Changing tor

Time: 5 minutes

The settings of Tor need to be slightly tweaked if you'd like to send commands over RPC from outside of your home network. For this we need to change a file. There's lots of useless stuff in there, so it's recommended to throw away the file first. You can do so with the rm command.

sudo rm /etc/tor/torrc

After that recreate the file.

sudo nano /etc/tor/torrc

Once you're in the file, add the following:

ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1

Save the file with Ctrl + X and hit Y when asked to save it.

Tor has to be restarted now.

sudo systemctl restart tor

RPC via Tor

You can use the RPC protocol of bitcoind to execute various commands in relation to Bitcoin Knots. You can sign transactions or retrieve information regarding the network, for example. Normally Knots doesn't allow any commands when coming from another network. By default it only allows commands coming from the Pi itself, localhost. If you like to send commands from outside of your network, you'd have to whitelist certain specific IP-addresses. A more simple way is through enabling Tor. Knots will treat commands through Tor as if they were coming from the Pi itself.

Although the RPC protocol of Knots is secured with a password, it is discouraged to make Knots accessible from outside. It simply adds too many security risks. When the password is leaked, please understand your funds can be lost. Consider these step as optional.

Open the torrc file.

sudo nano /etc/tor/torrc

Add the three lines below:

HiddenServiceDir /var/lib/tor/bitcoin/bitcoinrpc
HiddenServiceVersion 3
HiddenServicePort 8332 127.0.0.1:8332

Create the needed directories with this command. The information related to the Tor hidden services will be stored here.

sudo mkdir -p /var/lib/tor/bitcoin/bitcoinrpc

Assign the correct rights.

sudo chown -R debian-tor:debian-tor /var/lib/tor/bitcoin/bitcoinrpc
sudo chmod 700 /var/lib/tor/bitcoin/bitcoinrpc

Tor has to be restarded now.

sudo systemctl restart tor

Onion-address

You can get the onion-address for your Bitcoin node with the command below. You'll need this address later on when communication with you node over Tor. In next chapters of the guide (like while setting up Lightning) you'll also see this command pop up.

This onion-address enables the possibility of sending commands to your node from outside of your network. This address is not the same as the onion-address created by bitcoind to communicate with other nodes over Tor!

sudo cat /var/lib/tor/bitcoin/bitcoinrpc/hostname