bitcoin-full-node-on-rbp3-revised-88bb7c8ef1d1

Bitcoin Full Node on RBP3 (revised)

This is a revised version of the previous guide, that covers the upgraded Raspbian Stretch & Bitcoin v0.15.1 .

This guide assumes you’re on MacOS, comfortable with terminal and want to run a headless Bitcoin Full Node on a Raspberry Pi 3, setting it up w/o attaching any peripherals to RBP3.

Things you need:

Raspberry Pi 3;
MicroSD card —as of Dec 2017 Bitcoin blockchain is 170GB in size, so you need at least 200GB+ for a full non-pruned node (recommended) or 8GB++ for a pruned node (the more free space is left on the card the longer it will last);
a way to plug the microSD card into your Mac;
around 5 weeks of time for the initial sync (as of late 2017);

Get Raspbian Lite image

Either via torrent or by abusing Raspberry Pi Foundation servers.

Download latest version directly:

wget --content-disposition https://downloads.raspberrypi.org/raspbian_lite_latest

Verify (hash below is for 2017-09-07-raspbian-stretch-lite.zip)

# NOTE: 2 spaces are needed between hash & filename
echo "bd2c04b94154c9804cc1f3069d15e984c927b750056dd86b9d86a0ad4be97f12  2017-09-07-raspbian-stretch-lite.zip" | shasum -a 256 -c -

# the output should be something like:
#  2017-09-07-raspbian-stretch-lite.zip: OK

If the downloaded filename is different, go to the raspbian download pageand get the correct SHA-256 checksum from there.

Put image on the SD card

# Extract .img file from .zip archive
unzip 2017-09-07-raspbian-stretch-lite.zip

Plug the SD card into your computer and run this to identify the disk of your SD card:

diskutil list | grep external

Assuming it’s /dev/disk2:

# Unmount it
diskutil unmountDisk /dev/disk2

# Copy image to the SD card
sudo dd bs=1m if=2017-09-07-raspbian-stretch-lite.img of=/dev/disk2

For OSs other than MacOS, see here.

The above step should leave you with /Volumes/boot already mounted.

Enable ssh

Starting with Raspbian 2016–11–25 SSH is disabled by default. To enable it, a file named ssh needs to be created in the root of the SD card.

touch /Volumes/boot/ssh

More about it here.

Add WiFi credentials

To avoid using ethernet cable & simply speed things up, you can add your first WiFi credentials already (as per this SE post):

nano /Volumes/boot/wpa_supplicant.conf

And put there this:

country=XX
ctrl_interface=/var/run/wpa_supplicant GROUP=netdev update_config=1

network={
    ssid="YOUR_SSID"
    psk="YOUR_PASSWORD"
}

Replace XX with your country code, fill-in network details, and use ctrl+x, y, enter to exit nano .

Unmount

diskutil unmountDisk /dev/disk2

Connect & secure Raspberry

Once above is done, put the card into your Raspberry & power it up.

After a few minutes, it should boot up. Now it’s time to find its IP address.

There are multiple ways to do that, the easiest one would probably be logging into your router interface (most commonly: 192.168.1.1 or 192.168.0.1) and trying to find it there.

If that doesn’t work you can also try:

# MAC prefix 'b8:27:eb:' is reserved for RBP Foundation
# see more: http://hwaddress.com/?q=B827EB000000

arp -a | grep 'b8:27:eb'

Or, if that doesn’t work, you can try nmapping your local network for open 22/tcp ports:

nmap -A '192.168.0-1.*' -p T:22 --open

Assuming the IP of your RBP is 192.168.1.102, ssh to it (default password is raspberry):

ssh pi@192.168.1.102

Note: You might be greeted with a bunch of locale warnings. Feel free to ignore them for now.

Change user password

If you’d rather decrease the chances of your Pi joining some IoS botnet, change your password right away:

## run on RBP:

passwd
exit

Use keys to auth with ssh

Now that we’ve located the RBP and changed its password, let’s make things more secure.

I use Ed25519 keys and I strongly encourage you to do the same. Here’s an easy why & how to switch guide. That being said, you can pass a path to any key in the command below:

## on Mac:

ssh-copy-id -i ~/.ssh/id_ed25519.pub pi@192.168.1.102

Next we need to disable password authentication. Either manually:

## On Mac:
ssh pi@192.168.1.102

## On RBP:

# edit ssh daemon config file
sudo nano /etc/ssh/sshd_config

# Find `#PasswordAuthentication yes` & below it add:
PasswordAuthentication no

Use ctrl+x, y, enter to exit nano .

Or using a oneliner:

## On RBP:

sudo sed -i '/#PasswordAuthentication yes/a PasswordAuthentication no' /etc/ssh/sshd_config

Listen to ssh-audit.py

It’s a good tool that offers good advice. If you want to see recommendations it gives, run:

## on computer:

git clone git@github.com:arthepsy/ssh-audit.git

cd ssh-audit

./ssh-audit.py 192.168.1.102

I won’t go into details here, but to follow its recommendations put this into /etc/ssh/sshd_config file on RBP3:

# make sure these are in the file and NOT commented out:
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# make sure these are either gone or commented out:
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

# add the below lines
KexAlgorithms curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com

For Termius to work on mobile, you need to add diffie-hellman-group-exchange-sha256 to KexAlgorithms and hmac-sha-256 to MACs .

For ConnectBot to work on mobile you only need to add hmac-sha2-512 to MACs , as it supports Ed25519 curves.

Save the file and reload config of the ssh daemon:

## on RBP:

sudo service ssh reload

Note: If you disconnect now you will need to remove line containing 192.168.1.102 from ~/.ssh/known_hosts on your Mac before connecting again.

Permanent IP

To make things a bit more reliable for the future you might want to set a permanent IP for your Pi.

The easiest way to do it is to head over to your router admin page (likely 192.168.1.1 or 192.168.0.1) and find a “permanent IP” / ”DHCP Address Reservation” section — each router is different, so you’re on your own here, but it will look something like:

Note: If you set it up & restart your router before reconnecting, you will nothave to fiddle with known_host file.

Public IP

To have your node as an active and contributing participant in the network, you might want to make sure you have a public (and static) IP. If not, most ISPs can usually provide it for a small fee.

Configure the Raspberry

All following commands are run on RBP, unless specified otherwise.

Localization, Time Zone, etc…

Run the below and feel free to play with the wizard there. You might want to change time zone and WiFi country. Also, “expanding the filesystem” is no longer necessary, as it happens automatically on the first boot (ref: scroll thisto 2016–05–10).

sudo raspi-config

# And if it didn't ask you to, run:
sudo reboot

Note: If you’ve set-up the localisation correctly, all the locale warnings should be gone now.

Get all the shiny updates

sudo apt update
sudo apt upgrade

Disable SWAP

Constant writing to an SD card can kill it in 30 days (according to the internet), so to minimize writes let’s:

# disable SWAP
sudo swapoff --all

# remove package that manages SWAP altogether
sudo apt-get remove dphys-swapfile

# I had some orphans left and this helped
sudo apt-get autoremove

Note: at this point storage taken by the system & updates is around 1.1GB.

Finally, the good stuff

The below steps are mostly, but loosely, based on the official UNIX BUILD NOTES.

Dependencies

Before we start, we need to install all required dependencies.

sudo apt-get install git build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils libboost-system-dev libboost-filesystem-dev libboost-chrono-dev libboost-program-options-dev libboost-test-dev libboost-thread-dev libminiupnpc-dev libzmq3-dev jq

Get Bitcoin client

Go to github.com/bitcoin/bitcoin/releases and see what’s the newest stable release. As of December 2017 it’s v0.15.1:

Knowing that:

cd ~

git clone -b v0.15.1 https://github.com/bitcoin/bitcoin.git

cd bitcoin

Note: As gruesome as “detached HEAD” sounds, it’s exactly as it should be and there’s no reason to panic.

Wallet

At this point you need to decide whether you want your node with wallet or not. You can change it later, but it will require recompilation.

If you intend to run this node on testnet only, there are no real drawbacks to having it compiled with a wallet.
If you intend to run this node on mainnet and want to use it to store funds/sign transactions, I recommend you make sure your RBP is very well secured (ex. bitcoin node running as a separate user, nothing else running on the same RBP, etc, etc…). It is also not recommended to store non-insignificant funds on an internet-connected device.

Berkeley DB (optional)

If you chose the path with wallet you need a very specific version (4.8) of Berkeley db. Luckily, there’s now a convenient script in the Bitcoin repo that does it for you — send love for that to James O’Beirne :).

If you used tag later than v0.15.1 it’s probably enough to:

./contrib/install_db4.sh $(pwd)

Otherwise, run this instead:

wget -qO- https://raw.githubusercontent.com/bitcoin/bitcoin/3d6ad407770e13958e157bf026cae0bfb9254899/contrib/install_db4.sh | sh -s $(pwd)

Bitcoin Client

./autogen.sh

If you want it with wallet, run:

export BDB_PREFIX=$(pwd)/db4

./configure LDFLAGS="-L${BDB_PREFIX}/lib/" CPPFLAGS="-I${BDB_PREFIX}/include/" CXXFLAGS="--param ggc-min-expand=1 --param ggc-min-heapsize=32768" --enable-cxx --without-gui --disable-shared --with-pic --enable-upnp-default

If you want it without wallet, run:

./configure CXXFLAGS="--param ggc-min-expand=1 --param ggc-min-heapsize=32768" --enable-cxx --without-gui --disable-shared --with-pic --enable-upnp-default --disable-wallet

Regardless of the choice above continue:

# this might take 5+ hours
make check

sudo make install

Note: during make check you might see a lot of warnings, fixing them might be a low-hanging-fruit way of becoming a Core contributor ;).

Configure

Probably the best way to get a well optimised ~/.bitcoin/bitcoin.conf file is to use the generator created by Jameson Lopp.

That being said, let’s create the required app data directory:

mkdir ~/.bitcoin

And put the minimal configuration to ~/.bitcoin/bitcoin.conf (note the dot in front of .bitcoin):

# makes client run in background
daemon=1

# magic RBP optimisations
dbcache=100
maxorphantx=10
maxmempool=50
maxconnections=40
maxuploadtarget=5000

Other optional, but useful:

upnp=1 — will try to automagically open a port on your router;
txindex=1 — will allow you to call getrawtransaction on alltransactions (as opposed to only ones in the mempool and/or not fully spent). It’s a good idea to decide on this before the initial sync, changing it later will require a full -reindex;
testnet=1 — runs your node on a testnet, as opposed to mainnet;
rest=1 — enables REST interface on 127.0.0.1:8332;
server=1 — enables JSON-RPC interface;
prune=X — Removes past validated state beyond last X MB. I recommend against node pruning, unless you don’t have an SD card that’s big enough. As an example a reasonable value for a 64GB card would be prune=42000(42GB);

Run

bitcoind
Bitcoin server starting

Make sure it works

It might take a few minutes to start. You can watch progress by running:

tail -n 100 -f ~/.bitcoin/debug.log

# or (in case of testnet)
tail -n 100 -f ~/.bitcoin/testnet3/debug.log

And here’s a few of handy commands that you can later use:

bitcoin-cli getinfo
            getnetworkinfo
            getwalletinfo
            getblockchaininfo
            getpeerinfo

Make sure it’s accessible from outside

If you have public IP & chose upnp=1 your node should be accessible for the outside world. You can check it with:

curl -sL https://bitnodes.earn.com/api/v1/nodes/me-8333/

# or for testnet:
curl -sL https://bitnodes.earn.com/api/v1/nodes/me-18333/

If the response is {"success":true}, just skip to the next step.

Otherwise, there are still some things that can be done, but since they’re all very setup-specific, I will just list some ideas that might be worth pursuing:

Wait a bit (UPnP is currently renewed every 20 minutes),
Restart node and wait until it boots up completely,
Make sure UPnP is supported and enabled on your router,
Assign a permanent local IP to Raspberry Pi, and
Manually set up port forwarding (for port 8333 or 18333),
Make sure your ISP provides you with a public IP (see above).

This is how a successful UPnP **might** look like

Note: If neither of the above worked, your node will still connect to 8 peers and, from your perspective, will still be fully functional. The only difference being it will not be able to relay blocks and serve SPV wallets.

Now wait, and wait, and wait…

Now, that the node is running it will download and process the entire Bitcoin blockchain. This process will take between one or two months. Just leave it running and it will get there eventually.

Run on reboot

To avoid starting the node manually after each reboot, cron can be used:

which bitcoind
/usr/local/bin/bitcoind

crontab -e

And add this line to the end:

@reboot sleep 8; /usr/local/bin/bitcoind

The sleep 8 part is necessary to avoid this error:

Binding RPC on address 127.0.0.1 port 8333 failed.

Trusted Node

Once the sync completes your node is ready for the grand cooperation with the excellent Samourai Wallet . To set it up just follow the simple guide here:

Samourai Bitcoin Wallet – Features
Samourai is the most private and anonymous bitcoin walletsamouraiwallet.com

Other thingies

Logs

If something goes wrong, or you just want to see your node working, you can peak in here:

tail -f -n 100 ~/.bitcoin/debug.log

# or for testnet
tail -f -n 100 ~/.bitcoin/testnet3/debug.log

Note: Each restart generates a bunch of empty lines, so it’s really easy to spot it.

Make ssh welcome message pretty

There’s no reason to see that awful block of text every time you log in. Making it prettier was inspired with stuff from here.

TL;DR:

wget -qO- https://gist.github.com/meeDamian/0006c766340e0afd16936b13a0c7dbd8/raw/b4e98a66b54530d1d13729e13c53c5adbe9436b5/na%25C3%25AFve-rbp-btc.sh | sudo sh

Note: This script has to run as sudo, consider reading what it does before running.

Manual

Save this as /etc/update-motd.d/20-raspberry-bitcoin, and:

chmod +x /etc/update-motd.d/20-raspberry-bitcoin

After either, just log in again, and you should be greeted with:

Note: You can summon the view above at any time with:

run-parts --lsbsysinit /etc/update-motd.d

Improvements? Mistakes?

If you’ve found anything incorrect in this guide, or have an idea on how to improve it, feel free to either leave a comment, btc AT meedamian DOT com or @meeDamian me.

Other Guides…

This is a third guide in a series of planned:

Litecoin Full Node on RBP3,
(obsolete) Bitcoin Full Node (with or w/o BIP148 UASF ) on RBP3,
Bitcoin Full Node on RBP3 (revised),
Bitcoin through Tor on RBP3,
Lightning Network (c-lightning) on RBP3,
Lightning Network (lnd) on RBP3.