Bitcoin Forum
May 20, 2022, 08:19:54 AM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: [Guide] FULL NODE OpenSUSE 15.3: bitcoind + electrs + c-lightning + RTL  (Read 653 times)
n0nce
Sr. Member
****
Offline Offline

Activity: 280
Merit: 2234


Ubi concordia, ibi victoria!


View Profile WWW
October 21, 2021, 01:12:09 PM
Last edit: February 20, 2022, 11:32:08 AM by n0nce
Merited by vapourminer (10), hugeblack (10), NotATether (10), suchmoon (9), DaveF (8), dkbit98 (5), BlackHatCoiner (5), PawGo (5), ETFbitcoin (4), Rath_ (3), Welsh (2), Pmalek (2), Daltonik (2), Husna QA (2), darkv0rt3x (2), mocacinno (1), vv181 (1)
 #1

Since I wanted to rebuild one of my full nodes anyway, and like to experiment with different distro's, this time I went for OpenSUSE. It's enterprise-ready software with long-term support and should be very stable. Perfect for a Bitcoin node!

Disclaimers: I used @mocacinno's great centos 7 guide in parts and he generously helped me with some SUSE issues as well, so I want to give credit for that. His walkthrough is very good, but CentOS 7 is now outdated and I also wanted to add Electrum as well as configuring Electrum & C-Lightning to use Tor.

I opted to configure Electrum and C-Lightning to just use Tor. I find this the best way for privacy, circumventing NAT issues (home networks) and it has built-in encryption thus requiring no TLS certificates.
Finally, your eyes might be bleeding looking at all the nano commands. I myself obviously prefer vim, but someone who isn't familiar with it might prefer nano instead, that's why I wrote it down like this.

The hardware is quite low-end stuff, which goes to show that even a cheap node can run the 'full stack' Smiley
  • Intel® Core™ i3-2328M -- 2 cores, 4 threads, 2.2GHz
  • 8GB RAMI started with 4GB, the additional 4 sped up the IBD a ton
  • 2x 500GB HDDsNow 1TB SSD with OS and software & blockchain still on 500GB HDD
  • Regular broadband internet connection & LAN, nothing fancy

Note: By now, I switched to a 1TB SSD. Since then, the electrum server (still through Tor) is super snappy. My clients seem to connect and refresh much quicker. It still takes a bit longer than through clearnet, but Tor is hassle-free and secure.

mocacinno's remarks apply here as well:
some remaks:
  • i didn't document the firewall rules, because there are several possible firewall-implementations, and basically, if i'd have to go into the details of setting up firewallrules, i'd need a completely seperate firewall tutorial alltogether. If you have a clean (unused) VPS or you're installing a server in your HOME network (behind your own firewall), you *might* want to disable the firewall for testing puposes (re-enable it afterwards tough!!!)
  • i didn't document the backup procedures. Always make sure you backup wallets, seeds,...
  • no guarantee... If you follow these steps and lose money: don't blame me
  • no help... Sure, i might try to help you out if you run into problems, but i'm under no obligation to do so. Best effort only, and only when i have time to help you
  • no docker. Sure, docker is great, but if you run docker containers, you'll never know what's under the hood Smiley. It's easy to download and spin up a docker container, but you'll learn little (or nothing). Don't get me wrong, if you're building your own containers or if you don't want to learn how to setup your service, docker is great... Just not if you want to get your hands dirty Smiley
  • bitcoin core, c-lightning and RTL are built from source in this walktrough... It's up to you to periodically perform updates (not only for these binaries, but for all packages on your system)
  • this tutorial is a work in progress... There are many other steps (hardening, cleanup,...) that could happen. I'll probably edit these steps when i get input, or when i think about something myself. This is also why i split up this thread, this way every step has the chance/space to grow in the future...

Software list
Bitcoin Core: Reference implementation of Bitcoin, fully verified, keeps whole blockchain, requires no trust.
ElectRS: Lightweight Electrum implementation - get privacy for your SPV wallets!
C-Lightning Lightweight Lightning Network implementation - instant and cheap BTC payments.
Ride The Lightning Lightning management GUI, accessible via LAN from other devices in the network.



My C-Lightning backup guide can now be found here:
https://bitcointalk.org/index.php?topic=5384133.0

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1653034794
Hero Member
*
Offline Offline

Posts: 1653034794

View Profile Personal Message (Offline)

Ignore
1653034794
Reply with quote  #2

1653034794
Report to moderator
n0nce
Sr. Member
****
Offline Offline

Activity: 280
Merit: 2234


Ubi concordia, ibi victoria!


View Profile WWW
October 21, 2021, 01:12:32 PM
Last edit: January 25, 2022, 11:35:20 PM by n0nce
Merited by Welsh (2), ETFbitcoin (2), hugeblack (2), Husna QA (1)
 #2

openSUSE
Setting up openSUSE is analogous to any other Linux install; I would just recommend to go with the Leap version for stability instead of rolling-release Tumbleweed option.
For Sysadmins, Enterprise Developers, and ‘Regular’ Desktop Users
Regular release with the benefits of both enterprise-grade engineering and community-developed innovation.

Simply download the ISO and checksum here:
https://get.opensuse.org/leap/#download
And verify it on your local machine. Instructions can be found here:
https://www.suse.com/support/security/download-verification/

After installing openSUSE on the target machine, setup a Bitcoin user
Code:
sudo useradd -m bitcoin
sudo passwd bitcoin

Restrict sudo access to your administrator user account by editing sudoers via visudo:
Code:
sudo visudo

Go to the line that looks like:
Code:
root ALL=(ALL) ALL

And add another line like follows. Replace your_user with your 'admin' account which will be the only sudo-capable account.
Code:
your_user ALL=(ALL) ALL

Further edit the file to prevent the unprivileged bitcoin user to execute sudo commands, even if it has a root user's password.
The last two lines must be commented out like shown.
Code:
## In the default (unconfigured) configuration, sudo asks for the root password.
## This allows use of an ordinary user account for administration of a freshly
## installed system. When configuring sudo, delete the two
## following lines:
#Defaults targetpw   # ask for the password of the target user i.e. root
#ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!

n0nce
Sr. Member
****
Offline Offline

Activity: 280
Merit: 2234


Ubi concordia, ibi victoria!


View Profile WWW
October 21, 2021, 01:12:52 PM
Last edit: February 18, 2022, 08:34:12 PM by n0nce
Merited by NotATether (3), ETFbitcoin (2), Husna QA (1)
 #3

Bitcoin Core
[1] Install prerequisites:
Code:
sudo zypper -v install git python3 make automake autoconf gcc-c++ libtool libevent-devel libdb-4_8-devel
sudo zypper -v install libboost_filesystem-devel libboost_program_options-devel libboost_system-devel libboost_test-devel libboost_thread-devel

[2] Switch to unprivileged bitcoin user. Commands should output bitcoin (user) and /home/bitcoin (working directory)
Code:
su - bitcoin
whoami
pwd

[3] Download & build Bitcoin Core. v22.0 parameter needs to be adapted to the latest version whenever you read this guide.
Code:
git clone https://github.com/bitcoin/bitcoin.git
cd bitcoin
git checkout v22.0
./autogen.sh
./configure
make -j $(nproc)

[4] Create random username and password to access core via RPC.
Code:
cd share/rpcauth/
python3 rpcauth.py the_username_of_the_user_you_want cleartext_password_unique_long

[4.1] Delete history, otherwise the password remains in history file in cleartext.
Code:
history -c
history -w

[5] Create Bitcoin config file
Code:
mkdir ~/.bitcoin
nano ~/.bitcoin/bitcoin.conf

[6] Fill it like follows:
Code:
daemon=1
server=1
maxmempool=50
mempoolexpiry=2
rpcauth=user_chose_in_step_4:hash_created_in_step_4
dbcache=2048
banscore=10
datadir=/home/bitcoin/.bitcoin/

[7] Exit back to admin account
Code:
exit

[8] Install Bitcoin
Code:
cd /home/bitcoin/bitcoin
sudo make install
cd

[9] Still logged in as sudoer, create Bitcoin service:
Code:
sudo nano /usr/lib/systemd/system/bitcoind.service

[10] Contents should be like shown:
Code:
[Unit]
Description=Bitcoin daemon
After=network.target

[Service]
ExecStart=/usr/local/bin/bitcoind -daemon -conf=/home/bitcoin/.bitcoin/bitcoin.conf

# Make sure the config directory is readable by the service user
PermissionsStartOnly=true

# Process management
####################

Type=forking
Restart=on-failure

# Directory creation and permissions
####################################

# Run as bitcoin:bitcoin
User=bitcoin
Group=users

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target

[11] Enable & start service
Code:
sudo systemctl enable bitcoind.service
sudo service bitcoind start

[12] Check if running
Code:
tail -f /home/bitcoin/.bitcoin/debug.log

[13] Exit with CTRL+C, now wait for many moons (or hours) for the IBD to finish.
To check on the progress, you may use the tail command from before again or check disk utilization.
Code:
du -h /home/bitcoin/.bitcoin/blocks

After initial block download is finished, bitcoin-cli getblockchaininfo should return 99.999% verification like this.
Code:
"verificationprogress": 0.9999999999,
"initialblockdownload": false

As alluded to in the start post, IBD was going for around a week and still under 50%. Then I bought a second stick of 4GB RAM, look what happened.
For now, I would like to share my experience with a node that I've setup a few days ago. It is one of my nodes that needed a bit of maintenance; it was quite cluttered and had outdated software so I rebuilt it from scratch. I will also post a guide about it soon (OpenSUSE node walkthrough).
The hardware is a laptop motherboard with 4GB RAM and 2 500GB HDDs.
After it had taken almost a week to achieve ~40% sync, it was going super slow; around 1-2% a day, so I thought it may be a good idea to just plop in a second stick of RAM and see if it does anything. I kind of expected something to happen, but I was astonished at the speed it was going at afterwards! The HDD arm was moving much less now (audible difference); I suspect it was swapping a ton before, and the log was literally flying.

Here's a graph of some measurements I took; I let you guys guess at which point in time I upgraded the node from 4GB to 8GB Cheesy



n0nce
Sr. Member
****
Offline Offline

Activity: 280
Merit: 2234


Ubi concordia, ibi victoria!


View Profile WWW
October 21, 2021, 01:13:17 PM
Last edit: January 25, 2022, 11:35:38 PM by n0nce
Merited by ETFbitcoin (2), Husna QA (1)
 #4

electrs
Since one of the main benefits of running a full node is privacy during transaction & address lookup, an Electrum server is needed. Otherwise you'd have to query using Bitcoin Core all the time and can't just use your mobile and desktop applications for that.

[1] Install dependencies, make sure you're logged into your sudoer account and not in bitcoin.
Code:
sudo zypper install clang cargo rust tor

[2] Download and build electrs as bitcoin. It took my machine around 10 minutes.
Code:
su - bitcoin
git clone https://github.com/romanz/electrs
cd electrs
cargo build --locked --release --no-default-features
mkdir database

[3] Create electrs config file
Code:
nano electrs.toml

[4] Enter the following:
Code:
cookie_file = "/home/bitcoin/.bitcoin/.cookie"

# The listening RPC address of bitcoind, port is usually 8332
daemon_rpc_addr = "127.0.0.1:8332"

# The listening P2P address of bitcoind, port is usually 8333
daemon_p2p_addr = "127.0.0.1:8333"

# Directory where the index should be stored. It should have at least 70GB of free space.
db_dir = "/home/bitcoin/electrs/database"

# bitcoin means mainnet. Don't set to anything else unless you're a developer.
network = "bitcoin"

# How much information about internal workings should electrs print. Increase before reporting a bug.
log_filters = "INFO"

[5] Log back out into your sudo account, and open the Tor config file.
Code:
exit
sudo nano /etc/tor/torrc

[6] Add the following contents, preferably in the right section (somewhere where there's HiddenServiceDir stuff commented out).
Code:
HiddenServiceDir /var/lib/tor/electrs_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 50001 127.0.0.1:50001

ExitPolicy reject *:* # no exits allowed

[7] Start up Tor and fetch your electrs Tor hostname. The hostname can then be entered in wallets like Wasabi and BlueWallet settings.
Code:
sudo systemctl enable tor.service
sudo service tor restart
sudo cat /var/lib/tor/electrs_hidden_service/hostname

[8] Create a service so electrs starts on startup
Code:
sudo nano /usr/lib/systemd/system/electrs.service

[9] Enter this information
Code:
[Unit]
Description=Electrs
After=bitcoind.service

[Service]
WorkingDirectory=/home/bitcoin/electrs
ExecStart=/home/bitcoin/electrs/target/release/electrs
User=bitcoin
Group=users
Type=simple
KillMode=process
TimeoutSec=60
Restart=always
RestartSec=60

[Install]
WantedBy=multi-user.target

[10] Start the service
Code:
sudo systemctl enable electrs.service
sudo service electrs start

[11] Check that it's running. This should return the electrs version.
Code:
echo '{"jsonrpc": "2.0", "method": "server.version", "params": ["", "1.4"], "id": 0}' | netcat 127.0.0.1 50001

n0nce
Sr. Member
****
Offline Offline

Activity: 280
Merit: 2234


Ubi concordia, ibi victoria!


View Profile WWW
October 21, 2021, 01:13:42 PM
Last edit: January 25, 2022, 11:35:45 PM by n0nce
Merited by ETFbitcoin (2), Husna QA (1), vv181 (1)
 #5

C-Lightning
[1] Install dependencies
Code:
sudo zypper install sqlite3-devel gmp-devel zlib-devel python3-Mako gettext-tools

echo -e '#!/bin/sh\ntouch $2\nexit 0' | sudo tee /usr/local/bin/mrkd
sudo chmod 755 /usr/local/bin/mrkd

[2] Create another Tor hidden service for C-Lightning. Similar procedure as before.
Code:
sudo nano /etc/tor/torrc

[3] Below the other hidden service, add this info for Lightning.
Code:
HiddenServiceDir /var/lib/tor/lightningd_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 9735 127.0.0.1:9735

[4] Then restart Tor and retrieve the new v3 Tor hostname for your Lightning installation. Copy it somewhere so you have it handy in step 7.
Code:
sudo service tor restart
sudo cat /var/lib/tor/lightningd_hidden_service/hostname

[5] Log into bitcoin user and download + build Lightning. v0.10.1 needs to be set to the latest version.
Code:
su - bitcoin
git clone https://github.com/ElementsProject/lightning.git
cd lightning
git checkout v0.10.2
./configure
make -j $(nproc)

[6] Create Lightning config.
Code:
mkdir -p /home/bitcoin/.lightning/bitcoin
nano /home/bitcoin/.lightning/bitcoin/lightningd.conf

[7] Enter the following. Alias can be chosen at will! Smiley Replace onion_address_you_got with the hidden service hostname you got in step 4!
Code:
daemon
alias=alias_for_your_node
network=bitcoin
log-level=debug
log-file=/home/bitcoin/.lightning/debug.log

# incoming via tor
bind-addr=127.0.0.1:9735
announce-addr=onion_address_you_got.onion

# outgoing via tor
proxy=127.0.0.1:9050
always-use-proxy=true

[8] Log back out of the unprivileged bitcoin account to install Lightning and create the service.
Code:
exit
cd /home/bitcoin/lightning
sudo make install

sudo nano /usr/lib/systemd/system/lightningd.service

[9] In the service file, we need the following contents.
Code:
[Unit]
Description=C-Lightning daemon
Requires=bitcoind.service
After=bitcoind.service
Wants=network-online.target
After=network-online.target

[Service]
ExecStart=/usr/local/bin/lightningd --daemon --conf /home/bitcoin/.lightning/bitcoin/lightningd.conf

User=bitcoin
Group=users
Type=forking
Restart=on-failure

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target

[10] Start the Lightning service
Code:
sudo systemctl enable lightningd.service
sudo service lightningd start

[11] To check if it's running, we can use the lightning-cli command as bitcoin user with any of its parameters.
Code:
su - bitcoin
lightning-cli getinfo

n0nce
Sr. Member
****
Offline Offline

Activity: 280
Merit: 2234


Ubi concordia, ibi victoria!


View Profile WWW
October 21, 2021, 01:13:49 PM
Last edit: January 30, 2022, 03:34:21 AM by n0nce
Merited by ETFbitcoin (5), BlackHatCoiner (5), Husna QA (2), vv181 (1)
 #6

Ride The Lightning (RTL) GUI
I will preface the RTL install instruction: it is not required to run and manage C-Lightning nodes, but it makes a lot of things a lot simpler. And of course it's graphical opposed to the purely command-line based C-Lightning interface. Unfortunately, it is based on NodeJS, which many people find is bloated, that should also be kept in mind. So unless you need it, you can omit RTL in the beginning.

Also another remark: You can install c-lightning-REST as a C-Lightning plugin, which is a pretty cool feature of C-Lightning (ability to add features as plugins), however I recommend installing as services, since it makes it easier to restart them without restarting C-Lightning all the time (which is not optimal).

Part 1: Installing the backend - c-lightning-REST

[1] Install dependencies
Check out the latest non-development nodejs version in the package manager:
Code:
sudo zypper search nodejs

At the time of writing, it is version 16.
Code:
S | Name                    | Summary                                    | Type
--+-------------------------+--------------------------------------------+-----------
  | nodejs-common           | Common files for the NodeJS ecosystem      | package
  | nodejs-default          | Default version of nodejs                  | package
  | nodejs-devel-default    | Headers for default version of nodejs      | package
  | nodejs-emojione         | A set of emojis designed for the web       | package
  | nodejs-emojione-awesome | Emojione templates                         | package
  | nodejs-emojione-demo    | EmojiOne Demos                             | package
  | nodejs-emojione-meteor  | EmojiOne utility for Meteor                | package
  | nodejs-emojione-python  | EmojiOne utility for Python                | package
  | nodejs-emojione-swift   | EmojiOne utility for swift                 | package
  | nodejs-packaging        | Node.js Dependency generators for openSUSE | package
  | nodejs-underscore       | A utility belt library for JavaScript      | package
  | nodejs10                | Evented I/O for V8 JavaScript              | package
  | nodejs10                | Evented I/O for V8 JavaScript              | srcpackage
  | nodejs10-devel          | Development headers for NodeJS 10.x        | package
  | nodejs10-docs           | Node.js API documentation                  | package
  | nodejs12                | Evented I/O for V8 JavaScript              | package
  | nodejs12                | Evented I/O for V8 JavaScript              | srcpackage
  | nodejs12-devel          | Development headers for NodeJS 12.x        | package
  | nodejs12-docs           | Node.js API documentation                  | package
  | nodejs14                | Evented I/O for V8 JavaScript              | package
  | nodejs14                | Evented I/O for V8 JavaScript              | srcpackage
  | nodejs14-devel          | Development headers for NodeJS 14.x        | package
  | nodejs14-docs           | Node.js API documentation                  | package
  | nodejs16                | Evented I/O for V8 JavaScript              | srcpackage
  | nodejs16                | Evented I/O for V8 JavaScript              | package
  | nodejs16-devel          | Development headers for NodeJS 16.x        | package
  | nodejs16-docs           | Node.js API documentation                  | package
  | nodejs8                 | Evented I/O for V8 JavaScript              | package
  | nodejs8                 | Evented I/O for V8 JavaScript              | srcpackage
  | nodejs8-devel           | Development headers for NodeJS 8.x         | package
  | nodejs8-docs            | Node.js API documentation                  | package

Install the non-development version.
Code:
sudo zypper install nodejs16

[2] While still in your privileged user, check if ports 3001 and 4001 are already in use (shouldn't be), as follows. If the commands return nothing, you're clear.
Code:
sudo lsof -i :3001
sudo lsof -i :4001
Otherwise, try other high port numbers. Best would be to refer to Wikipedia to make sure you're not going to conflict with another webservice of sorts on your machine. Again try with the sudo lsof -i[tt/] command as shown and note two ports of your choice.

[3] Clone the c-lightning-REST repository and check out the latest version.
Code:
su - bitcoin
git clone https://github.com/Ride-The-Lightning/c-lightning-REST.git
cd c-lightning-REST
git checkout v0.6.1

[4] Install this version in 'production' mode.
Code:
npm install --only=prod

[5] Create new config file from sample config and leave all values on their defaults for now.
Code:
cp sample-cl-rest-config.json cl-rest-config.json

[6] If you got an issue in step 2 with ports 3001 and / or 4001 already in use, open the file cl-rest-config.json now and change the values to the ones you chose and verified were clear to use. Otherwise you can skip this step.
Code:
nano cl-rest-config.json

[7] Log out of unprivileged bitcoin account and create a service file.
Code:
exit
sudo nano /usr/lib/systemd/system/c-lightning-REST.service

[8] Add the following contents:
Code:
[Unit]
Description=c-lightning-REST daemon
Wants=lightningd.service
After=lightningd.service

[Service]
ExecStart=/usr/bin/node /home/bitcoin/c-lightning-REST/cl-rest.js
WorkingDirectory=/home/bitcoin/c-lightning-REST
User=bitcoin
Group=users
Restart=always
TimeoutSec=120
RestartSec=30

[Install]
WantedBy=multi-user.target

[9] Enable and start the c-lightning-REST service.
Code:
sudo systemctl enable c-lightning-REST.service
sudo service c-lightning-REST start

[10] Check that the service is running and everything's fine so far. Exit by just typing the letter Q.
Code:
sudo service c-lightning-REST status



Part 2: Installing the frontend - RTL

[1] Change back into unprivileged bitcoin user and clone the repository. Also going to check out the latest release.
Code:
su - bitcoin
git clone https://github.com/Ride-The-Lightning/RTL.git
cd RTL
git checkout v0.12.1

[2] Install RTL in production mode.
Code:
npm install --only=prod

[3] Create a new configuration file and open it up.
Code:
nano RTL-Config.json

[4] Enter the following.
Code:
{
  "multiPass": "password",
  "port": "3000",
  "SSO": {
    "rtlSSO": 0,
    "rtlCookiePath": "",
    "logoutRedirectLink": ""
  },
  "nodes": [
    {
      "index": 1,
      "lnNode": "c-lightning",
      "lnImplementation": "CLT",
      "Authentication": {
        "macaroonPath": "/home/bitcoin/c-lightning-REST/certs/"
      },
      "Settings": {
        "userPersona": "OPERATOR",
        "themeMode": "NIGHT",
        "themeColor": "PURPLE",
"channelBackupPath": "/home/bitcoin/RTL/",
        "bitcoindConfigPath": "/home/bitcoin/.bitcoin/",
        "logLevel": "INFO",
        "fiatConversion": false,
        "lnServerUrl": "https://127.0.0.1:3001/v1"
      }
    }
  ]
}

[5] Change to privileged account to create a new service file for RTL.
Code:
exit
sudo nano /usr/lib/systemd/system/RTL.service

[6] Enter the following.
Code:
[Unit]
Description=RTL daemon
Wants=c-lightning-REST.service
After=c-lightning-REST.service

[Service]
ExecStart=/usr/bin/node /home/bitcoin/RTL/rtl.js
User=bitcoin
Group=users
Restart=always
TimeoutSec=120
RestartSec=30

[Install]
WantedBy=multi-user.target

[7] Activate and install the service.
Code:
sudo systemctl enable RTL.service
sudo service RTL start

[8] Make sure the service is up and running correctly.
Code:
sudo service RTL status

[9] If you just want to access RTL on the node itself, visit a web browser and type localhost:3000. Otherwise, either open port 3000 to access the node in your local network or proceed with the next step to tunnel this again through Tor!

[10] Open torrc and add the following below the previously installed Tor hidden services.
Code:
sudo nano /etc/tor/torrc

Code:
HiddenServiceDir /var/lib/tor/rtl_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 3000 127.0.0.1:3000

[11] Restart Tor and retrieve the Tor URL for RTL.
Code:
sudo service tor restart
sudo cat /var/lib/tor/rtl_hidden_service/hostname

[12] You can now access Ride The Lightning from anywhere through Tor Browser, on Desktop and even Mobile!

Simply type in the [mumbojumbo].onion:3000 address from step 11. Highly recommend to bookmark it or otherwise save it, since you can't probably memorize it! Wink

[13] VERY IMPORTANT! Changing the password. By default, it is password. Change it to something secure and add 2FA through an open-source 2FA application (not Google Authenticator).



Part 3 (optional): Hardening
This is a version 3 hidden service, so it cannot be found in any way unlike servers in the clearnet or Tor v2. You also have authentication within RTL. If you don't deem this secure enough though, you can set up client authentication, which involves generating a shared secret and setting it up on both the node and the client (Tor browser or Tor service on client computer).

I am not trying this, since I find Onion v3 addresses good enough, especially when paired with a secure password and 2FA code.
If you still want it (e.g. multiple BTC in channels, etc.), here's a guide I found:
https://matt.traudt.xyz/posts/2019-01-19-creating-private-v3-onion-services/

I also archived it twice, since I saw this guy already moved his blog once in the past.
https://archive.fo/80CN4
https://web.archive.org/web/20220130032823/https://matt.traudt.xyz/posts/2019-01-19-creating-private-v3-onion-services/

Instead of doing this, I would simply turn off RTL via service when not needed (C-Lightning will obviously continue running) as shown.
Code:
sudo service RTL stop

Turning it back on for completeness:
Code:
sudo service RTL start

n0nce
Sr. Member
****
Offline Offline

Activity: 280
Merit: 2234


Ubi concordia, ibi victoria!


View Profile WWW
October 21, 2021, 01:14:06 PM
Last edit: January 30, 2022, 03:34:50 AM by n0nce
 #7

Changelog:

29.11.2021: Update guide for electrs 0.9.3 and c-lightning 0.10.2
30.01.2022: Add RTL install instructions

n0nce
Sr. Member
****
Offline Offline

Activity: 280
Merit: 2234


Ubi concordia, ibi victoria!


View Profile WWW
January 30, 2022, 03:48:03 AM
Last edit: January 30, 2022, 12:21:09 PM by n0nce
 #8

Friendly bump for anyone who wanted to finish their install with me and was still missing RTL!
It's not even that bad that I postponed it until now, because from the latest version of RTL, it supports C-Lightning offers in an 'experimental' stage.

Topic for testing Offers!

darkv0rt3x
Sr. Member
****
Offline Offline

Activity: 360
Merit: 289


What is this?


View Profile
February 02, 2022, 11:35:58 PM
Merited by Husna QA (1), n0nce (1)
 #9

Would like to make a suggestion regarding Tor configuration.
It's just a bit for improved privacy which is to uncomment the following line in /etc/tor/torrc

Code:
ExitPolicy reject *:*

This will prevent your node to be an exit node in the Tor network. Being an exit node allows for 3rd parties to get certain info from your node.
Read more here, if interested:
Section Exit node eavesdropping
https://en.wikipedia.org/wiki/Tor_(network)

Or also here:
https://medium.com/coinmonks/tor-nodes-explained-580808c29e2d

n0nce
Sr. Member
****
Offline Offline

Activity: 280
Merit: 2234


Ubi concordia, ibi victoria!


View Profile WWW
February 03, 2022, 01:32:09 AM
 #10

Would like to make a suggestion regarding Tor configuration.
It's just a bit for improved privacy which is to uncomment the following line in /etc/tor/torrc

Code:
ExitPolicy reject *:*

This will prevent your node to be an exit node in the Tor network. Being an exit node allows for 3rd parties to get certain info from your node.
Read more here, if interested:
Section Exit node eavesdropping
https://en.wikipedia.org/wiki/Tor_(network)

Or also here:
https://medium.com/coinmonks/tor-nodes-explained-580808c29e2d

Thanks, but I did include it exactly because of this already!
[6] Add the following contents, preferably in the right section (somewhere where there's HiddenServiceDir stuff commented out).
Code:
HiddenServiceDir /var/lib/tor/electrs_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 50001 127.0.0.1:50001

ExitPolicy reject *:* # no exits allowed

darkv0rt3x
Sr. Member
****
Offline Offline

Activity: 360
Merit: 289


What is this?


View Profile
February 03, 2022, 09:47:05 PM
 #11

Would like to make a suggestion regarding Tor configuration.
It's just a bit for improved privacy which is to uncomment the following line in /etc/tor/torrc

Code:
ExitPolicy reject *:*

This will prevent your node to be an exit node in the Tor network. Being an exit node allows for 3rd parties to get certain info from your node.
Read more here, if interested:
Section Exit node eavesdropping
https://en.wikipedia.org/wiki/Tor_(network)

Or also here:
https://medium.com/coinmonks/tor-nodes-explained-580808c29e2d

Thanks, but I did include it exactly because of this already!
[6] Add the following contents, preferably in the right section (somewhere where there's HiddenServiceDir stuff commented out).
Code:
HiddenServiceDir /var/lib/tor/electrs_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 50001 127.0.0.1:50001

ExitPolicy reject *:* # no exits allowed

I guess I missed it! Good job!

darkv0rt3x
Sr. Member
****
Offline Offline

Activity: 360
Merit: 289


What is this?


View Profile
February 08, 2022, 08:48:59 PM
Merited by n0nce (1)
 #12

One other step I can't see is adding the username to tor group. At least in Debiana based distros, it's usually needed!
Something like
usermod -a -G myUserName debian-tor

I didn't see this step. Hope I didn't miss it!

n0nce
Sr. Member
****
Offline Offline

Activity: 280
Merit: 2234


Ubi concordia, ibi victoria!


View Profile WWW
February 09, 2022, 12:34:49 AM
 #13

One other step I can't see is adding the username to tor group. At least in Debiana based distros, it's usually needed!
Something like
usermod -a -G myUserName debian-tor

I didn't see this step. Hope I didn't miss it!
I didn't do it since it wasn't needed.. Grin
I know most guides do it, but if it works without, I prefer to omit it - keeping everything simple & lean as possible is my mantra!

ETFbitcoin
Legendary
*
Offline Offline

Activity: 2240
Merit: 4338


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
February 09, 2022, 11:47:06 AM
 #14

One other step I can't see is adding the username to tor group. At least in Debiana based distros, it's usually needed!
Something like
usermod -a -G myUserName debian-tor

I didn't see this step. Hope I didn't miss it!

Are there any good reason/advantage by adding your username to tor group? Personally i almost never see any guide doing it and when they do, there's no detailed explanation.

darkv0rt3x
Sr. Member
****
Offline Offline

Activity: 360
Merit: 289


What is this?


View Profile
February 09, 2022, 07:30:23 PM
Merited by ETFbitcoin (3), vv181 (1)
 #15

One other step I can't see is adding the username to tor group. At least in Debiana based distros, it's usually needed!
Something like
usermod -a -G myUserName debian-tor

I didn't see this step. Hope I didn't miss it!

Are there any good reason/advantage by adding your username to tor group? Personally i almost never see any guide doing it and when they do, there's no detailed explanation.
At least in some Debian based distros, if your username is not in this group, the hidden service cannot read the AuthCookieFile. It happened to me and at least to @BlackHatCoiner. We fixedd his Tor issues by only adding his user to debian-tor group.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 2240
Merit: 4338


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
February 10, 2022, 09:31:21 AM
 #16

Are there any good reason/advantage by adding your username to tor group? Personally i almost never see any guide doing it and when they do, there's no detailed explanation.
At least in some Debian based distros, if your username is not in this group, the hidden service cannot read the AuthCookieFile. It happened to me and at least to @BlackHatCoiner. We fixedd his Tor issues by only adding his user to debian-tor group.

Thanks for the info. I also checked cookie file on my debian virtual machine and the debian-tor appear as both owner/group of the cookie file with 640 permission.

n0nce
Sr. Member
****
Offline Offline

Activity: 280
Merit: 2234


Ubi concordia, ibi victoria!


View Profile WWW
February 10, 2022, 12:14:12 PM
Merited by ETFbitcoin (2)
 #17

So, I checked my node again.
It's not needed with my guide, since I simply don't use CookieAuthentication.

Instead, I have these more compact, readable 3-liners for each service. In my opinion easier to understand what's going on, modify if needed and less modifications to the system.
[2] Create another Tor hidden service for C-Lightning. Similar procedure as before.
Code:
sudo nano /etc/tor/torrc

[3] Below the other hidden service, add this info for Lightning.
Code:
HiddenServiceDir /var/lib/tor/lightningd_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 9735 127.0.0.1:9735

The official C-Lightning guide would have you do:
Code:
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1

You also need to make your user a member of the Tor group.

If it's somehow possible to avoid opening any type of port and changing any types of permissions, I usually avoid it. Wink

darkv0rt3x
Sr. Member
****
Offline Offline

Activity: 360
Merit: 289


What is this?


View Profile
February 11, 2022, 12:24:46 AM
 #18

Code:
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1

I know about this but still, I had problems with Tor, and after adding my user name to debian-tor, the problem was fixed!

NotATether
Legendary
*
Offline Offline

Activity: 882
Merit: 2897


Resist all tyrants!


View Profile WWW
February 17, 2022, 07:32:38 AM
Merited by n0nce (2), dkbit98 (1)
 #19

I should mention that With the exception of CentOS and Red Hat, Linux filesystems are prone to corruption on power failure so you will probably want to configure fsck(8 ) to run at evrey boot so that you do not get "Read-Only Filesystem" errors which will prevent you from writing to any of your mounted filesystems. In particular, it will prevent Bitcoin Core from running.

You can actually configure it to run from GRUB's config file:

1. Edit the /etc/default/grub file on Debian/Ubuntu. CentOS/RHEL/Fedora/Rocky/Alma Linux user edit the /etc/sysconfig/grub file.
2. Find line that read as GRUB_CMDLINE_LINUX_DEFAULT and append the fsck.mode=force. You may have other config options. Just add it between the quote marks. For example:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash fsck.mode=force"
[do not remove anything else from the string, just add fsck.mode=force at the end of the string]

3. To force all auto repair option including that may cause damage add the fsck.repair=yes option too.
4. Then run an sudo update-grub.

OpenSuse Leap uses btrfs filesystem which should also work with these instructions despite being written for ext4. That's because fsck will automatically call the correct command for the filesystem.

BlackHatCoiner
Legendary
*
Online Online

Activity: 798
Merit: 3227


Res nullius.


View Profile WWW
February 17, 2022, 07:39:40 PM
 #20

Lightning dislikes me. Does anybody know why am I getting this when I start the RTL service?


I don't have OpenSUSE, but Raspbian. I've installed nodejs, cloned c-lightning-REST.git, installed it with npm, created both sample-cl-rest-config.json and cl-rest-config.json, edited the c-lightning-REST.service accordingly and started it.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!