Skip to content

Instantly share code, notes, and snippets.

@felixcheruiyot

felixcheruiyot/setup_clightning.md

Forked from Stadicus/setup_clightning.md
Created December 29, 2022 11:41
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save felixcheruiyot/7a1656c075e7b8cf957faa0df8d6a805 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save felixcheruiyot/7a1656c075e7b8cf957faa0df8d6a805 to your computer and use it in GitHub Desktop.
Download ZIP
Setup c-lightning on Digital Ocean
Raw
setup_clightning.md

E-Commerce c-lightning node on Digital Ocean

Prerequisites

  • based on small VPS with Ubuntu 16.04
  • set up directly with SSH keys, work with your own sudo user (not root)
  • (sub) domain name necessary for SSL certificate

UFW

$ sudo su
$ ufw app list
$ ufw default deny incoming
$ ufw default allow outgoing
$ ufw allow OpenSSH
$ ufw allow 9735 comment 'allow Lightning'
$ ufw allow 9000 comment 'allow Lightning Charge HTTP'
$ ufw allow 9001 comment 'allow Lightning Charge HTTPS'
$ ufw enable
$ systemctl enable ufw
$ ufw status
$ exit

sPRUNED

https://github.com/gdassori/spruned

$ sudo apt-get update
$ sudo apt-get install libleveldb-dev python3-dev git virtualenv gcc g++
$ sudo adduser bitcoin
$ sudo su - bitcoin

# bitcoin user session
$ git clone https://github.com/gdassori/spruned.git
$ cd spruned
$ virtualenv -p python3.5 venv
$ . venv/bin/activate
$ pip install -r requirements.txt
$ python setup.py install
$ exit

$ sudo nano /etc/systemd/system/spruned.service

# sPRUNED: systemd unit
# /etc/systemd/system/spruned.service

[Unit]
Description=sPRUNED Bitcoin node
After=network.target

[Service]
ExecStart=/home/bitcoin/spruned/venv/bin/spruned --network bitcoin.mainnet --rpcuser xxx --rpcpassword xxx
Type=simple
User=bitcoin
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

Start & enable

$ sudo systemctl start spruned
$ sudo systemctl status spruned
$ sudo systemctl enable spruned
$ sudo tail -f /home/bitcoin/.spruned/spruned.log

bitcoin-cli

https://bitcoin.org/en/download

# admin user session

$ mkdir download && cd download
$ wget https://bitcoin.org/bin/bitcoin-core-0.16.1/bitcoin-0.16.1-x86_64-linux-gnu.tar.gz
$ tar -xvf bitcoin-0.16.1-x86_64-linux-gnu.tar.gz
$ sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-0.16.1/bin/bitcoin-cli

$ sudo mkdir /home/bitcoin/.bitcoin
$ sudo nano /home/bitcoin/.bitcoin/bitcoin.conf

# Connection settings
rpcuser=xxx
rpcpassword=xxx

c-lightning

https://github.com/ElementsProject/lightning

# admin user session
$ sudo apt-get install -y \
  autoconf automake build-essential git libtool libgmp-dev \
  libsqlite3-dev python python3 net-tools zlib1g-dev
$ cd 
$ git clone https://github.com/ElementsProject/lightning.git
$ cd lightning
$ git tag -l
$ git checkout tags/v0.6
$ ./configure
$ make
$ sudo make install

Create systemd unit
$ sudo nano /etc/systemd/system/lightning.service

# c-Lightning: systemd unit
# /etc/systemd/system/lightning.service

[Unit]
Description=c-Lightning daemon
Requires=spruned.service
After=spruned.service

[Service]
ExecStart=/usr/local/bin/lightningd --pid-file=/home/bitcoin/.lightning/lightning.pid --daemon
PIDFile=/home/bitcoin/.lightning/lightning.pid
User=bitcoin
Type=forking
Restart=on-failure
RestartSec=10

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
#PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
#ProtectSystem=full

# Disallow the process and all of its children to gain
# new privileges through execve().
#NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
#PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
#MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target

Create config

sudo mkdir /home/bitcoin/.lightning
sudo nano /home/bitcoin/.lightning/config

alias=Your_Node_Alias
log-level=debug
network=bitcoin
bitcoin-rpcuser=xxx
bitcoin-rpcpassword=xxx
bitcoin-rpcconnect=localhost
bitcoin-rpcport=8332
log-file=/home/bitcoin/.lightning/lightning.log

Set bitcoin as owner, start and enable unit

$ sudo chown -R bitcoin:bitcoin /home/bitcoin/.lightning/
$ sudo systemctl start lightning
$ sudo systemctl status lightning
$ sudo systemctl enable lightning
$ sudo tail -f /home/bitcoin/.lightning/lightning.log

Check setup

$ sudo su - bitcoin
$ bitcoin-cli getblockchaininfo
{
  "blocks": 533666,
  "pruned": false,
  "chainwork": null,
  "headers": 533666,
  "bestblockhash": "0000000000000000001b65cc396bfdd8cff3a712f2f31b5ee7feb963314a5acd",
  "difficulty": null,
  "mediantime": 1532556068,
  "chain": "main",
  "warning": "spruned 0.0.2a3, emulating bitcoind v0.16",
  "verificationprogress": 100
}
$ lightning-cli -h
$ lightning-cli connect [email protected]:9735              ## get a random node from 1ml.com
$ lightning-cli listpeers
$ lightning-cli newaddr

Nginx

https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04

$ sudo apt-get install nginx
$ sudo ufw allow "Nginx Full"
$ systemctl status nginx
  • setup domain name to this new server and check Nginx website with your browser
$ sudo nano /etc/nginx/sites-available/charged

server {
    listen 9000;
    server_name your.domainname.com;

    location / {
        proxy_pass http://127.0.0.1:9112;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

$ sudo rm /etc/nginx/sites-enabled/default
$ sudo ln /etc/nginx/sites-available/charged /etc/nginx/sites-enabled/charged
$ sudo nginx -t
$ sudo systemctl reload nginx

Node.js

as admin user

curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
sudo apt-get install -y nodejs build-essential

Lightning Charge

$ npm install -g lightning-charge

To check operations (optional):

# in "bitcoin" user session
$ charged --api-token REPLACE_WITH_YOUR_SECRET_TOKEN defaults: --ln-path /home/bitcoin/.lightning --db-path /home/bitcoin/.lightning-charge/charge.db --port 9112

# different user session on the same machine:
$ curl localhost:9112

As admin user: $ sudo nano /etc/systemd/system/charged.service

# Lightning Charge: systemd unit
# /etc/systemd/system/charged.service

[Unit]
Description=Lightning Charge
Requires=lightning.service
After=lightning.service

[Service]
ExecStart=/home/bitcoin/.nvm/versions/node/v10.7.0/bin/charged --api-token REPLACE_WITH_YOUR_SECRET_TOKEN defaults: --ln-path /home/bitcoin/.lightning --db-path /home/bitcoin/.lightning-charge/charge.db --port 9112
User=bitcoin
Group=bitcoin
Type=forking
Restart=on-failure
RestartSec=10

Enable SSL

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt update
$ sudo apt install python-certbot-nginx
$ sudo certbot --nginx -d your.domainname.com

# when asked, do not redirect HTTPS traffic at the moment
# check website again, using https://....

# open nginx block and change "443" to "9001"
$ sudo nano /etc/nginx/sites-available/charged
$ sudo systemctl reload nginx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment