpcwhitelistdefault documentation
# for information on default whitelist behavior.
#rpcwhitelist=<whitelist>

# Sets default behavior for rpc whitelisting. Unless rpcwhitelistdefault
# is set to 0, if any -rpcwhitelist is set, the rpc server acts as
# if all rpc users are subject to empty-unless-otherwise-specified
# whitelists. If rpcwhitelistdefault is set to 1 and no
# -rpcwhitelist is set, rpc server acts as if all rpc users are
# subject to empty whitelists.
#rpcwhitelistdefault=1

# Accept command line and JSON-RPC commands
server=1

Hello everyone,

I post a message here cause I'm bothering to struggle too much with my bitcoind testnet and need some help to understand what's happening.

Before everything was working good. I updated the last version Bitcoin Core version v27.99.0-015ac13dcc96 and now a lot of issues with my testnet node...

So where to begin?

I'm on MacOS (LTS) and I'm using an external hard disk to store everything.

PATH=/Volumes/Crucial\ X8/bitcoin/Bitcoin

I first struggled with config cause my `bitcoind` can't apply [test] section I don't know why. So, I'm using ./testnet3/bitcoin.conf.


# Testnet bitcoin.conf
printtoconsole=1
rpcallowip=127.0.0.1
testnet=1
[test]
rpcport=18332
rpcbind=127.0.0.1


I'm running the node with: bitcoind -datadir=/Volumes/Crucial\ X8/bitcoin/Bitcoin/testnet3 -txindex=1 -testnet

I copied blocks and indexes into ./testnet3/testnet3 ^^' cause apparently if ./testnet3 is the datadir it will create a testnet3 nested folder.

The cookie file is into ./testnet3, but when I launch bitcoin-cli it told me:

$ bitcoin-cli -testnet -conf=/Volumes/Crucial\ X8/bitcoin/Bitcoin/testnet3/bitcoin.conf help                     
error: Could not locate RPC credentials. No authentication cookie could be found, and RPC password is not set.  See -rpcpassword and -stdinrpcpass.  Configuration file: (/Volumes/Crucial X8/bitcoin/Bitcoin/testnet3/bitcoin.conf)


This is the first problem quite important.

BUT a second problem: my wallets stored into ./testnet3/wallets AND ./testnet3/testnet3/wallets are not opened by the node:

2024-03-20T11:55:06Z Using wallet directory /Volumes/Crucial X8/bitcoin/Bitcoin/testnet3/testnet3/wallets
2024-03-20T11:55:06Z init message: Verifying wallet(s)…
2024-03-20T11:55:06Z Using /16 prefix for IP bucketing

 
It verifies wallets but nothing after...

If I launch the node in mainnet, from PATH (./) wallets are well opened. I don't uderstand why, what happen and no idea about how to solve it.

I can give any additional required details about this to try to solve it ^^'

Thank you in advance for your consideration

Hello,


I post a message today cause I tried multiple ways to manage with my issue but I didn't find any solution. Maybe you can help me ?


First my version and OS :

Bitcoin Core version v24.0.1 (release build)
MacOS 14.0
Shell : zsh


My Bitcoin full node is running with txindex=1. I'm running `./bitcoind`. Everything what I'm talking is under `./bitcoin-cli` command.

I selected a wallet, and listed unspent. I want to merge multiple inputs into one single output.

I selected transactions that I want to merge 3 for the test and one address to give the change.

I try to build my tx from `rawtransaction` but maybe I should use another. Here I tried also `walletcreatefundedpsbt` but I got the error : Insufficient funds.

So, I selected my utxos and build rawtransaction as follow :

./bitcoin-cli -rpcwallet=MY_WALLET createrawtransaction "[{\"txid\":\"tx_id_1\",\"vout\": 0, \"scriptPubKey\":\"Script_1\"}, {\"txid\":\"tx_id_2\",\"vout\": 1, \"scriptPubKey\":\"Script_2\"}, {\"txid\":\"tx_id_3\",\"vout\": 1, \"scriptPubKey\":\"Script_3\"}]" "[{\"recipient\" : amt}]"

Here I take the output to sign it (with `signrawtransactionwithwallet`), I got the error :

{
      "txid": "tx_id_1",
      "vout": 0,
      "witness": [
      ],
      "scriptSig": "",
      "sequence": 4294967293,
      "error": "Witness program was passed an empty witness"
 }

This for all utxos.

So, I tried to sign manually each ScriptPubKey as message with signmessage but I need the pvkey. When I try dumpvkey I have the error : Only legacy wallets are supported by this command

The wallet is a taproot wallet (bc1p...).

I don't know what step to follow in order to add the witness and be able to sign this raw transaction and send to the network. I think sending on the network is not the hardest part but I didn't find how to handle signatures for this...

It's not a multisig wallet and I have the control of it.

Do you have any ideas or suggestions ?

Thanks for your reading I hope that we can solve this together