flywithu/Learning-Bitcoin-from-the-Command-Line
1
1
Fork 0
mirror of https://github.com/ChristopherA/Learning-Bitcoin-from-the-Command-Line.git synced 2025-06-07 16:06:26 +00:00
Code Issues Releases Wiki Activity

Full edit

Browse Source
This commit is contained in:
Shannon Appelcline 2017-02-28 15:45:17 -08:00 committed by GitHub
parent 5139813552
commit c3b9480d60
1 changed files with 33 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2A_Setting_Up_a_Bitcoin-Core_VPS_by_Hand.md
View File

@ -2,13 +2,13 @@
> **NOTE:** This is a draft in progress, so that I can get some feedback from early reviewers. It is not yet ready for learning.
This document explains how to set up a VPS (Virtual Private Sever) to run a Bitcoin node on cloud computer by hand. You'll need to set up your computer yourself, but then this document will provide you with important commands to secure your VPS and to get it running Bitcoin.
This document explains how to set up a VPS (Virtual Private Sever) by hand to run a Bitcoin node on a cloud computer. You'll need to set up your computer yourself, but then this document will provide you with important commands to secure your VPS and to get it running Bitcoin.
> **WARNING:** Dont use a VPS for a bitcoin wallet with significant real funds; see http://blog.thestateofme.com/2012/03/03/lessons-to-be-learned-from-the-linode-bitcoin-incident/ . It is very nice to be able experiment with real bitcoin transactions on a live node without tying up a self-hosted server on a local network. Ive also found it useful to be able to use an iPhone or iPad to communicate via SSH to my VPS to do some simple bitcoin tasks. But a higher level of safety is required for significant funds.
If you want to instead have a script do the setup for you, specifically at Linode.com, read the parallel HOWTO file, [2B - Setting up a Bitcoin-Core VPS with StackScript](./2B_Setting_Up_a_Bitcoin-Core_VPS_with_StackScript.md).
If you want to instead have a script do the setup for you, specifically at linode.com, read the parallel HOWTO file, [2B - Setting up a Bitcoin-Core VPS with StackScript](./2B_Setting_Up_a_Bitcoin-Core_VPS_with_StackScript.md).
If you already have a Bitcoin node running, instead read the next HOWTO file, [3 - Playing with Bitcoin Core](—link—).
If you already have a Bitcoin node running, instead read the next HOWTO file, [3 - Playing with Bitcoin Core](3_Playing_with_Bitcoin.md).
## Choosing Your Bitcoin Setup
@ -22,17 +22,17 @@ Your options are:
**Pruned Mainnet.** This will cut the blockchain you're storing down to just the last 550 blocks. If you're not mining or running some other Bitcoin service, this should be plenty for validation.
**Testnet.** This gives you access to an alternative Bitcoin blockchain where the Bitcoins don't actually have value. It's intended for experimentation and testing.
**Testnet.** This gives you access to an alternative Bitcoin blockchain where the bitcoins don't actually have value. It's intended for experimentation and testing.
**Pruned Testnet.** This is just the last 550 blocks of Testnet ... because the Testnet blockchain is pretty big now too.
**Private Regtest.** This is Regression Testing Mode, which lets you run a totally local Bitcoin server. It allows for even more in-depth testing. There's no pruning needed here, because you'll be starting from scratch.
We suggest Testnet if you're planning to play around and learn Bitcoin and a Pruned setup unless you're planning to set up a miner or a complex Bitcoin service.
We suggest testnet if you're planning to play around and learn Bitcoin and a pruned setup unless you're planning to set up a miner or a complex Bitcoin service.
## Getting Started at a Cloud Provider
First you'll need to choose a cloud provider. The commands in this document are derived from the script we use at linode.com, and they should also work at digitalocean.com.
First you'll need to choose a cloud provider. The commands in this document are derived from the script we use at linode.com; they should also work at digitalocean.com.
### Set Up an Account
@ -49,9 +49,9 @@ If your cloud provider offers two-factor authentication for their web tools, we
### Create a Machine
You should now create your Bitcoin VPS. Most setups require 5-15G of storage and 2-3G of memory. The non-Pruned Mainnet is the only setup that requires considerably more: about 120G of memory to hold the current blockchain.
You should now create your Bitcoin VPS. Most setups require 5-15G of storage and 2-3G of memory. The non-Pruned Mainnet is the only setup that requires considerably more: about 120G of storage to hold the current blockchain.
Following are suggests for machine requirements:
Following are suggestions for machine requirements:
| Setup | Memory | Storage |
|-------|--------|---------|
@ -61,13 +61,13 @@ Following are suggests for machine requirements:
| Pruned Testnet | 2-3G | ~5G |
| Regtest | 2-3G | ~ |
We also suggest you choose a Debian 8 image when you're creating your machine. These commands were all tested on Debian 8.7 (jessie). The further you get away from that, the less likely things will work as laid out here. So, another Debian is probably OK and maybe ubuntu, but we've tried these out on a Mac, and we know that it's missing some commands like "wget". So, installer beware!
We also suggest you choose a Debian 8 image when you're creating your machine. These commands were all tested on Debian 8.7 (jessie). The further you get away from that, the less likely things will work as described here. So, another Debian is probably OK and maybe a different Ubuntu, but we've tried these out on a Mac, and we know that it's missing some commands like "wget". So, installer beware!
Afterward, boot your VPS.
## Configuring Your VPS
You're now ready to log. You'll need to lookup the IP address of your new machine, and then you should be able to SSH in:
You're now ready to log. You'll need to look up the IP address of your new machine, and then you should be able to SSH in:
```
$ ssh root@192.168.1.52
@ -85,7 +85,7 @@ $ /etc/init.d/hostname.sh start
$ /bin/hostname "mybtc"
```
Also enter the info into your /etc/hosts file. Note that you should also enter a fully-qualified hostname into your hosts file, as shown below. If you're not making the machine part of a name, just choose a ".local" suffix.
Also enter the info into your /etc/hosts file. Note that you should also enter a fully-qualified hostname, as shown below. If you're not making the machine part of a domain, just choose a ".local" suffix.
```
$ echo "127.0.0.1 localhost" > /etc/hosts
@ -94,7 +94,7 @@ $ echo "127.0.1.1 mybtc.local mybtc" >> /etc/hosts
### Update Your Timezone
Make sure your timezone is set correctly.
Make sure your timezone is correct.
The following example sets your machine to the American west coast timezone:
@ -109,8 +109,9 @@ Though you're not putting much real value on this server, you should still make
### Create Firewall Rules
To start with, create a firewall rules file. For all instructions that look like this, you should just be able to cut from the "cat" all the way down to the EOF, and everything will be placed into the appropriate file.
To start with, create a firewall rules file.
_For all instructions that look like this, you should just be able to cut from the "cat" all the way down to the EOF, and everything will be placed into the appropriate file._
```
$ cat > /etc/iptables.firewall.rules <<EOF
*filter
@ -153,7 +154,7 @@ COMMIT
EOF
```
Note that 8333 is the Mainnet Port and 18333 is the Testnet port. If you want to be adventurous, you can delete the one you're not using.
Note that 8333 is the Bitcoin Mainnet Port and 18333 is the Bitcoin Testnet port. If you want to be adventurous, you can delete the one you're not using.
Most work is still done on IPv4 networks, but the following will establish the same rules for IPv6:
@ -181,14 +182,14 @@ $ /etc/network/if-pre-up.d/firewall
#### Optional: Add More Firewall Rules
Please note that this will only allow access to your machine for only SSH, Ping, and Bitcoin services. If you want to accept other types of traffic, you will need to open up additional ports ("dports") using the same methodology as shown in the Bitcoin port 8333 connections. For example, to allow connections to port 25 (mail), would require adding the following to the iptables and the ip6tables:
Please note that this will only allow access to your machine for SSH, Ping, and Bitcoin services. If you want to accept other types of traffic, you will need to open up additional ports ("dports") using the same methodology as shown in the Bitcoin port 8333 connection. For example, to allow connections to port 25 (mail), would require adding the following to the iptables and the ip6tables:
```
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p udp --dport 25 -j ACCEPT
```
This example opens up access to port 25 for TCP and UDP connections. Other popular ports are 80 (HTTP), 443 (HTTPS), 53 (DNS), 110 (POP), and 143 (IMAP). Be sure any such changes are put above the logs and defaults that appear at the end of the firewall files.
This example opens up access to port 25 for TCP and UDP connections. Other popular ports are 80 (HTTP), 443 (HTTPS), 53 (DNS), 110 (POP), and 143 (IMAP). Be sure any such changes are put above the logs and defaults that appear at the end of the iptables.firewall.rules files.
If you made changes, you can immediately incorporate them by again running the firewall script that you created.
@ -198,10 +199,9 @@ $ /etc/network/if-pre-up.d/firewall
### Lock Down Your SSH
If you know your fixed IP address for home, we _highly_ suggest that you lock down your SSH, so that your server can only be logged into from that IP. You can also enter multiple IP addresses if you comma separate them.
If you know your fixed IP address for home, we _highly_ suggest that you lock down your SSH, so that your server can only be accessed from that IP. You can also enter multiple IP addresses if you comma separate them.
To do so, just replace $YOUR_HOME_IP with your own:
```
$ echo "sshd: $YOUR_HOME_IP" >> /etc/hosts.allow
$ echo "sshd: ALL" >> /etc/hosts.deny
@ -210,68 +210,59 @@ $ echo "sshd: ALL" >> /etc/hosts.deny
## Setting Up a User
It's always best to do your work with a user other than root. The following creates a user account for 'user1'
```
$ /usr/sbin/useradd -m -g sudo -s /bin/bash user1
$ /usr/bin/passwd user1
$ /usr/sbin/adduser user1 sudo
```
You'll be asked for a password for user1 after the second command.
### Optional: Set Up a SSH Key
Though it's not required, we suggest copying your SSH key to your user1 account, to simplify access and make it more secure.
Though it's not required, we suggest copying your SSH key to your user1 account, to simplify access and to make it more secure.
Make the SSH directory:
```
$ mkdir ~user1/.ssh
```
Then past your SSH key into ~user1/.ssh/authorized_keys
Afterward give user1 the permissions:
Then paste your SSH key into ~user1/.ssh/authorized_keys .
Afterward give user1 access to the file:
```
$ chown -R user1 ~user1/.ssh
```
If you haven't setup an SSH key on your local computer yet, there are good instructions for it on [Github](https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/).
If you haven't set up an SSH key on your local computer yet, there are good instructions for it on [Github](https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/).
### Create Bitcoin Aliases
We find a number of Bash aliases helpful to make it easier to use Bitcoin.
If you are using a Testnet or Pruned Testnet setup, we suggest the following:
If you are using a testnet or pruned testnet setup, we suggest the following:
```
$ sudo -u user1 cat >> ~user1/.bash_profile <<EOF
alias btcdir="cd ~/.bitcoin/" #linux default bitcoind path
# alias btcdir="cd ~/Library/Application\ Support/Bitcoin/" #mac default bitcoind path
alias bc="bitcoin-cli"
alias bd="bitcoind"
alias btcinfo='bitcoin-cli getinfo | egrep "\"version\"|balance|blocks|connections|errors"'
alias btcblock="echo \\\`bitcoin-cli getblockcount 2>&1\\\`/\\\`wget -O - http://blockexplorer.com/testnet/q/getblockcount 2> /dev/null | cut -d : -f2 | rev | cut -c 2- | rev\\\`"
EOF
```
Otherwise, we suggest the following:
Otherwise, if you are using a mainnet or pruned mainnet setup, we suggest the following:
```
$ sudo -u user1 cat >> ~user1/.bash_profile <<EOF
alias btcdir="cd ~/.bitcoin/" #linux default bitcoind path
# alias btcdir="cd ~/Library/Application\ Support/Bitcoin/" #mac default bitcoind path
alias bc="bitcoin-cli"
alias bd="bitcoind"
alias btcinfo='bitcoin-cli getinfo | egrep "\"version\"|balance|blocks|connections|errors"'
alias btcblock="echo \\\`bitcoin-cli getblockcount 2>&1\\\`/\\\`wget -O - http://blockchain.info/q/getblockcount 2>/dev/null\\\`"
EOF
```
The only difference between the two is in the 'btcblock' line, which looks up the block count in different places for Mainnet and Testnet.
The only difference between the two is in the 'btcblock' line, which looks up the block count in different places for mainnet and testnet.
> **WARNING:** The btcblock alias will not work correctly if you try to place it in your .bash_profile by hand, rather than using the "cat" command as suggested. To enter it by hand, you need to adjust the number of backslashes (usually from three each to one each), so make sure you know what you're doing if you aren't entering the commands exactly as shown.
As usual, give your user permission:
```
$ /bin/chown user1 ~user1/.bash_profile
```
@ -281,24 +272,19 @@ $ /bin/chown user1 ~user1/.bash_profile
An up-to-date Debian is a safe Debian.
Before you install Bitcoin, you should run the following commands to get all the latest patches:
```
$ export DEBIAN_FRONTEND=noninteractive
$ apt-get update
$ apt-get upgrade -y
$ apt-get dist-upgrade -y
```
This process will take several minutes. Take a break. Have an espresso.
Afterward, you also need to install a random number generator:
```
$ apt-get install haveged -y
```
Finally, we highly suggest that you set upgrades to be automatic, so that you stay up to date on updates in the future:
```
$ echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections
$ apt-get -y install unattended-upgrades
@ -309,7 +295,6 @@ $ apt-get -y install unattended-upgrades
At last, the moment of truth, you're ready to install Bitcoin!
You will want to do this all in the user1 account, so switch over:
```
$ su user1
$ cd
@ -321,7 +306,6 @@ $ source ~/.bash_profile
First, we suggest setting up two variables to make this installation more automatic.
The first variable, $BITCOIN, should be set to the current version of Bitcoin. It was 0.13.2 when we wrote this. The second will then automatically generate a truncated form used by some of the files.
```
$ export BITCOIN=bitcoin-core-0.13.2
$ export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'`
@ -330,42 +314,35 @@ $ export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'`
### Download Files
Grab the relevant files from bitcoin.org:
```
$ wget https://bitcoin.org/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~user1/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz
$ wget https://bitcoin.org/bin/$BITCOIN/SHA256SUMS.asc -O ~user1/SHA256SUMS.asc
$ wget https://bitcoin.org/laanwj-releases.asc -O ~user1/laanwj-releases.asc
```
This is the other step of the process that takes five minutes or so. It might be time to go have a nice walk in the sun.
### Verify Bitcoin Signature
You want to make extra sure that your Bitcoin setup is authenticate and hasn't been messed with. The first way to do that is to look at the signature:
You want to make extra sure that your Bitcoin setup is authentic and hasn't been messed with. The first way to do that is to look at the signature:
```
$ /usr/bin/gpg --import ~user1/laanwj-releases.asc
$ /usr/bin/gpg --lsign `sudo -u user1 /usr/bin/gpg --list-keys | grep pub | awk '{print $2}' | awk -F/ '{print $2}'`
$ /usr/bin/gpg --verify ~user1/SHA256SUMS.asc
```
Amongst the info you get back from the last command should be a line telling you that you have a "Good signature".
### Verify Bitcoin SHA
Next, you should verify the Hash for the Bitcoin tar file against the expected Hash:
```
$ /usr/bin/sha256sum ~user1/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'
$ cat ~user1/SHA256SUMS.asc | grep $BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'
```
If those both produce the same number, it's OK.
### Install Bitcoin
If both of your verification tests succeeded, you can now install Bitcoin. (If they didn't, you need to start looking into what's going on!)
```
$ /bin/tar xzf ~user1/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -C ~user1
$ sudo /usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~user1/$BITCOINPLAIN/bin/*
@ -377,12 +354,10 @@ $ /bin/rm -rf ~user1/$BITCOINPLAIN/
Finally, you should set up a bitcoin configuration file.
First, create the directory:
```
$ sudo -u user1 /bin/mkdir ~user1/.bitcoin
$ /bin/mkdir ~user1/.bitcoin
```
This is the core file, which is appropriate for a Mainnet or Testnet setup:
This is the core bitcoin.conf file, which is appropriate for a mainnet or testnet setup:
```
$ cat >> ~user1/.bitcoin/bitcoin.conf << EOF
server=1
@ -395,33 +370,26 @@ rpcuser=bitcoinrpc
rpcpassword=$(xxd -l 16 -p /dev/urandom)
EOF
```
If you want a pruned copy of the chain (and you probably should), add the following:
```
$ cat >> ~user1/.bitcoin/bitcoin.conf << EOF
prune=550
EOF
```
Otherwise, if you are _not_ pruning add the following:
```
$ cat >> ~user1/.bitcoin/bitcoin.conf << EOF
txindex=1
EOF
```
(txindex gives the benefit of a complete transaction index, but is not compatible with pruning, so you choose one or the other.)
Finally, if you want to use Testnet instead of Mainnet, add the following:
Finally, if you want to use testnet instead of mainnet (and you probably should for testing), add the following:
```
$ cat >> ~user1/.bitcoin/bitcoin.conf << EOF
testnet=1
EOF
```
So, for example, a pruned testnet, which is our favored setup for playing with bitcoin, would look like this:
```
$ cat ~/.bitcoin/bitcoin.conf
@ -436,11 +404,9 @@ rpcpassword=$(xxd -l 16 -p /dev/urandom)
prune=550
testnet=1
```
_Please note that this setup does not yet support a Private Regtest. That will require a very different setup TBD._
Finally, limit permissions to your configuration file:
To end, limit permissions to your configuration file:
```
$ /bin/chmod 600 ~user1/.bitcoin/bitcoin.conf
```
@ -448,13 +414,10 @@ $ /bin/chmod 600 ~user1/.bitcoin/bitcoin.conf
### Start the Daemon!
After all of that, starting the Bitcoin daemon is anticlimatically simple:
```
$ /usr/local/bin/bitcoind -daemon
```
You should also add a crontab entry , so that the bitcoin daemon starts up whenever your VPS restarts:
```
$ ( /usr/bin/crontab -l -u user1 2>/dev/null; echo "@reboot /usr/local/bin/bitcoind -daemon" ) | /usr/bin/crontab -u user1 -
```
@ -464,16 +427,14 @@ $ ( /usr/bin/crontab -l -u user1 2>/dev/null; echo "@reboot /usr/local/bin/bitco
So now you probably want to play with Bitcoin!
But wait, your Bitcoin daemon is probably still downloading blocks. This alias, from your .bash configuration will tell you how things are going:
```
$ btcblock
```
If you choose of the pruned mainnet, it will probably take a little over a day to download everything.
If you chose the pruned mainnet, it will probably take a little over a day to download everything.
So, it might be time for a few more espressos.
But, when you're ready to go, continue on with [Playing with Bitcoin](-link-), where we'll talk about the files and how you can start experimenting.
But, when you're ready to go, continue on with [Playing with Bitcoin](3_Playing_with_Bitcoin.md), where we'll talk about the files and how you can start experimenting.
### Useful commands
@ -486,8 +447,7 @@ bc getwalletinfo
bc stop
```
### Some tutorials once you've got bitcoin installed and up-to-date
### Other tutorials once you've got bitcoin installed and up-to-date
- Bitcoin.org's developer examples https://bitcoin.org/en/developer-examples#transactions
- Jonas Nick's "How to Run a Bitcoin Node" https://github.com/jonasnick/bitcoin-node