Last active
December 31, 2022 19:06
-
-
Save ohsevin/dcfa86b13b35f24c9f04c9c0f67e49f8 to your computer and use it in GitHub Desktop.
Revisions
-
ohsevin revised this gist
Dec 31, 2022 . No changes.There are no files selected for viewing
-
Dec 31, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,335 @@ RUN A MONERO NODE With the ongoing network attacks in Monero, it’s a great time for users to dive into running their own node. In this short post I’ll detail how to easily run a Monero node on a Linux server, the most common OS for virtual private servers (VPS). I would highly recommend running either Debian or Ubuntu for your Linux distribution, and this guide will assume you are running one of those. I will also assume in this guide that you have purchased and SSH’d into the VPS/host of your choosing, but if you need help with those first steps here are a few good links to follow: If you’re using your own hardware at home, this guide will still generally apply to you assuming you are running Ubuntu/Debian. * Full Node * 2+ vCPUs/cores * 4GB+ RAM * 175GB+ SSD * Pruned Node * 2+ vCPUs/cores * 4GB+ RAM * 75GB+ SSD The Monero network relies on a distributed web of Monero nodes, each of which validate transactions, propagate transactions to the rest of the network, and helps new nodes easily and quickly synchronize to the current state of the network. Running a Monero node for yourself not only helps to give you the stronger network-level privacy guarantees, but also helps to increase the decentralization, stability, and speed of the Monero network. Each node can expose two different services, each of which has a positive impact on the network in a unique way: * Peer-to-Peer (p2p) port (default 18080): this port allows other nodes on the network to connect to your node to download the blockchain and to send you any transactions they validate that you do not yet have. It also increases overall network privacy, as your node participates in the Dandelion++ propagation of transactions. * Remote Procedure Call (RPC) port (default 18089 for restricted): Exposing this port (especially with the public-node arg) allows other users on the network, especially those using mobile wallets or the GUI wallet in “Simple” mode, to connect to your node to sync their wallets, without needing to run their own full node locally. In this guide I have only given configuration files and Docker commands that expose the p2p port, as that is a key help to the network. Feel free to use one of the configuration files utilizing the public-node arg listed below if you’d also like to advertise your restricted RPC port. You can choose to either setup a node via systemd and binaries or deploy monerod as a Docker container below. Deploying via Docker has a few key benefits, namely a simple and cross-OS compatible install along with automatic updates via Watchtower. _Note: If you’d love to deploy a node but this guide is still a bit too advanced for you, checkout xmrcannon.net, a great community resource that allows you to pay in Monero to have a node spun up for you._ First we need to install a few tools we will need later: sudo apt-get update && sudo apt-get upgrade -y sudo apt-get install -y ufw curl Then install Docker: curl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh sudo usermod -aG docker $USER su - $USER _Note: This command downloads a script and runs as root directly from Docker. Please make sure you are comfortable doing this, and be wary of doing this on a personal computer. If you’d like to avoid that, please follow the official docs here to install from the repository._ We will want to make sure that the system is hardened in a simple way by making sure that the firewall is locked down to only allow access to the ports necessary for SSH and monerod, using UFW. A great intro to getting started with UFW is available on DigitalOcean. Run the following commands to add some basic UFW rules and enable the firewall: # Deny all non-explicitly allowed ports sudo ufw default deny incoming sudo ufw default allow outgoing # Allow SSH access sudo ufw allow ssh # Allow monerod p2p port sudo ufw allow 18080/tcp # Allow monerod restricted RPC port sudo ufw allow 18089/tcp # Enable UFW sudo ufw enable Choose the proper command set below depending on if you want to run a full node or a pruned node and whether you want to advertise your public restricted RPC node to allow other users to sync their wallets using your node or not: An alternative Docker implementation is also available on Github, which even includes native Grafana visualizations. This guide will focus on being extremely simple, so I’ll stick to just monerod here. If you would like to inspect the source code behind the image used here or build it yourself, please see the below links: Docker Hub Images Source Repository _Note: My recommended commands are the first set below, but feel free to choose one of the other 3 options as needed._ docker run -d --restart unless-stopped --name="monerod" -p 18080:18080 -p 18089:18089 -v bitmonero:/home/monero sethsimmons/simple-monerod:latest --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089 --no-igd --no-zmq --enable-dns-blocklist docker run -d \ --name watchtower --restart unless-stopped \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower --cleanup \ monerod tor Alternative Docker commands Public node: docker run -d --restart unless-stopped --name="monerod" -p 18080:18080 -p 18089:18089 -v bitmonero:/home/monero sethsimmons/simple-monerod:latest --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089 --public-node --no-igd --no-zmq --enable-dns-blocklist docker run -d \ --name watchtower --restart unless-stopped \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower --cleanup \ monerod tor Pruned node: docker run -d --restart unless-stopped --name="monerod" -p 18080:18080 -p 18089:18089 -v bitmonero:/home/monero sethsimmons/simple-monerod:latest --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089 --no-igd --no-zmq --enable-dns-blocklist --prune-blockchain docker run -d \ --name watchtower --restart unless-stopped \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower --cleanup \ monerod tor Public and pruned node: docker run -d --restart unless-stopped --name="monerod" -p 18080:18080 -p 18089:18089 -v bitmonero:/home/monero sethsimmons/simple-monerod:latest --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089 --public-node --no-igd --no-zmq --enable-dns-blocklist --prune-blockchain docker run -d \ --name watchtower --restart unless-stopped \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower --cleanup \ monerod tor To watch the logs for monerod, simply run: docker logs --follow monerod As we are running Monero in a Docker container and have deployed Watchtower along with it, the node will automatically be restarted with the latest version of monerod whenever a new version is tagged in Github. Nothing else needs to be done manually! monerod supports sending commands locally, allowing you get additional info on the status of monerod, set bandwidth limits, set peer limits, etc. A full list of commands as of v0.17.1.8 can be found below, or by running monerod help: Monero 'Oxygen Orion' (v0.17.1.8-release) Commands: alt_chain_info [blockhash] apropos <keyword> [<keyword> ...] ban [<IP>|@<filename>] [<seconds>] banned <address> bans bc_dyn_stats <last_block_count> check_blockchain_pruning diff exit flush_cache [bad-txs] [bad-blocks] flush_txpool [<txid>] hard_fork_info help [<command>] hide_hr in_peers <max_number> is_key_image_spent <key_image> limit [<kB/s>] limit_down [<kB/s>] limit_up [<kB/s>] mining_status out_peers <max_number> output_histogram [@<amount>] <min_count> [<max_count>] pop_blocks <nblocks> print_bc <begin_height> [<end_height>] print_block <block_hash> | <block_height> print_cn print_coinbase_tx_sum <start_height> [<block_count>] print_height print_net_stats print_pl [white] [gray] [pruned] [publicrpc] [<limit>] print_pl_stats print_pool print_pool_sh print_pool_stats print_status print_tx <transaction_hash> [+hex] [+json] prune_blockchain relay_tx <txid> rpc_payments save set_bootstrap_daemon (auto | none | host[:port] [username] [password]) set_log <level>|<{+,-,}categories> show_hr start_mining <addr> [<threads>|auto] [do_background_mining] [ignore_battery] status stop_daemon stop_mining sync_info unban <address> update (check|download) version When you want to run a command, simply run docker exec monerod /usr/local/bin/monerod name_of_command and it will automatically connect to the daemon, run the command, and print the output of that command to the terminal. A few of my most commonly used commands are: * docker exec monerod /usr/local/bin/monerod status: get a short output on the status of monerod, including peer counts (both out and in), block height, sync status, and version * docker exec monerod /usr/local/bin/monerod sync_info: print a list of peers with info on their status and what syncing your node is doing with them * docker exec monerod /usr/local/bin/monerod print_net_stats: print network statistics since monerod started, including received and sent traffic total, average rates, and the limits set * docker exec monerod /usr/local/bin/monerod update check: check if an updated version of monerod has been released If you decide to use this guide on a device on your home network, you will need to be sure to port forward 18080/tcp and 18089/tcp through your router or use an anonymity network like Tor. A good central site with a lot of guides for specific routers can be found at portforward.com. Just make sure to select your proper router make and model, and then open 18080/18089 for TCP only. TOR# If you would like to also expose your RPC port over Tor as a Hidden Service, follow these few commands and you’re all set. This allows you to access your RPC port entirely over Tor without ever even needing to go through exit nodes. RUN A TOR DOCKER CONTAINER# docker run -d --restart unless-stopped --link monerod:monerod --name tor --volume tor-keys:/var/lib/tor/hidden_service/ goldy/tor-hidden-service GET THE HIDDENSERVICE ADDRESS# docker exec -ti tor onions _Note: To test connectivity, simply visit http://replacewithnewonionaddress:18089/get_info in the Tor browser and make sure you get a block of text back._ This will depend on the wallet you’ve chosen to use, but usually just entails specifying the IP address of your node (either your home IP address or that of your VPS-provided host) or Onion address. An example of how to do this in the main desktop wallet is provided here. A few of my favorite tools for general Linux CLI usage are below, hopefully they will help you out getting more comfortable with the CLI or keeping a closer eye on your node! * Oh My Zsh * A great replacement for bash/sh shells, Oh My Zsh gives much better highlighting, features, and has automatic updates over git * vnstat * A simple CLI tool to watch and view bandwidth usage numbers * htop * Gives a great overall picture of system resource usage by process, and is much more readable than top * multitail * a much more fully-featured way to view logs (especially more than one at a time) Hopefully this guide simplified the process of setting up a remote node on a VPS, and many more similar guides should be popping up shortly. I used the commands and info in this guide to kick off a new remote node on Hetzner, feel free to utilize it for wallet sync, add it as a priority peer, etc: node.sethforprivacy.com:18089 (high-performance node on Hetzner in Frankfurt, Germany) Also available as a Tor HiddenService at: rbpgdckle3h3vi4wwwrh75usqtoc5r3alohy7yyx57isynvay63nacyd.onion:18089 Please reach out via Twitter, Matrix, or email if you have any questions, think a step needs clarification, or need further help getting up and running. Thanks!