Onion Information

Page Clicks: 0

First Seen: 03/12/2024

Last Indexed: 10/23/2024

Domain Index Total: 84

Table of Contents Recommended hardware Why run your own Monero node? Update and install required packages Initial Hardening via UFW Download and run monero via Docker Running as a different user Updating your Monero node Sending commands to your node Port forwarding Using anonymity networks Tor Run a Tor Docker container Get the HiddenService address Connecting to your new remote node A few helpful Linux CLI tools Conclusion In this short post I’ll detail how to easily run a Monero node on a Linux server, the most common OS for virtual private servers (VPS). I would highly recommend running either Debian or Ubuntu for your Linux distribution, and this guide will assume you are running one of those. I will also assume in this guide that you have purchased and SSH’d into the VPS/host of your choosing, but if you need help with those first steps here are a few good links to follow: Hosting services accepting Monero These are some options available for hosting a VPS while paying with Monero, and each come with pro’s and con’s. Simple Linode deployment guide If you’re using your own hardware at home, this guide will still generally apply to you assuming you are running Ubuntu/Debian. Recommended hardware # Full Node 2+ vCPUs/cores 4GB+ RAM 200GB+ SSD Pruned Node 1 2+ vCPUs/cores 4GB+ RAM 100GB+ SSD Why run your own Monero node? # The Monero network relies on a distributed web of Monero nodes, each of which validate transactions, propagate transactions to the rest of the network, and helps new nodes easily and quickly synchronize to the current state of the network. Running a Monero node for yourself not only helps to give you the stronger network-level privacy guarantees, but also helps to increase the decentralization, stability, and speed of the Monero network. Each node can expose two different services, each of which has a positive impact on the network in a unique way: Peer-to-Peer (p2p) port (default 18080): this port allows other nodes on the network to connect to your node to download the blockchain and to send you any transactions they validate that you do not yet have. It also increases overall network privacy, as your node participates in the Dandelion++ propagation of transactions. Remote Procedure Call (RPC) port (default 18089 for restricted): Exposing this port (especially with the public-node arg) allows other users on the network, especially those using mobile wallets or the GUI wallet in “Simple” mode, to connect to your node to sync their wallets, without needing to run their own full node locally. In this guide I have only given configuration files and Docker commands that expose the p2p port, as that is a key help to the network. Feel free to use one of the configuration files utilizing the public-node arg listed below if you’d also like to advertise your restricted RPC port. You can choose to either setup a node via systemd and binaries or deploy monerod as a Docker container below. Deploying via Docker has a few key benefits, namely a simple and cross-OS compatible install along with automatic updates via Watchtower . Update and install required packages # First we need to install a few tools we will need later: 1 2 sudo apt-get update && sudo apt-get upgrade -y sudo apt-get install -y ufw curl Then install Docker: 1 2 3 4 curl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh sudo usermod -aG docker $USER su - $USER Note: This command downloads a script and runs as root directly from Docker. Please make sure you are comfortable doing this, and be wary of doing this on a personal computer. If you’d like to avoid that, please follow the official docs here to install from the repository. Initial Hardening via UFW # We will want to make sure that the system is hardened in a simple way by making sure that the firewall is locked down to only allow access to the ports necessary for SSH and monerod , using UFW. A great intro to getting started with UFW is available on DigitalOcean . Run the following commands to add some basic UFW rules and enable the firewall: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 # Deny all non-explicitly allowed ports sudo ufw default deny incoming sudo ufw default allow outgoing # Allow SSH access sudo ufw allow ssh # Allow monerod p2p port sudo ufw allow 18080/tcp # Allow monerod restricted RPC port sudo ufw allow 18089/tcp # Enable UFW sudo ufw enable Download and run monero via Docker # Choose the proper command set below depending on if you want to run a full node or a pruned node and whether you want to advertise your public restricted RPC node to allow other users to sync their wallets using your node or not: An alternative Docker implementation is also available on Github , which even includes native Grafana visualizations. This guide will focus on being extremely simple, so I’ll stick to just monerod here. If you would like to inspect the source code behind the image used here or build it yourself, please see the below link: Source Repository Note: My recommended commands are the first set below, but feel free to choose one of the other 3 options as needed. 1 2 3 4 5 6 docker run -d --restart unless-stopped --name = "monerod" -p 18080:18080 -p 18089:18089 -v bitmonero:/home/monero ghcr.io/sethforprivacy/simple-monerod:latest --rpc-restricted-bind-ip = 0.0.0.0 --rpc-restricted-bind-port = 18089 --no-igd --no-zmq --enable-dns-blocklist docker run -d \ --name watchtower --restart unless-stopped \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower --cleanup \ monerod tor Alternative Docker commands Public node: 1 2 3 4 5 6 docker run -d --restart unless-stopped --name = "monerod" -p 18080:18080 -p 18089:18089 -v bitmonero:/home/monero ghcr.io/sethforprivacy/simple-monerod:latest --rpc-restricted-bind-ip = 0.0.0.0 --rpc-restricted-bind-port = 18089 --public-node --no-igd --no-zmq --enable-dns-blocklist docker run -d \ --name watchtower --restart unless-stopped \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower --cleanup \ monerod tor Pruned node: 1 2 3 4 5 6 docker run -d --restart unless-stopped --name = "monerod" -p 18080:18080 -p 18089:18089 -v bitmonero:/home/monero ghcr.io/sethforprivacy/simple-monerod:latest --rpc-restricted-bind-ip = 0.0.0.0 --rpc-restricted-bind-port = 18089 --no-igd --no-zmq --enable-dns-blocklist --prune-blockchain docker run -d \ --name watchtower --restart unless-stopped \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower --cleanup \ monerod tor Public and pruned node: 1 2 3 4 5 6 docker run -d --restart unless-stopped --name = "monerod" -p 18080:18080 -p 18089:18089 -v bitmonero:/home/monero ghcr.io/sethforprivacy/simple-monerod:latest --rpc-restricted-bind-ip = 0.0.0.0 --rpc-restricted-bind-port = 18089 --public-node --no-igd --no-zmq --enable-dns-blocklist --prune-blockchain docker run -d \ --name watchtower --restart unless-stopped \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower --cleanup \ monerod tor To watch the logs for monerod , simply run: 1 docker logs --follow monerod Running as a different user # In situations where you need the daemon to be run as a different user, I have added fixuid to enable that. Much of the work for this was taken from cornfeedhobo’s docker-monero , and enables you to specify a new user/group in your docker run or docker-compose.yml file to run as a different user. In docker run commands, you can specify the user like this: -user 1000:1000 In docker-compose.yml files, you can specify the user like this: user: ${FIXUID: 1000}:${FIXGID: 1000} A great use-case for this is running with the daemon’s files stored on an NFS mount, or running monerod on a Synology NAS. Updating your Monero node # As we are running Monero in a Docker container and have deployed Watchtower along with it, the node will automatically be restarted with the latest version of monerod whenever a new version is tagged in Github. Nothing else needs to be done manually! Sending commands to your node # monerod supports sending commands locally, allowing you get additional info on the status of monerod , set bandwidth limits, set peer limits, etc. A full list of commands as of v0.17.1.8 can be found below, or by running monerod help : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 Monero 'Oxygen Orion' ( v0.17.1.8-release ) Commands: alt_chain_info [ blockhash ] apropos [ ... ] ban [ | @ ] [ ] banned bans bc_dyn_stats check_blockchain_pruning diff exit flush_cache [ bad-txs ] [ bad-blocks ] flush_txpool [ ] hard_fork_info help [ ] hide_hr in_peers is_key_image_spent limit [ ] limit_down [ ] limit_up [ ] mining_status out_peers output_histogram [ @ ] [ ] pop_blocks print_bc [ ] print_block | print_cn print_coinbase_tx_sum [ ] print_height print_net_stats print_pl [ white ] [ gray ] [ pruned ] [ publicrpc ] [ ] print_pl_stats print_pool print_pool_sh print_pool_stats print_status print_tx [ +hex ] [ +json ] prune_blockchain relay_tx rpc_payments save set_bootstrap_daemon ( auto | none | host [ :port ] [ username ] [ password ]) set_log | show_hr start_mining [ | auto ] [ do_background_mining ] [ ignore_battery ] status stop_daemon stop_mining sync_info unban update ( check | download ) version When you want to run a command, simply run docker exec monerod /usr/local/bin/monerod name_of_command and it will automatically connect to the daemon, run the command, and print the output of that command to the terminal. A few of my most commonly used commands are: docker exec monerod /usr/local/bin/monerod status : get a short output on the status of monerod , including peer counts (both out and in), block height, sync status, and version docker exec monerod /usr/local/bin/monerod sync_info : print a list of peers with info on their status and what syncing your node is doing with them docker exec monerod /usr/local/bin/monerod print_net_stats : print network statistics since monerod started, including received and sent traffic total, average rates, and the limits set docker exec monerod /usr/local/bin/monerod update check : check if an updated version of monerod has been released Port forwarding # If you decide to use this guide on a device on your home network, you will need to be sure to port forward 18080/tcp and 18089/tcp through your router or use an anonymity network like Tor . A good central site with a lot of guides for specific routers can be found at portforward.com . Just make sure to select your proper router make and model, and then open 18080/18089 for TCP only. Using anonymity networks # Tor # If you would like to also expose your RPC port over Tor as a Hidden Service, follow these few commands and you’re all set. This allows you to access your RPC port entirely over Tor without ever even needing to go through exit nodes. Run a