HowTo: run bitcoind via tor

[ I setup a Debian virtual machine over the weekend with the goal of creating an Electrum server. The instructions I found involve running bitcoind over tor, but they were full of minor typos and strange characters that broke things when I copied & pasted commands, so I decided to clone them here and fix them as much as possible. This article is the second of three, copied & edited from sky-ip.org]

Configure a full Tor Hidden Service Bitcoin node on Debian / Ubuntu

Note: This tutorial assumes that you first configured a Tor relay on your machine. Some steps which you should have followed when doing that are missed here, so please first read how to configure a Tor relay on Debian / Ubuntu and setup a Tor relay, after that get back here to extend to a Tor Hidden Service Bitcoin node on the same server. Disk space requirements continue to grow as time goes by, since the purpose of the blockchain is to archive all transactions.

 

  1. Install dependencies needed for Bitcoin – type as root:
sudo apt-get update && apt-get dist-upgrade -y
sudo apt-get -y install build-essential automake git libboost-all-dev pkg-config libssl-dev libtool

 

  1. Make a folder to fetch the Bitcoin source code and build:
mkdir ~/bitcoinsrc && cd ~/bitcoinsrc

 

  1. Get the source code and build:
git clone https://github.com/bitcoin/bitcoin
cd bitcoin
git checkout v0.10.1

*Substitute v0.10.1 with the latest stable version of Bitcoin core at the time of your setup. Check on Github to see latest stable branch version.

cd ~/bitcoinsrc/bitcoin
./autogen.sh
./configure --disable-wallet --with-cli --without-gui
make
sudo make install
  1. Add an user to run Bitcoin as. In our example this user is called bitnode –type as root:
adduser bitnode

You are not required to setup a password for this user, you can simply confirm all the fields with <enter> <enter>.

 

Create a folder for the Bitcoin configuration file in the home folder of new user:

mkdir /home/bitnode/.bitcoin

If your username is different, substitute bitnode with the username you created instead.

 

  1. Setup the Tor hidden service:

Edit the torrc file in /etc/tor/ and add the following lines to create a Hidden service which will listen on port 8333 (default bitcoin port) and forward to 127.0.0.1 port 8333 – because it’s a hidden node and we want it only ot listen on localhost address, so nobody from the internet will know it’s there except by accessing it via Tor hidden service, which is anonymous.

 

nano /etc/tor/torrc

Add these lines:

HiddenServiceDir /var/lib/tor/bitcoin-service/
HiddenServicePort 8333 127.0.0.1:8333
SocksPort 127.0.0.1:9150

–          Save the file in nano by pressing CTRL + X , enter y to confirm saving and hit enter.

 

Reload Tor:

sudo service tor reload

 

Get the address of your hidden service:

cat /var/lib/tor/bitcoin-service/hostname

This will output something like: dioq2yg3l5ptgpge.onion – save this somewhere – this is the address of your Tor Hidden Service Bitcoin node. Share it with your friends.

 

It is also important to backup the private key of your hidden service so you can restore it later in case of data loss and have the same .onion address. Copy the file called private_key in your HiddenServiceDir, in our example /var/lib/tor/bitcoin-service/ and store it in a safe place. Make sure you do not keep it in plain text, since anyone having this file will be able to hijack your .onion address.

 

  1. Create a bitcoin.conf configuration file in the home folder of the user you previously created to run Bitcoin as:
nano /home/bitnode/.bitcoin/bitcoin.conf

 

Add these lines to ensure your Bitcoin node only connects to other Tor hidden nodes and advertises only his Tor hidden service address. Some reliable nodes are added for initial boost, these nodes will exchange information about other Tor nodes with yours. This configuration will prevent anyone from seeing there is Bitcoin traffic on your server and enforce Tor-proxy rules:

daemon=1
rpcuser=bitcoinuser12345
rpcpassword=asjdhFGSDGYha8273647GFADSHcgjgfasghcdha751632hgFADshadfagGFSDgd7655132GVADchihjgvfhwefiyurt87678
maxconnections=700
proxy=127.0.0.1:9150
externalip=<your .onion address previously saved from cat /var/lib/tor/bitcoin-service/hostname. Should be something like dioq2yg3l5ptgpge.onion>
onlynet=tor
listen=1
bind=127.0.0.1:8333
addnode= h2vlpudzphzqxutd.onion
addnode= sbow7bnje2f4gcvt.onion
addnode= dioq2yg3l5ptgpge.onion
addnode=kjy2eqzk4zwi5zd3.onion
addnode=2l2u6mrojvm6zypx.onion
addnode=gb5ypqt63du3wfhn.onion
addnode=zc6fabqhrjwdle3b.onion
addnode=it2pj4f7657g3rhi.onion

[Editor’s note: if you are setting up bitcoind  to run an electrum server, you will also want to add the following:]

txindex=1

–          Save the file in nano by pressing CTRL + X , enter y to confirm saving and hit enter.

You can substitute the rpcuser and rpcpassword with values at your choice, but make sure you choose a super long and complex password for rpcpassword.

 

TIP: If you want to have a dual-stack node which listens on both clearnet address (normal public IP address or FQDN such as bitcoin.example.com) and .onion Tor hidden service address (these nodes are useful because they glue together the onion-land bitcoin network with the clearnet one). There are no more resources needed, such as more disk space or more CPU or more bandwidth, it will just consume the same resources, only difference is that the IP address of your server will be associated with a bitcoin node, which is not a thing to worry about. THERE ARE NO PENALTIES OVER SECURITY, PRIVACY AND ANONYMITY / PSEUDONIMITY OF BITCOIN ITSELF OR Tor.

You can have the server reachable from a clearnet address (normal IP address or FQDN, such as bitcoin.example.com) and from a .onion Tor hidden service. If you don’t care if your IP address will be associated with a Bitcoin node, follow the same steps, except:

Remove the line onlynet=tor from the example above (this will tell your bitcoind that it is OK to connect to other kind of peers than .onion Tor Hidden peers).

Remove the line proxy=127.0.0.1:9150 from the example above (this will not route all the connections through the localhost Tor socks).

Add the following lines:

onion=127.0.0.1:9150 # (this will tell bitcoind to use this socks5 address when trying to reach an .onion peer)

externalip=<your public IP address or FQDN, such as bitcoin.example.com) # (do not remove the other externalip=onionaddress.onion since both of them are needed for a dual stack node)

bind=<the IP address where you clearnet node will be listening. It can be directly the public IP if you have a static one directly assigned or an internal one if you are behind NAT and are doing port forwarding>

*You will have 2 entries of bind argument, one with value 127.0.0.1 (for Tor hidden service listener) and one with value <your IP> (for clearnet listening). If you want to bind to all interfaces, with a single bind argument, or if you have a dynamic IP address and don’t want to have to modify the bitcoin.conf file all the time, simply add bind=0.0.0.0 and this will bind it to all IP addresses of all interfaces on the server.

 

  1. Final settings, ensure Bitcoin starts at boot and start the Bitcoin daemon – type as root:
chown -R bitnode /home/bitnode/.bitcoin

 

Add a line in rc.local file to start Bitcoin daemon o boot:

nano /etc/rc.local

 

Make sure you add this line before last line of this file which has exit 0:

sudo -u bitnode -i bitcoind

–          Save the file in nano by pressing CTRL + X , enter y to confirm saving and hit enter.

 

Now start the daemon – type this command:

sudo -u bitnode -i bitcoind

Substitute bitnode with your username in all commands if you created a different username to run Bitcoin as.

 

Done, your Bitcoin node is running and syncing with the network. It will take days until your node downloads the entire blockchain from other peers. Just leave it to slowly sync with the network and will do everything by itself. Note that with this configuration file your Bitcoin node will run only when Tor service runs too (since it’s a Tor hidden service).

To see its status (downloaded blocks, difficulty, connected peers, etc.) type this command:

sudo -u bitnode -i bitcoin-cli getinfo

 

IT IS VERY IMPORTANT TO KEEP EVERYTHING UPDATED ALL THE TIME. THESE ARE THE COMMANDS YOU NEED TO TYPE REGULARLY (AS ROOT):

Install updates for operating system and installed packages:

apt-get update && apt-get dist-upgrade -y

 

Update Bitcoin core:

sudo -u bitnode -i bitcoin-cli stop
cd ~/bitcoinsrc/bitcoin
make clean
git pull
git checkout v0.10.0
make
sudo make install
sudo -u bitnode -i bitcoind

 

In case you move to a newer release branch, substitute 0.10.1 version number with the one you want.

 

Original article: https://www.sky-ip.org/configure-bitcoin-node-debian-ubuntu.html

2 thoughts on “HowTo: run bitcoind via tor

  1. Pingback: HowTo: install electrum server | Ross M. W. Bennetts

  2. Pingback: /etc/init.d/bitcoind | Ross M. W. Bennetts

Leave a Reply