# How to Build and Install a Monero Node on a Debian-based System

Hello. In this document, we will walk through the steps of building and hosting your own Monero node from source on a Debian-based Linux system. These systems include Raspbian, Debian (9 and above), and Ubuntu (18.04 and above).
This tutorial assumes that you are capable of accessing the ROOT terminal of your Debian-based system, and are capable of getting your system online if necessary. You may plan on using an external storage device to store the blockchain, this tutorial will include the optional steps to support external storage. Alternatively, this setup procedure can also accomodate users looking to host a pruned blockchain with restricted storage space.

Here are some useful links for reaching this prerequisite if you do not currently have access to a Debian-based system that meets the recommended system requirements.

- [How to spawn a VPS in the Linode Cloud Platform](https://www.youtube.com/watch?v=Kf6VrypLsZE)

- [How to spawn a VPS in the Digital Ocean Cloud Platform](https://www.youtube.com/watch?v=vqZ7eKM0WS8)

- [Getting started with the Rhaspberry Pi](https://www.youtube.com/watch?v=juHoJYX86Dg)

### System Requirements
- **OS**: Debian-based Linux

- **RAM**: 3 GB minimum (for building Monero source code)

- **CPU**: 1 core

- **Storage**: > 50 GB free space (internal or external)

# 1. Getting Started
Now that you have access to the terminal of your Debian-based system, you can begin. Lets start by confirming that you are currently the root user.

**THIS TUTORIAL ASSUMES THAT YOU WILL REMAIN THE ROOT USER FOR THE ENTIRETY OF THE SETUP PROCESS**

`$ whoami`

If the result of this command is `root`, you may proceed with the tutorial. 

If you are **not** the root user, it is highly recommended you log in as root using either `su` or `sudo su` before proceeding with the tutorial.

Additionally, you should confirm the connectivity of your device by checking your external IP address.

`$ curl ifconfig.me`

# 2. Downloading, Building & Installing Monero
Lets install the necessary packages that we will need to acquire Monero's source.

```
$ apt-get update
$ apt-get install -y nano git
```

Next, lets download the Monero source code and enter the root directory of the source code...

```
$ cd /root
$ git clone 'https://github.com/monero-project/monero.git'
$ cd monero
```

...and initialize the source code to the latest release.

```
$ git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
$ git submodule init
$ git submodule update
```

Now, we will install the required packages to build the Monero source code. As of `v0.17.1.8`, Monero requires the following packages...

**[NOTICE]** These dependencies may change with future updates. You can confirm that you have all package dependencies by viewing the **Compiling Monero from source -> Dependencies** section the [Monero Project's README file](https://github.com/monero-project/monero/blob/master/README.md).

```
$ apt-get install -y build-essential cmake pkg-config libboost-all-dev libssl-dev libzmq3-dev libunbound-dev libsodium-dev libunwind8-dev liblzma-dev libreadline6-dev libldns-dev libexpat1-dev doxygen graphviz libpgm-dev qttools5-dev-tools libhidapi-dev libusb-1.0-0-dev libprotobuf-dev protobuf-compiler libudev-dev
```

Next we will install the systemd service and the correlating configuration file for the process.

```
$ cp utils/conf/monerod.conf /etc
$ cp utils/systemd/monerod.service /etc/systemd/system
$ systemctl daemon-reload
$ systemctl enable monerod
```

These configuration files specify that your Monero node will log to `/var/log/monero/monero.log` and the blockchain will be stored in `/var/lib/monero`.

Now it is time to build the Monero source code. The following command will build Monero binaries and install them on your system by way of `/usr/bin`. It will take a while to run.

**[NOTICE]** This command will fail if you have less than 3GB of RAM.

`$ cp "$(make release | tail -1 | grep -oP '(?<='"'"').*(?<!'"'"')')/bin/"* /usr/bin`

Verify a successful installation by checking the version of your binaries.

`$ monerod --version`

Lastly, we must create a Monero user on the system.

`$ adduser --disabled-password --system --group --home /var/lib/monero monero`

If you would like to elevate your node's configuration to be a "full public node", add additional parameters to `monerod.conf` by running the following commands.

```
$ echo "confirm-external-bind=1" >> /etc/monerod.conf
$ echo "public-node=1" >> /etc/monerod.conf
$ echo "restricted-rpc=1" >> /etc/monerod.conf
```

If your system owns its public IP, you may bind `monerod` directly to the interface with the following three commands.

```
$ myIP="$(curl ifconfig.me)"
$ echo "rpc-restricted-bind-ip=${myIP}" >> /etc/monerod.conf
$ echo "rpc-bind-ip=${myIP}" >> /etc/monerod.conf
```

If you would like to host a pruned blockchain, run this command to add such specification to your configuration file.

```
$ echo "prune-blockchain=1" >> /etc/monerod.conf
```

## 3. [OPTIONAL] Attaching External Storage
If you have an external storage volume that you would like to use for your blockchain data, **attach it to your Linux system now**.

List the available storage volumes on your system with the following command. From the output, identify the volume that you are going to use.

`$ fdisk -l`

You will see output that looks roughly like this:

```
Disk /dev/sda: 49.5 GiB, 53154414592 bytes, 103817216 sectors
Disk model: QEMU HARDDISK   
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/sdb: 516 MiB, 541065216 bytes, 1056768 sectors
Disk model: QEMU HARDDISK   
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/sdc: 256 GiB, 274877906944 bytes, 536870912 sectors
Disk model: Volume          
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
```

In this case, I am picking `/dev/sdc`, since this is the storage volume with enough space to store the blockchain (256 GB). I will run this command to specify `/dev/sdc` as my current device.

`$ curDev=/dev/sdc`

Now that you have identified the storage device on your system, you may now format it.

**[WARNING]** The following command is dangerous and will erase all data on the specified storage volume.

`$ mkfs.ext4 -F $curDev`

Now, configure your fstab file to mount this device automatically

`$ echo "$curDev /var/lib/monero ext4 defaults 0 2" >> /etc/fstab`

## 4. [RECOMMENDED][OPTIONAL] Firewall Setup
We will be using `nftables` to secure the network traffic on this system. `nftables` a new [kernel-based packet filtering framework that replaces `iptables`](https://ral-arturo.org/2017/05/05/debian-stretch-stable-nftables.html). Amongst it's many superlatives to common firewalls, `nftables` has a very human friendly configuration syntax.

```
$ apt-get purge iptables
$ apt-get autoremove
$ apt-get install -y nftables
$ systemctl enable nftables
```

Now, using your favorite text editor (`nano` recommended)...

```
$ nano /etc/nftables.conf
```

...modify the contents of the file to reflect this template:

```
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
	chain input {
		type filter hook input priority 0;
		
		# allow Monero RPC and P2P ports inbound
		tcp dport { 18080, 18081 } accept
		
		# allow SSH connections
		tcp dport { 22 } accept
		
		# accept any traffic bound for the loopback interface
		meta iifname lo accept
		
		# allow established or related network traffic inbound
		ct state { established, related } accept
		
		# drop remaining traffic
		drop
	}
	chain forward {
		type filter hook forward priority 0;
	}
	chain output {
		type filter hook output priority 0;
		
		# allow all outbound traffic
		accept
	}
}
```

After saving your changes, confirm that your syntax is correct with this command:

`$ nft -cf /etc/nftables.conf`

If errors are found, they should be corrected before proceeding.

# 5. Restart your node

`$ reboot`

When your system comes back online, it will automatically launch the `monerod` node and begin synchronizing the blockchain.

You can monitor the progress of the blockchain sync by checking the logs.

`$ cat /var/log/monero/monero.log`

# 6. [REQUIRED][IMPORTANT] Updating your node

It's a well known fact that the Monero community executes biannual network upgrades that require participants (including node operators) upgrade their software. Since you have built and installed Monero from its source code, you can deploy these updates as soon as they are tagged in the GitHub repository.

After a new release has been tagged, updating your node is a fairly straightforward process. The following steps assume `root` access.

First, change to the root directory of the Monero source code.

`$ cd /root/monero`

Download GitHub commits and change to the latest release of the source code.

`$ git fetch && git reset --hard $(git describe --tags $(git rev-list --tags --max-count=1))`

Confirm that you have all package dependencies by viewing the **Compiling Monero from source -> Dependencies** section the [Monero Project's README file](https://github.com/monero-project/monero/blob/master/README.md).

Build the source code and change the current directory to the directory containing the built products.

`$ cd "$(make release | tail -1 | grep -oP '(?<='"'"').*(?<!'"'"')')/bin/"`

Congratulations, you have now built the latest release of the Monero source code. Three simple steps remain.

First, stop the `monerod` service so that the binaries can be installed.

`$ systemctl stop monerod`

Next, copy the new binaries to `/usr/bin/`.

`$ cp ./* /usr/bin/`

Lastly, start `monerod` once again.

`$ systemctl start monerod`