Configure and start
Time: 5 minutes
Bitcoin Knots has lots of settings just like your mobile phone. The nice thing about your mobile phone's settings is that they're nicely grouped together in a visual overview. You can easily change them with the push of a button. But changing settings of Bitcoin Knots works a bit differently. First you should get a list of all possible settings, then read up on them and decide what to set. Quite a hassle for just a few settings, that's why the configuration below should get you up to speed. It's tweaked for this guide and if you'd want to customize a bit more you could use this resource by Lopp.
Configuration
In the home directory of your Pi (/home/ubuntu
) there's a folder named bitcoin
with the source code. You should create a folder named .bitcoin
next to that one.
mkdir ~/.bitcoin
The settings of Bitcoin Knots are placed in a file named bitcoin.conf inside the .bitcoin folder.
nano ~/.bitcoin/bitcoin.conf
Just as with the torrc file you should copy-paste some information. You can just copy and paste all lines, including the ones with comments starting with a #
.
# Accepts JSON-RPC commandsserver=1# Run Bitcoin Knots in the backgrounddaemon=1# Turn listening mode onlisten=1# Make sure Knots keeps an index of all txstxindex=1# This makes sure Specter works fasterblockfilterindex=1# If you'd want to run Specter (checkout Bitcoin Knots extensions chapter of this guide)disablewallet=0# Cache size set in MBs for the database. Raising this to 3000 helps speed up the IBD.# You can dail this down to 500 after IBD.dbcache=3000# If you'd want to run your node on both Tor and clearnet, leave the setting below as is.# If you'd want to run your node only on Tor, do the following:# - Remove the # in front of onlynet=onion. This was you tell Knots to only use Tor.# - Remove the # in front of proxy=127.0.0.1:9050. This way you tell Knots to route traffic through Tor.# - Remove the # in front of bind=127.0.0.1.# - Place a # in front of onion=127.0.0.1:9050. You already told Knots to run everything through Tor already.# - Place a # in front of discover=1. You turn off the discover function of Knots.# - Place a # in front of upnp=1. You turn off the UPnP function this way.#onlynet=onion#proxy=127.0.0.1:9050#bind=127.0.0.1onion=127.0.0.1:9050discover=1upnp=1# You'll need this for Lightning later onzmqpubrawblock=tcp://127.0.0.1:28332zmqpubrawtx=tcp://127.0.0.1:28333# Use native segwit addresses by defaultaddresstype=bech32changetype=bech32
Wait a minute before hitting Ctrl + X
instantly. If you'd want your node to only be reachable through Tor you should follow the step detailed below. If you'd also want your node to be reachable through the normal internet, then leave it as is and save the file.
- Remove the
#
in front ofonlynet=onion
. This was you tell Knots to only use Tor. - Remove the
#
in front ofproxy=127.0.0.1:9050
. This way you tell Knots to route traffic through Tor. - Remove the
#
in front ofbind=127.0.0.1
. - Place a
#
in front ofonion=127.0.0.1:9050
. You already told Knots to run everything through Tor already. - Place a
#
in front ofdiscover=1
. You turn off the discover function of Knots. - Place a
#
in front ofupnp=1
. You turn off the UPnP function this way.
When you're ready to save the changes to the configuration file, hit Ctrl + X
and afterwards Y
to save it.
Authentication
In order for other application to make use of bitcoind as a backend, you'll need to create a new Bitcoin Knots user. You can do this with a little script. The following command will create a user named XXX
, but you can change this to whatever you like.
python3 ~/bitcoin/share/rpcauth/rpcauth.py XXX
The output will look something like:
String to be appended to bitcoin.conf:rpcauth=XXX:kdfjhad93rhasdjfhas$lkajshdflakshdf93ehf3qiflkjf9f39rhf39p3930fhaldkjfhsdkljbdflgYour password:sdflkashf93hfhalfhasdfjh3ejfhb=
So what does this say? The first like tells you to add something to the bitcoin.conf
configuration file. The next line starting with rpcauth
needs to be added to the file. You also got a password which you can't change and need to remember or store somewhere save. Now add the line to bitcoin.conf
.
nano ~/.bitcoin/bitcoin.conf
At the bottom of the file add the line rpcauth=user:salt$hash
but then with all of the characters the previous command gave you. Save the file by hitting Ctrl + X
and confirm with Y
. You now told bitcoind that user XXX
may login using the password sdflkashf93hfhalfhasdfjh3ejfhb=
. So please don't lose the password.
You can add as many rpcauth lines to the configuration file as you like. This way you can authorize different users.
Firewall and router
If you've setup UFW it's important to open port 8333. This makes sure other nodes in the network can connect with yours. Opening this port is only necessary if you're (also) running your node on cleannet. If you're only running your node on Tor, you can skip this step and continue with "start".
sudo ufw allow 8333 comment "Port for Bitcoin Knots peers"
In the configuration file there's a line that says upnp=1
. This means that - as long as your router supports it - Bitcoin Knots also opens port 8333 on your router automatically. If your router doesn't support UPnP or you've turned it off, you should open that port manually. Go to portforward.com and look up your specific router to find out how to open port 8333 and send the traffic to your Pi.
Start
It's time to take part in the network! Run this on your Pi:
bitcoind
Done! You can follow what's happening with tail
:
tail -n 200 -f ~/.bitcoin/debug.log
Everytime a block is verified, you'll see a line appearing that says something like progress=X.XXXXX
. This is a number from 0 to 1. Zero means nothing is synchronized, one means you're done synchronizing. With Crtl + C
you can stop the live feed.
The initial block download (IBD) will take somewhere between 60 and 80 hours.
Together with the installation of Bitcoin Knots you also got a tool named bitcoin-cli
. You can talk with bitcoind using this tool.
Check settings
Make use of bitcoin-cli
to get information about the network using your own node.
bitcoin-cli getnetworkinfo
With this command you can get information about the network. If everything is alright, the output will look similar to the one below if you only use Tor.
The onion-address will be different from the one you created in the last step (if you created that one). It won't match the onion-address you'll see in your output and that's good. The onion-address from the last step is only for applications to make use of your node as their backend from outside of your own network. The onion-address below is created by bitcoind itself and is used for communication with other nodes instead of applications.
"networks": [ { "name": "ipv4", "limited": true, "reachable": false, "proxy": "127.0.0.1:9050", "proxy_randomize_credentials": true }, { "name": "ipv6", "limited": true, "reachable": false, "proxy": "127.0.0.1:9050", "proxy_randomize_credentials": true }, { "name": "onion", "limited": false, "reachable": true, "proxy": "127.0.0.1:9050", "proxy_randomize_credentials": true },],"localaddresses": [ { "address": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.onion", "port": 8333, "score": 4 }]
It'll tell you the following:
- IPv4 is unreachable
- IPv6 is unreachable
- Onion is reachable (Tor)
- Your onion-address within the "localaddresses" block
If you're running your node on both Tor and clearnet, you output will look similar to this:
"networks": [ { "name": "ipv4", "limited": false, "reachable": true, "proxy": "", "proxy_randomize_credentials": false }, { "name": "ipv6", "limited": false, "reachable": true, "proxy": "", "proxy_randomize_credentials": false }, { "name": "onion", "limited": false, "reachable": true, "proxy": "127.0.0.1:9050", "proxy_randomize_credentials": true }],"localaddresses": [ { "address": "69.69.69.69", "port": 8333, "score": 3 }, { "address": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.onion", "port": 8333, "score": 4 }]
It'll tell you the following:
- IPv4, IPv6 and onion (Tor) are all reachable
- Your IP-address within the "localaddresses" block
- Your onion-address within the "localaddresses" block
If none of the outputs match yours, you should start over.