Author

Topic: [Guide] FULL NODE OpenSUSE 15.3: bitcoind + electrs + c-lightning + RTL (Read 2109 times)

hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
The guide was again updated to the latest version of everything:

Code:
Bitcoin Core v26.0
electrs v0.10.2
Core Lightning v23.11.2
RTL v0.15.0

Upgrading worked mostly as I previously described here:
https://bitcointalksearch.org/topic/m.61920456

However, this time there are a few changes regarding the Lightning REST API. I switched from c-lightning-REST to the new CLNRest API built into Core Lightning since v23.08, because sticking to the old method was giving me some issues when upgrading.

The following changes need to be made. After upgrading Core Lightning, do the following:
Code:
cd /home/bitcoin/lightning
pip install -r plugins/clnrest/requirements.txt
nano /home/bitcoin/.lightning/bitcoin/lightningd.conf

Add the following lines to the end of the file:
Code:
# REST API
clnrest-port=3010

Then, after upgrading RTL, edit this line in /home/bitcoin/RTL/RTL-Config.json and replace CLT with CLN, and port number 3001 with 3010:
Code:
"lnImplementation": "CLN"
[...]
"lnServerUrl": "https://127.0.0.1:3010"

Also, add this element to the Authentication section of this file (look at the updated guide for the whole file):
Code:
"runePath": "/home/bitcoin/RTL/rune0"

Lastly, create a 'rune', which is like an access token in Core Lightning, as follows:
Code:
lightning-cli createrune
lightning-cli showrunes

You'll get an output like this.
Code:
$ lightning-cli showrunes
{
   "runes": [
      {
         "rune": "SGVsbG8gQml0Y29pbnRhbGshIFRoaXMgaXMgYSBkZW1vLg==",
         "last_used": 1199145600.138712375,
         "unique_id": "0",
         "restrictions": [],
         "restrictions_as_english": ""
      }
   ]
}

Create a file /home/bitcoin/RTL/rune0 with the following contents. Paste the rune from above between the quotes, as shown here.
Code:
LIGHTNING_RUNE="SGVsbG8gQml0Y29pbnRhbGshIFRoaXMgaXMgYSBkZW1vLg=="

Now you do a clean restart of your node or restart all the services individually.
Code:
sudo service bitcoind restart
sudo service electrs restart
sudo service lightningd restart
sudo service RTL restart
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Just a little PSA for everyone updating to Bitcoin Core v25.0 that I just noticed: Since some time in May of this year, it requires GCC version 9 or higher: https://github.com/bitcoin/bitcoin/pull/27662

Therefore, you need to install it as shown here.
Code:
sudo zypper up
sudo zypper -v install gcc9 gcc9-c++

sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 30
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-9 30
sudo update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++-9 30

Then, proceed with the instructions I have previously given for updating Bitcoin Core.
Bitcoin Core
Code:
su - bitcoin
cd /home/bitcoin/bitcoin
git stash
git checkout master
git pull
git checkout v25.0

./autogen.sh
./configure
make -j $(nproc)
exit
cd /home/bitcoin/bitcoin
sudo make install

sudo service bitcoind restart



Also just finished updating the guide to all latest versions:
Changelog:

[...]
26.06.2023: Update guide -- all latest versions! Bitcoin Core v25.0, electrs 0.9.12, Core Lightning v23.05.1 and RTL v0.14.0.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Updated the version numbers for Lightning stuff especially.
In general, for updating these components, you should navigate to their respective folders:

  • /home/bitcoin/bitcoin # for Bitcoin Core
  • /home/bitcoin/electrs # for Electrum server
  • /home/bitcoin/lightning # for Core Lightning
  • /home/bitcoin/c-lightning-REST # for CLN Rest API
  • /home/bitcoin/RTL # for RTL GUI

And then for each, as user bitcoin stash changes, switch to master, pull latest version, check it out and rebuild.
Code:
su - bitcoin
cd [insert location here]
git stash
git checkout master
git pull
git checkout [insert latest version here]

[build instructions from the guide]



I decided to type them all out for completeness. I still think it's good to know what the commands do (hence the generic version with explanations above).

Bitcoin Core
Code:
su - bitcoin
cd /home/bitcoin/bitcoin
git stash
git checkout master
git pull
git checkout v25.0

./autogen.sh
./configure
make clean
make -j $(nproc)
exit
cd /home/bitcoin/bitcoin
sudo make install

sudo service bitcoind restart

electrs
Code:
su - bitcoin
cd /home/bitcoin/electrs
git stash
git checkout master
git pull

cargo build --locked --release --no-default-features
exit
sudo service electrs restart

Core Lightning
Code:
su - bitcoin
cd /home/bitcoin/lightning
git stash
git checkout master
git pull
git checkout v23.02.2

./configure
make -j $(nproc)
exit
cd /home/bitcoin/lightning
sudo make install

sudo service lightningd restart

CLN REST API
Code:
su - bitcoin
cd /home/bitcoin/c-lightning-REST
git stash
git checkout master
git pull
git checkout v0.10.4

npm install --only=prod
exit
sudo service c-lightning-REST restart

Ride The Lightning
Code:
su - bitcoin
cd /home/bitcoin/RTL
git stash
git checkout master
git pull
git checkout v0.14.0

npm install --only=prod --legacy-peer-deps
exit
sudo service RTL restart
jr. member
Activity: 49
Merit: 11

You installed Bitcoin Core and Core Lightning on your Futurebit Apollo? How is it going?

If you have the Apollo, a Mac Mini and a Threadripper-based PC, I'd absolutely recommend leaving the node on the Apollo (Orange Pi 4), as long as you installed custom OS like described in my guide.


Sorry totally missed this post yes i got it going as you described i didnt install the buster version was that a mistake? im noticing the new version debian 11 is basically ubuntu should i redo it with buster? Everytime i make a change i just copy back over the device tree. I'm wondering now if the original futurebit image is fine as it appears to run alpine linux under the good with ubuntu overtop i may be wrong here.

I like the idea of a SBC so can add a battery backup to keep it going on cellular just incase. My futurebit node has 70-80 peers on average shipping off 14-20 gigs a day of served up blocks. whether it helps or not i have no idea i would assume so it seems node should be more important than miners as they are far less of them in residential as i can tell anyways.

ive given up on making any kind of break even on mining im focusing on the software portion and learning C i always neglected it the past 20 years. When i think of arm i think of software based hardware so when i think of bare metal its a full blown pc. maybe not proper terms.

I have had major tech burnout the last 3 years looking back on all the things i should of been aware of and just ignored. trying to get back on the pony its all ive ever loved a hobby.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!

In the beginning especially, it is a bit of trial and error and you'll figure out which channels are never used (close them), which routes are often long & expensive (open direct / closer channels to the destination) and such.
There are also quite a few guides online, such as here.
I just want to start off trying to route transactions i dont have a specific goal in mind to utilize it myself i dont know enough people into bitcoin they all seen me lose my ass. Thanks for all that guides you put up blockchain has a lot of moving parts and the information is a little hard to sift through.
If you want to set up a node mainly for routing, have a look around for 'Lightning Routing Node' guides, such as this one. I only skimmed it, but the advice there seems reasonable.

I don't think we have a guide for configuring a dedicated routing node here on Bitcointalk, probably because nobody here is running one and can make a well-informed guide about it. Do feel free to create one yourself, after gathering some experience with your own routing node!
jr. member
Activity: 49
Merit: 11

In the beginning especially, it is a bit of trial and error and you'll figure out which channels are never used (close them), which routes are often long & expensive (open direct / closer channels to the destination) and such.
There are also quite a few guides online, such as here.

I just want to start off trying to route transactions i dont have a specific goal in mind to utilize it myself i dont know enough people into bitcoin they all seen me lose my ass. Thanks for all that guides you put up blockchain has a lot of moving parts and the information is a little hard to sift through.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
How do you find other peers to link to? Just got all my lightning node up unsure what steps to do next with it. im also running a seperate bitcoind with no outgoing besides tor is that fine for lightning or should i switch it to my main bitcoin node? i setup second one so i could use bitcoincore with wallet enabled.
You don't need a second instance of Bitcoin Core, because you also don't need the Bitcoin Core wallet.
Core Lightning has its own integrated on-chain wallet, but I know that it is easy to assume that Lightning's on-chain wallet is the Bitcoin Core default wallet.

As for finding peers; there is no real science behind that. I'd advice if there is a service you (plan to) often use, feel free to open a direct channel. Be it a centralized exchange (although I recommend against using those, in general), an online shop or another platform you use regularly like https://www.bitrefill.com/.

You could also open channels with other forum members; just ask in here or here.

In the beginning especially, it is a bit of trial and error and you'll figure out which channels are never used (close them), which routes are often long & expensive (open direct / closer channels to the destination) and such.
There are also quite a few guides online, such as here.
jr. member
Activity: 49
Merit: 11
How do you find other peers to link to? Just got all my lightning node up unsure what steps to do next with it. im also running a seperate bitcoind with no outgoing besides tor is that fine for lightning or should i switch it to my main bitcoin node? i setup second one so i could use bitcoincore with wallet enabled.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
"Many years" might be enough in practice, maybe we can agree on that
Agreed. Wink

And lastly, even when that support ends, technically Bitcoin Core will still run on it. Bitcoin Core doesn't really care whether your OS is still updated or not.
sure but some hacker will care about your OS having known security holes: but for the wrong reasons!
Again, though: if you view the Mac Mini as a compact PC with quite a bit more compute power than a Raspberry Pi, that can also runs Linux, it may be a good choice for some. Because you can definitely install latest Linux kernel on old Mac Minis that don't get software support by Apple anymore.

Even the M1 Mac Mini already runs Linux thanks to Asahi Linux.

I'm not sure how it compares price-wise to an Intel Nuc, though. Those seem to fit into a similar niche of laptop-style hardware in a cheaper, headless package. I do think it's a very interesting form factor, because single-board computers often just don't cut it and not everyone wants to keep a power-hungry desktop or server running 24/7 for mostly small tasks.
legendary
Activity: 3430
Merit: 3068
"supported forever" is the most practical point, and servers are all about practicality imo. Look at it this way: you'll need to buy a new Mac, or start using Linux, when Apple cancel support for your hardware. Start today instead.
you can upgrade to a newer version, but even that is not 'forever'.

chack out 'rolling' distributions, it's a concept that suits servers very well (OS/software support forever). you just keep on downloading and installing the updates, and that's it

obviously hardware is not often supported in perpetuity, but if that's the issue, Apple is the last platform to consider


If he does end up choosing a Mac Mini, that's an expensive, but not terrible, relatively low-power, but more capable platform than e.g. a Raspberry Pi, so he would have more computing headroom for other stuff.

One more thing regarding longevity: To the best of my knowledge, Apple hardware gets major version updates for many many years. Even when that stops, similarly to Android, they still ship security updates. For instance, macOS 11 is still supported, with its first release in June 2020.

no. although Apple provide some long-term hardware support, they have the worst record in the industry when it comes to supporting old hardware (and that's a significant part of their business model).
"Many years" might be enough in practice, maybe we can agree on that


And lastly, even when that support ends, technically Bitcoin Core will still run on it. Bitcoin Core doesn't really care whether your OS is still updated or not.

sure but some hacker will care about your OS having known security holes: for the wrong reasons!
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
"supported forever" is the most practical point, and servers are all about practicality imo. Look at it this way: you'll need to buy a new Mac, or start using Linux, when Apple cancel support for your hardware. Start today instead.
That's not entirely correct, to be honest. Every Linux LTS version has some kind of end date. Sometimes modern packages start getting unavailable even long before that and you need to install custom sources and whatever.
Of course, you can upgrade to a newer version, but even that is not 'forever'. See: https://linuxiac.com/linux-kernel-developers-discuss-dropping-old-cpu-platforms/

If he does end up choosing a Mac Mini, that's an expensive, but not terrible, relatively low-power, but more capable platform than e.g. a Raspberry Pi, so he would have more computing headroom for other stuff.

One more thing regarding longevity: To the best of my knowledge, Apple hardware gets major version updates for many many years. Even when that stops, similarly to Android, they still ship security updates. For instance, macOS 11 is still supported, with its first release in June 2020.

And lastly, even when that support ends, technically Bitcoin Core will still run on it. Bitcoin Core doesn't really care whether your OS is still updated or not. Although there may be security concerns at that point. Even then, the Mac Mini buyer can still always install some nice, modern LTS Linux distro on that hardware... Wink
legendary
Activity: 3430
Merit: 3068
i prefer mac os i know its a walled garden but most things are just done right in the os.

linux is:
  • much leaner (you won't need even 4GB RAM)
  • done right (+ macOS is not as good as it used to be)
  • supported forever
  • no surveillance mysteries (do Apple suck your data or not? they seem to try very hard to convince you that they could... but don't Undecided Roll Eyes )

"supported forever" is the most practical point, and servers are all about practicality imo. Look at it this way: you'll need to buy a new Mac, or start using Linux, when Apple cancel support for your hardware. Start today instead.

I'd absolutely recommend leaving the node on the Apollo (Orange Pi 4), as long as you installed custom OS like described in my guide.

right, the least powerful node I'm running is a Raspberry Pi 3 (1GB RAM, 1.5GHz processor). With all the software upgrades (to linux + all bitcoin upgrades), it now runs better than it did when I bought it 5 years ago.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
n0nce thanks for taking the time to make the guides they are very useful as im learning the rest of how bitcoin operates. I think i like baremetal as opposed to arm is there a benefit? What about Mac Mini the latest versions with 16g of ram? i prefer mac os i know its a walled garden but most things are just done right in the os.
You're confusing some terms here. Bare-metal refers to installing software directly on the base OS without any virtualization layer like a VirtualBox VM or Docker.
ARM is a processor architecture; used for instance in Raspberry Pi SoCs, but also in Apple mobile chips and lately the M1 and M2 families of laptop and desktop chips.

You absolutely don't need a Mac Mini with 16GB to run a full node. Something cheap with 8GB totally suffices. For a server application like a Bitcoin full node with Electrum and Lightning on it, I do recommend sticking to Linux. If you want to use that Mac Mini for personal stuff, too, you may want to look into running the Bitcoin stuff in a VirtualBox VM with OpenSUSE.

I'm hopeful i will get to do my first lightning transaction sometime tonight! everything is done except RTL doing it on futurebit for now but will probably migrate it to a thread ripper that i have sitting for the past 2 years or is that overkill?
You installed Bitcoin Core and Core Lightning on your Futurebit Apollo? How is it going?

If you have the Apollo, a Mac Mini and a Threadripper-based PC, I'd absolutely recommend leaving the node on the Apollo (Orange Pi 4), as long as you installed custom OS like described in my guide.

It pulls the least amount of power and runs Linux by default. So it's kind of an easy choice.
legendary
Activity: 3430
Merit: 3068
Part 3 (optional): Hardening
This is a version 3 hidden service, so it cannot be found in any way unlike servers in the clearnet or Tor v2.

not sure if this is altogether true.

The tor project people advise to defend against side-channel attacks that can (supposedly) discover the IP of hidden services, they have an add-on (vanguards) to mitigate the issue.

not sure if more recent versions of tor daemon manage the side-channel attacks better, although a "lite" version of the add-on has been part of the main tor daemon, since last year I think. The recommendation at that time was that any serious hidden service should continue to use the full vanguards add-on.
jr. member
Activity: 49
Merit: 11
n0nce thanks for taking the time to make the guides they are very useful as im learning the rest of how bitcoin operates. I think i like baremetal as opposed to arm is there a benefit? What about Mac Mini the latest versions with 16g of ram? i prefer mac os i know its a walled garden but most things are just done right in the os.

I'm hopeful i will get to do my first lightning transaction sometime tonight! everything is done except RTL doing it on futurebit for now but will probably migrate it to a thread ripper that i have sitting for the past 2 years or is that overkill?
newbie
Activity: 2
Merit: 0
Awesome, I postponed updating to v22 to not screw something up, it works just installing over old files as you said. Thanks!
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Do you also maybe have a guide for updating core lightning node without losing funds/channels?
I had at least considered making one, but I believe I've never gotten around to doing it.
Usually, I put links to my guides on my webpage so they can be found easily.

But in essence, you can just install the new version (just like in the guide, but checking out latest version number) 'on top' of the old installation and it will just replace the binary; not touching your seed, channels and other existing data.
newbie
Activity: 2
Merit: 0
Do you also maybe have a guide for updating core lightning node without losing funds/channels?
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
I have a question. How does lightning daemon works normally when I've renamed the lightning directory? (lightning is the v0.11.2 directory, lightning2 is the old v0.10.2 directory which is running at the moment)

What binary does it run when I execute lightningd?

For location either of these:
Code:
whereis lightningd
which lightningd

For version:
Code:
lightningd --version

What binary does it run when I execute lightningd?
Probably the one you compiled more recently. You probably used "sudo make install" after the compilation which should have replaced old binaries.
Correct; sudo make install actually just copies the binary you just compiled into a default location on your PATH, such as /usr/local/bin/.
If there's another binary there with the same name, it is indeed replaced.

You could work around that by either renaming the old binary before sudo make install, such that it's not overwritten.
Or you could also start lightningd directly from the build directory.

Code:
bitcoin@localhost:~/lightning> ./lightningd/lightningd --version
v0.11.2
legendary
Activity: 1598
Merit: 1555
精神分析的爸
I have a question. How does lightning daemon works normally when I've renamed the lightning directory? (lightning is the v0.11.2 directory, lightning2 is the old v0.10.2 directory which is running at the moment)

What binary does it run when I execute lightningd?

Maybe try
Code:
whereis lightningd
in a shell (assuming it is in your $PATH when you execute it like that).
legendary
Activity: 1876
Merit: 3131
What binary does it run when I execute lightningd?

Probably the one you compiled more recently. You probably used "sudo make install" after the compilation which should have replaced old binaries.
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
I have a question. How does lightning daemon works normally when I've renamed the lightning directory? (lightning is the v0.11.2 directory, lightning2 is the old v0.10.2 directory which is running at the moment)

What binary does it run when I execute lightningd?
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Did the install work?
Code:
protoc --version
Yes.
Code:
libprotoc 3.12.3

And I'd probably do a make clean or just re-clone the repo at this point; you've tried a lot of stuff
I did both make with clean and re-cloned the repository. It still stops in sudo make install as it fails to parse the manifest at `/home/bitcoin/lightning/cln-rpc/Cargo.toml`.
legendary
Activity: 1932
Merit: 1273
I just tried compiling Core Lightning, and am happy to report that it works fine!

Do you try it out on a 32-bit system environment?
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
It still stops here during make:
Code:
~

Thanks for your time, though.

Did the install work?
Code:
protoc --version

And I'd probably do a make clean or just re-clone the repo at this point; you've tried a lot of stuff. Grin

No worries! This is an OpenSUSE full node guide, but if it contains a few tips for Debian users, why the hell not.. Wink
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
It still stops here during make:
Code:
error: failed to run custom build command for `cln-grpc v0.0.1 (/home/bitcoin/lightning/cln-grpc)`

Caused by:
  process didn't exit successfully: `/home/bitcoin/lightning/target/debug/build/cln-grpc-beb9091097bb64ac/build-script-build` (exit status: 101)
  --- stderr
  thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Custom { kind: Other, error: "protoc failed: node.proto: This file contains proto3 optional fields, but --experimental_allow_proto3_optional was not set.\n" }', cln-grpc/build.rs:2:53
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
make: *** [plugins/Makefile:191: target/debug/examples/cln-plugin-startup] Error 101

Thanks for your time, though.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
~
Alright, I spun up a new Debian 10 Droplet.

(1) Updated package manager and packages
Code:
sudo apt update && sudo apt upgrade

(2) Install latest protobuf for Debian 10
Code:
sudo apt install protobuf-compiler

(3) Check protoc version
Code:
root@helloworld:~# protoc --version
libprotoc 3.6.1

==> Indeed, seems like Debian 10 Buster does not have latest protobuf in its package manager by default! So it's not your fault, BlackHatCoiner! Wink

Now, last Raspibolt release is quite a while ago, so upgrading it is probably not an option. Let's solve this otherwise.
[1] Add the buster-backports sources to our package manager.
Code:
echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list.d/sources.list

[2] Update package manager
Code:
sudo apt update

[3] Install protobuf again
Code:
sudo apt install -t buster-backports protobuf-compiler

[4] Maybe, for good measure also install these (they should come with protobuf-compiler, though).
Code:
sudo apt install -t buster-backports libprotoc-dev libprotoc23



I just tried compiling Core Lightning, and am happy to report that it works fine!
Code:
./configure
make -j $(nproc)

If you have any more questions about any of the commands, don't hesitate to ask here or through DM!
I say this specifically because of:
The worst part is that I've run lots of commands that I don't know what they do. But, that's just personal, I'll have to study more.
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Code:
lsb_release -a
cat /etc/os-release
hostnamectl

Code:
bitcoin@raspibolt:~ $ lsb_release -a
No LSB modules are available.
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 10 (buster)
Release: 10
Codename: buster

bitcoin@raspibolt:~ $ cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"

bitcoin@raspibolt:~ $ hostnamectl
   Static hostname: raspibolt
         Icon name: computer
        Machine ID:
           Boot ID:
  Operating System: Raspbian GNU/Linux 10 (buster)
            Kernel: Linux 5.10.103-v7l+
      Architecture: arm
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Make sure to update your package manager and other packages.
I've updated both, and even restarted, but the version remains the same. My system doesn't know any newer versions:
Quote
protobuf-compiler is already the newest version (3.6.1.3-2+rpi1)
Then it probably depends on the Linux version you're running.
What I tried and sent you before, was on Ubuntu 20.04 LTS, as I figured Raspibolt is Debian or Ubuntu based.

Can you try these commands to figure out what you're running?
Code:
lsb_release -a
cat /etc/os-release
hostnamectl

Code:
root$ sudo apt install plocate
Did you perhaps mean sudo apt install locate? There's no package by the name "plocate". Also, I don't get anything in return when I run the locate command. Maybe it only works on OpenSUSE? Absolutely nothing:
Code:
root@raspibolt:/home/bitcoin# locate libprotobuf
root@raspibolt:/home/bitcoin#
(I've installed the locate package)
Then, a whole bunch of stuff is actually completely missing. You need the protobuf compiler and libraries.
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Unfortunately, I'm still with protoc 3.6 as the newest version, and can't build c-lightning v0.11.2.

Code:
python -m poetry run make -j4
This particular command returned me the same ugly error above.

The worst part is that I've run lots of commands that I don't know what they do. But, that's just personal, I'll have to study more.
legendary
Activity: 1932
Merit: 1273
I've updated both, and even restarted, but the version remains the same. My system doesn't know any newer versions:

I would try to install it with Python dependencies installed.

Code:
make clean
pip install --user poetry
python -m poetry install
./configure
python -m poetry run make -j4

Then install if it works.

Code:
sudo make install

It looks like building CLN didn't require a system protobuf lib since I did not install it but was able to build it, either with @n0nce guide or the above one. The way of installing using Poetry above install the protobuf depedency which required to build cln-grpc.

Adjust the python command accordingly if your default python version is not the same.
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Make sure to update your package manager and other packages.
I've updated both, and even restarted, but the version remains the same. My system doesn't know any newer versions:
Code:
root$ sudo apt install plocate
Did you perhaps mean sudo apt install locate? There's no package by the name "plocate". Also, I don't get anything in return when I run the locate command. Maybe it only works on OpenSUSE? Absolutely nothing:
Code:
root@raspibolt:/home/bitcoin# locate libprotobuf
root@raspibolt:/home/bitcoin#

(I've installed the locate package)
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
~
Seems like an outdated version.

Make sure to update your package manager and other packages.
Code:
root$ sudo apt update && sudo apt upgrade

Then install latest protobuf using sudo apt install protobuf-compiler. On current Ubuntu it should be 3.12 or 3.14, meanwhile you've somehow got 3.6
Code:
root$ protoc --version
Command 'protoc' not found, but can be installed with:
snap install protobuf           # version 3.14.0, or
apt  install protobuf-compiler  # version 3.12.4-1ubuntu7
See 'snap info protobuf' for additional versions.

root$ sudo apt install protobuf-compiler
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  fontconfig-config fonts-dejavu-core libc-dev-bin libc-devtools libc6-dev libcrypt-dev libdeflate0 libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libnsl-dev
  libprotobuf-dev libprotobuf-lite23 libprotobuf23 libprotoc23 libtiff5 libtirpc-dev libwebp7 libxpm4 linux-libc-dev manpages-dev rpcsvc-proto zlib1g zlib1g-dev
Suggested packages:
  glibc-doc libgd-tools protobuf-mode-el
The following NEW packages will be installed:
  fontconfig-config fonts-dejavu-core libc-dev-bin libc-devtools libc6-dev libcrypt-dev libdeflate0 libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libnsl-dev
  libprotobuf-dev libprotobuf-lite23 libprotobuf23 libprotoc23 libtiff5 libtirpc-dev libwebp7 libxpm4 linux-libc-dev manpages-dev protobuf-compiler rpcsvc-proto
  zlib1g-dev
The following packages will be upgraded:
  zlib1g
1 upgraded, 26 newly installed, 0 to remove and 2 not upgraded.
Need to get 3888 kB/11.6 MB of archives.
After this operation, 50.4 MB of additional disk space will be used.
Do you want to continue? [Y/n]

[...]

root$ protoc --version
libprotoc 3.12.4

The following is also helpful to see what is installed and where.
Code:
root$ sudo apt install plocate
[...]

root$ locate libprotobuf
/snap/lxd/22923/lib/x86_64-linux-gnu/libprotobuf-c.so.1
/snap/lxd/22923/lib/x86_64-linux-gnu/libprotobuf-c.so.1.0.0
/usr/lib/x86_64-linux-gnu/libprotobuf-lite.a
/usr/lib/x86_64-linux-gnu/libprotobuf-lite.so
/usr/lib/x86_64-linux-gnu/libprotobuf-lite.so.23
/usr/lib/x86_64-linux-gnu/libprotobuf-lite.so.23.0.4
/usr/lib/x86_64-linux-gnu/libprotobuf.a
/usr/lib/x86_64-linux-gnu/libprotobuf.so
/usr/lib/x86_64-linux-gnu/libprotobuf.so.23
/usr/lib/x86_64-linux-gnu/libprotobuf.so.23.0.4
/usr/share/doc/libprotobuf-dev
/usr/share/doc/libprotobuf-lite23
/usr/share/doc/libprotobuf23
/usr/share/doc/libprotobuf-lite23/changelog.Debian.gz
/usr/share/doc/libprotobuf-lite23/copyright
/usr/share/doc/libprotobuf23/changelog.Debian.gz
/usr/share/doc/libprotobuf23/copyright
/var/cache/apt/archives/libprotobuf-dev_3.12.4-1ubuntu7_amd64.deb
/var/cache/apt/archives/libprotobuf-lite23_3.12.4-1ubuntu7_amd64.deb
/var/cache/apt/archives/libprotobuf23_3.12.4-1ubuntu7_amd64.deb
/var/lib/dpkg/info/libprotobuf-dev:amd64.list
/var/lib/dpkg/info/libprotobuf-dev:amd64.md5sums
/var/lib/dpkg/info/libprotobuf-lite23:amd64.list
/var/lib/dpkg/info/libprotobuf-lite23:amd64.md5sums
/var/lib/dpkg/info/libprotobuf-lite23:amd64.shlibs
/var/lib/dpkg/info/libprotobuf-lite23:amd64.triggers
/var/lib/dpkg/info/libprotobuf23:amd64.list
/var/lib/dpkg/info/libprotobuf23:amd64.md5sums
/var/lib/dpkg/info/libprotobuf23:amd64.shlibs
/var/lib/dpkg/info/libprotobuf23:amd64.triggers
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Code:
protoc --version
Code:
bitcoin@raspibolt:~ $ protoc --version
libprotoc 3.6.1

Code:
locate libprotobuf
The locate command is not found.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
I'm trying to install libprotobuf-dev, protobuf-compiler as said in Github, and I'll let you know.

Edit: Ugh, another ugly error.
Code:
error: failed to run custom build command for `cln-grpc v0.0.1 (/home/bitcoin/lightning/cln-grpc)`

Caused by:
  process didn't exit successfully: `/home/bitcoin/lightning/target/debug/build/cln-grpc-beb9091097bb64ac/build-script-build` (exit status: 101)

Followed by an endless list of stuff like:
Quote
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Custom { kind: Other, error: "protoc failed: node.proto:75:18: Explicit 'optional' labels are disallowed in the Proto3 syntax. To define 'optional' fields in Proto3, simply remove the 'optional' label, as fields are 'optional' by default.\nnode.proto:76:18: Explicit 'optional' labels are disallowed in the Proto3 syntax. To define 'optional' fields in Proto3, simply remove the 'optional' label, as fields are 'optional' by default.\nnode.proto:98:18: Explicit 'optional' labels are disallowed in the Proto3 syntax.
Something's off with your protobuf.

What does your machine spit out for these 2 commands?
Code:
protoc --version

locate libprotobuf
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
That installation should have automatically updated your PATH environment, have you tried to restart your console?
Yes, it's updated:
Code:
bitcoin@raspibolt:~/lightning $ cargo --version
cargo 1.63.0 (fd9c4297c 2022-07-01)

But it now fails to run custom command with this "prost-build v0.8.0":
Code:
make: *** [plugins/Makefile:191: target/debug/examples/cln-plugin-startup] Error 101
make: *** Waiting for unfinished jobs....
error: failed to run custom build command for `prost-build v0.8.0`

Caused by:
  process didn't exit successfully: `/home/bitcoin/lightning/target/debug/build/prost-build-02336ebf13cd8614/build-script-build` (exit status: 101)
  --- stderr
  thread 'main' panicked at 'Failed to find the protoc binary. The PROTOC environment variable is not set, there is no bundled protoc for this platform, and protoc is not in the PATH', /home/bitcoin/.cargo/registry/src/github.com-1285ae84e5963aae/prost-build-0.8.0/build.rs:105:10
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
make: *** [plugins/Makefile:194: target/debug/cln-grpc] Error 101
rm external/arm-linux-gnueabihf/libwally-core-build/src/secp256k1/libsecp256k1.la

It must have to do with cargo, as it searches the .cargo path. The above is prompt on make.

I'm trying to install libprotobuf-dev, protobuf-compiler as said in Github, and I'll let you know.

Edit: Ugh, another ugly error.
Code:
error: failed to run custom build command for `cln-grpc v0.0.1 (/home/bitcoin/lightning/cln-grpc)`

Caused by:
  process didn't exit successfully: `/home/bitcoin/lightning/target/debug/build/cln-grpc-beb9091097bb64ac/build-script-build` (exit status: 101)

Followed by an endless list of stuff like:
Quote
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Custom { kind: Other, error: "protoc failed: node.proto:75:18: Explicit 'optional' labels are disallowed in the Proto3 syntax. To define 'optional' fields in Proto3, simply remove the 'optional' label, as fields are 'optional' by default.\nnode.proto:76:18: Explicit 'optional' labels are disallowed in the Proto3 syntax. To define 'optional' fields in Proto3, simply remove the 'optional' label, as fields are 'optional' by default.\nnode.proto:98:18: Explicit 'optional' labels are disallowed in the Proto3 syntax.
legendary
Activity: 1932
Merit: 1273
Do you run OpenSUSE & installed through this guide?
Oh no, I used Raspibolt's guide. I presume I just need to run the same command with sudo apt install, instead?

That is correct but the default Debian Cargo package uses the old version.
https://tracker.debian.org/pkg/cargo

Is this supposed to change my cargo or rust version? Because I just executed it, and I'm still with the same error during sudo make install.
It supposes to change both since it comes prepackaged.

That installation should have automatically updated your PATH environment, have you tried to restart your console?

If it still does not work, updating it should do it. export PATH="$HOME/.cargo/bin:$PATH"
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Do you run OpenSUSE & installed through this guide?
Oh no, I used Raspibolt's guide. I presume I just need to run the same command with sudo apt install, instead?
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
It's weird because CLN plugin didn't update its Rust edition since 0.10.2. How did you install Rust and Cargo?
I honestly don't remember install neither of them.
Do you run OpenSUSE & installed through this guide? If so, this command did it:

[1] Install dependencies, make sure you're logged into your sudoer account and not in bitcoin.
Code:
sudo zypper install clang cargo rust tor libstdc++6-devel-gcc11

I don't know neither of the two, but isn't the error essentially saying that I have to upgrade my cargo?
The error is saying that your cargo is outdated, yes.

Leap 15.3 should be giving you Rust 1.62 and accompanying cargo version.
https://software.opensuse.org/package/rust
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
It's weird because CLN plugin didn't update its Rust edition since 0.10.2. How did you install Rust and Cargo?
I honestly don't remember installing neither of them.

Code:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Is this supposed to change my cargo or rust version? Because I just executed it, and I'm still with the same error during sudo make install. My cargo version hasn't changed, so it was probably for rust. I don't know neither of the two, but isn't the error essentially saying that I have to upgrade my cargo?
legendary
Activity: 1932
Merit: 1273
What is your Cargo version?
Code:
cargo 1.48.0 (65cbdd2dc 2020-10-14)

Yea it's the older unsupported version.

It's weird because CLN plugin didn't update its Rust edition since 0.10.2. How did you install Rust and Cargo?

For the issue, simply upgrading the cargo version should suffice. You either update it from the package manager(if your package repository has min cargo v 1.56.0) or simply change/use the Rust installation method using Rustup

https://www.rust-lang.org/tools/install
Code:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
What is your Cargo version?
Code:
cargo 1.48.0 (65cbdd2dc 2020-10-14)
legendary
Activity: 1932
Merit: 1273
Code:
Caused by:
  failed to parse the `edition` key

Caused by:
  this version of Cargo is older than the `2021` edition, and only supports `2015` and `2018` editions.
make: *** [plugins/Makefile:194: target/debug/cln-grpc] Error 101
rm external/arm-linux-gnueabihf/libwally-core-build/src/secp256k1/libsecp256k1.la

What is your Cargo version?

Code:
cargo --version
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
I'm trying to upgrade from v0.10.2 to v0.11.2, and there must be something wrong with either my machine or this installation. I have renamed my previous lightning directory to lightning2, and I'm git-ing the new version. I do the git checkout, run the ./configure, make with make -j $(nproc), add the safe directories (lightning & lightning/external/libwally-core), but once I run sudo make install, this happens:

Code:
[...]
cc plugins/spender/openchannel.c
ld plugins/spenderp
cargo build --quiet --bin cln-grpc
error: failed to parse manifest at `/home/bitcoin/lightning/cln-rpc/Cargo.toml`

Caused by:
  failed to parse the `edition` key

Caused by:
  this version of Cargo is older than the `2021` edition, and only supports `2015` and `2018` editions.
make: *** [plugins/Makefile:194: target/debug/cln-grpc] Error 101
rm external/arm-linux-gnueabihf/libwally-core-build/src/secp256k1/libsecp256k1.la

Should I open a Github issue, or has it happened to you before, and you know how it can be resolved?
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Changelog:

29.11.2021: Update guide for electrs 0.9.3 and c-lightning 0.10.2
30.01.2022: Add RTL install instructions
17.07.2022: Update guide -- all latest versions! Bitcoin Core v23.0, electrs 0.9.8, c-lightning 0.11.2 and RTL v0.12.3.
22.08.2022: Update guide -- all latest versions! Bitcoin Core v23.0, electrs 0.9.9, Core Lightning v0.11.2 and RTL v0.13.0.
Updated again! Pretty excited about this one, since RTL v0.13.0 now has a pretty cool GUI for creating and finding Liquidity Ads.

hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Changelog:

29.11.2021: Update guide for electrs 0.9.3 and c-lightning 0.10.2
30.01.2022: Add RTL install instructions
17.07.2022: Update guide -- all latest versions! Bitcoin Core v23.0, electrs 0.9.8, c-lightning 0.11.2 and RTL v0.12.3.
Little bump for this guide. It's now all up-to-date again, with the latest version of every single piece of software.
I did walk through it in a VM, but can't start up most programs since they require Bitcoin Core to be up and running and fully synced, for which I don't have the space in the VM. But if someone's got a problem, I'll install it pruned, and debug it of course.. Smiley
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Little bump / PSA in case anyone is running this config / openSUSE node like me.

Since I chose to use Tor for the 'user facing' connections to the node, and because of the recent Tor vulnerability TROVE-2022-001 / CVE-2021-38385, you may experience issues connecting to your Electrum or C-Lightning interface.

It's easy to fix since openSUSE already has the package for latest stable release 0.4.7.8 ready and will install it by just doing a quick zypper update!

This will get you right back on track.
Code:
sudo zypper update
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
~ snip ~
Just curious, wouldn't that config has no effect since the default torrc configuration isn't technically enabled your node as a Tor exit relay and by default Tor already rejects it as a default config? or is there something to do with running the hidden service?
If that's the default config, then I reckon it's not needed. But better to have it than not; maybe default value will change in the future, so specifying it directly isn't a bad idea in general.
Creating a hidden service shouldn't set you up as an exit node, if that's not the default.
legendary
Activity: 1932
Merit: 1273
Would like to make a suggestion regarding Tor configuration.
It's just a bit for improved privacy which is to uncomment the following line in /etc/tor/torrc

Code:
ExitPolicy reject *:*
~

Thanks, but I did include it exactly because of this already!
[6] Add the following contents, preferably in the right section (somewhere where there's HiddenServiceDir stuff commented out).
Code:
HiddenServiceDir /var/lib/tor/electrs_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 50001 127.0.0.1:50001

ExitPolicy reject *:* # no exits allowed
Just curious, wouldn't that config has no effect since the default torrc configuration isn't technically enabled your node as a Tor exit relay and by default Tor already rejects it as a default config? or is there something to do with running the hidden service?

legendary
Activity: 3108
Merit: 7471
🔐Icarus CEO💳
as you have already seen and read here👉https://bitcointalksearch.org/topic/m.59271490, i have installed 2 rpi 4 in my triton case ... on the one runs the umbrel full node and what should be operated on the second rpi 4, i am still undecided and would like to read from you a few suggestions and opinions...
what would be in mind that i already run 2 full nodes on the second rpi 4 useful to install and start?

since in the actual thread still no one has reacted to my post, i quote my message and post it here in the higher-frequented thread with the hope to still get good suggestions Wink
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Thanks to n0nce who helped me in PMs! I now have my Lightning node working with RTL!
Just 1 thing to point out here for other readers: there was no issue with the guide; it should still be possible to follow it line by line and get everything working without problem.
In BlackHatCoiner's case it was simply stuff like permissions and group memberships which were different due to him running Debian instead of OpenSUSE and in general only having followed parts of the guide opposed to the whole thing; so some tweaks had to be made here and there.
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Thanks to n0nce who helped me in PMs! I now have my Lightning node working with RTL!
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Code:
sudo journalctl -f -u c-lightning-REST

Code:
bitcoin@raspibolt:~ $ sudo journalctl -f -u c-lightning-REST
-- Logs begin at Thu 2022-02-17 08:53:44 GMT. --
Feb 18 12:28:01 raspibolt node[2838]:     at emitErrorCloseNT (node:internal/streams/destroy:129:3)
Feb 18 12:28:01 raspibolt node[2838]:     at processTicksAndRejections (node:internal/process/task_queues:83:21) {
Feb 18 12:28:01 raspibolt node[2838]:   errno: -111,
Feb 18 12:28:01 raspibolt node[2838]:   code: 'ECONNREFUSED',
Feb 18 12:28:01 raspibolt node[2838]:   syscall: 'connect',
Feb 18 12:28:01 raspibolt node[2838]:   address: '/home/bitcoin/.lightning/bitcoin/lightning-rpc'
Feb 18 12:28:01 raspibolt node[2838]: }
Feb 18 12:28:01 raspibolt node[2838]: Node.js v17.5.0
Feb 18 12:28:01 raspibolt systemd[1]: c-lightning-REST.service: Main process exited, code=exited, status=1/FAILURE
Feb 18 12:28:01 raspibolt systemd[1]: c-lightning-REST.service: Failed with result 'exit-code'.
Feb 18 12:28:31 raspibolt systemd[1]: c-lightning-REST.service: Service RestartSec=30s expired, scheduling restart.
Feb 18 12:28:31 raspibolt systemd[1]: c-lightning-REST.service: Scheduled restart job, restart counter is at 7937.
Feb 18 12:28:31 raspibolt systemd[1]: Stopped c-lightning-REST daemon.
Feb 18 12:28:31 raspibolt systemd[1]: Started c-lightning-REST daemon.
Feb 18 12:28:31 raspibolt node[2879]: Reading config file
Feb 18 12:28:31 raspibolt node[2879]: WARN: /home/bitcoin/.lightning/lightning-rpc is missing, using the bitcoin mainnet subdirectory at /home/bitcoin/.lightning/bitcoin instead. error
Feb 18 12:28:32 raspibolt node[2879]: --- Starting the cl-rest server --- warn
Feb 18 12:28:33 raspibolt node[2879]: --- cl-rest api server is ready and listening on port: 3001 --- warn
Feb 18 12:28:33 raspibolt node[2879]: --- cl-rest doc server is ready and listening on port: 4001 --- warn
Feb 18 12:28:33 raspibolt node[2879]: Lightning client connection error error
Feb 18 12:28:33 raspibolt node[2879]: node:events:504
Feb 18 12:28:33 raspibolt node[2879]:       throw er; // Unhandled 'error' event
Feb 18 12:28:33 raspibolt node[2879]:       ^
Feb 18 12:28:33 raspibolt node[2879]: Error: connect ECONNREFUSED /home/bitcoin/.lightning/bitcoin/lightning-rpc
Feb 18 12:28:33 raspibolt node[2879]:     at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1157:16)
Feb 18 12:28:33 raspibolt node[2879]: Emitted 'error' event on LightningClient instance at:
Feb 18 12:28:33 raspibolt node[2879]:     at Socket. (/home/bitcoin/c-lightning-REST/lightning-client-js.js:77:23)
Feb 18 12:28:33 raspibolt node[2879]:     at Socket.emit (node:events:526:28)
Feb 18 12:28:33 raspibolt node[2879]:     at emitErrorNT (node:internal/streams/destroy:164:8)
Feb 18 12:28:33 raspibolt node[2879]:     at emitErrorCloseNT (node:internal/streams/destroy:129:3)
Feb 18 12:28:33 raspibolt node[2879]:     at processTicksAndRejections (node:internal/process/task_queues:83:21) {
Feb 18 12:28:33 raspibolt node[2879]:   errno: -111,
Feb 18 12:28:33 raspibolt node[2879]:   code: 'ECONNREFUSED',
Feb 18 12:28:33 raspibolt node[2879]:   syscall: 'connect',
Feb 18 12:28:33 raspibolt node[2879]:   address: '/home/bitcoin/.lightning/bitcoin/lightning-rpc'
Feb 18 12:28:33 raspibolt node[2879]: }
Feb 18 12:28:33 raspibolt node[2879]: Node.js v17.5.0
Feb 18 12:28:33 raspibolt systemd[1]: c-lightning-REST.service: Main process exited, code=exited, status=1/FAILURE
Feb 18 12:28:33 raspibolt systemd[1]: c-lightning-REST.service: Failed with result 'exit-code'.
legendary
Activity: 1932
Merit: 1273
Lightning dislikes me. Does anybody know why am I getting this when I start the RTL service?


I don't have OpenSUSE, but Raspbian. I've installed nodejs, cloned c-lightning-REST.git, installed it with npm, created both sample-cl-rest-config.json and cl-rest-config.json, edited the c-lightning-REST.service accordingly and started it.
Use below command to shows a better log about it:

Code:
sudo journalctl -f -u c-lightning-REST
legendary
Activity: 1344
Merit: 6415
Farewell, Leo
Lightning dislikes me. Does anybody know why am I getting this when I start the RTL service?


I don't have OpenSUSE, but Raspbian. I've installed nodejs, cloned c-lightning-REST.git, installed it with npm, created both sample-cl-rest-config.json and cl-rest-config.json, edited the c-lightning-REST.service accordingly and started it.
legendary
Activity: 1526
Merit: 6442
bitcoincleanup.com / bitmixlist.org
I should mention that With the exception of CentOS and Red Hat, Linux filesystems are prone to corruption on power failure so you will probably want to configure fsck(8 ) to run at evrey boot so that you do not get "Read-Only Filesystem" errors which will prevent you from writing to any of your mounted filesystems. In particular, it will prevent Bitcoin Core from running.

You can actually configure it to run from GRUB's config file:

1. Edit the /etc/default/grub file on Debian/Ubuntu. CentOS/RHEL/Fedora/Rocky/Alma Linux user edit the /etc/sysconfig/grub file.
2. Find line that read as GRUB_CMDLINE_LINUX_DEFAULT and append the fsck.mode=force. You may have other config options. Just add it between the quote marks. For example:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash fsck.mode=force"
[do not remove anything else from the string, just add fsck.mode=force at the end of the string]

3. To force all auto repair option including that may cause damage add the fsck.repair=yes option too.
4. Then run an sudo update-grub.

OpenSuse Leap uses btrfs filesystem which should also work with these instructions despite being written for ext4. That's because fsck will automatically call the correct command for the filesystem.
hero member
Activity: 1176
Merit: 647
I rather die on my feet than to live on my knees
Code:
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1

I know about this but still, I had problems with Tor, and after adding my user name to debian-tor, the problem was fixed!
legendary
Activity: 2828
Merit: 7315
Are there any good reason/advantage by adding your username to tor group? Personally i almost never see any guide doing it and when they do, there's no detailed explanation.
At least in some Debian based distros, if your username is not in this group, the hidden service cannot read the AuthCookieFile. It happened to me and at least to @BlackHatCoiner. We fixedd his Tor issues by only adding his user to debian-tor group.

Thanks for the info. I also checked cookie file on my debian virtual machine and the debian-tor appear as both owner/group of the cookie file with 640 permission.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
So, I checked my node again.
It's not needed with my guide, since I simply don't use CookieAuthentication.

Instead, I have these more compact, readable 3-liners for each service. In my opinion easier to understand what's going on, modify if needed and less modifications to the system.
[2] Create another Tor hidden service for C-Lightning. Similar procedure as before.
Code:
sudo nano /etc/tor/torrc

[3] Below the other hidden service, add this info for Lightning.
Code:
HiddenServiceDir /var/lib/tor/lightningd_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 9735 127.0.0.1:9735

The official C-Lightning guide would have you do:
Code:
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1

You also need to make your user a member of the Tor group.

If it's somehow possible to avoid opening any type of port and changing any types of permissions, I usually avoid it. Wink
hero member
Activity: 1176
Merit: 647
I rather die on my feet than to live on my knees
One other step I can't see is adding the username to tor group. At least in Debiana based distros, it's usually needed!
Something like
usermod -a -G myUserName debian-tor

I didn't see this step. Hope I didn't miss it!

Are there any good reason/advantage by adding your username to tor group? Personally i almost never see any guide doing it and when they do, there's no detailed explanation.
At least in some Debian based distros, if your username is not in this group, the hidden service cannot read the AuthCookieFile. It happened to me and at least to @BlackHatCoiner. We fixedd his Tor issues by only adding his user to debian-tor group.
legendary
Activity: 2828
Merit: 7315
One other step I can't see is adding the username to tor group. At least in Debiana based distros, it's usually needed!
Something like
usermod -a -G myUserName debian-tor

I didn't see this step. Hope I didn't miss it!

Are there any good reason/advantage by adding your username to tor group? Personally i almost never see any guide doing it and when they do, there's no detailed explanation.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
One other step I can't see is adding the username to tor group. At least in Debiana based distros, it's usually needed!
Something like
usermod -a -G myUserName debian-tor

I didn't see this step. Hope I didn't miss it!
I didn't do it since it wasn't needed.. Grin
I know most guides do it, but if it works without, I prefer to omit it - keeping everything simple & lean as possible is my mantra!
hero member
Activity: 1176
Merit: 647
I rather die on my feet than to live on my knees
One other step I can't see is adding the username to tor group. At least in Debiana based distros, it's usually needed!
Something like
usermod -a -G myUserName debian-tor

I didn't see this step. Hope I didn't miss it!
hero member
Activity: 1176
Merit: 647
I rather die on my feet than to live on my knees
Would like to make a suggestion regarding Tor configuration.
It's just a bit for improved privacy which is to uncomment the following line in /etc/tor/torrc

Code:
ExitPolicy reject *:*

This will prevent your node to be an exit node in the Tor network. Being an exit node allows for 3rd parties to get certain info from your node.
Read more here, if interested:
Section Exit node eavesdropping
https://en.wikipedia.org/wiki/Tor_(network)

Or also here:
https://medium.com/coinmonks/tor-nodes-explained-580808c29e2d

Thanks, but I did include it exactly because of this already!
[6] Add the following contents, preferably in the right section (somewhere where there's HiddenServiceDir stuff commented out).
Code:
HiddenServiceDir /var/lib/tor/electrs_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 50001 127.0.0.1:50001

ExitPolicy reject *:* # no exits allowed

I guess I missed it! Good job!
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Would like to make a suggestion regarding Tor configuration.
It's just a bit for improved privacy which is to uncomment the following line in /etc/tor/torrc

Code:
ExitPolicy reject *:*

This will prevent your node to be an exit node in the Tor network. Being an exit node allows for 3rd parties to get certain info from your node.
Read more here, if interested:
Section Exit node eavesdropping
https://en.wikipedia.org/wiki/Tor_(network)

Or also here:
https://medium.com/coinmonks/tor-nodes-explained-580808c29e2d

Thanks, but I did include it exactly because of this already!
[6] Add the following contents, preferably in the right section (somewhere where there's HiddenServiceDir stuff commented out).
Code:
HiddenServiceDir /var/lib/tor/electrs_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 50001 127.0.0.1:50001

ExitPolicy reject *:* # no exits allowed
hero member
Activity: 1176
Merit: 647
I rather die on my feet than to live on my knees
Would like to make a suggestion regarding Tor configuration.
It's just a bit for improved privacy which is to uncomment the following line in /etc/tor/torrc

Code:
ExitPolicy reject *:*

This will prevent your node to be an exit node in the Tor network. Being an exit node allows for 3rd parties to get certain info from your node.
Read more here, if interested:
Section Exit node eavesdropping
https://en.wikipedia.org/wiki/Tor_(network)

Or also here:
https://medium.com/coinmonks/tor-nodes-explained-580808c29e2d
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Friendly bump for anyone who wanted to finish their install with me and was still missing RTL!
It's not even that bad that I postponed it until now, because from the latest version of RTL, it supports C-Lightning offers in an 'experimental' stage.

Topic for testing Offers!
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Changelog:

29.11.2021: Update guide for electrs 0.9.3 and c-lightning 0.10.2
30.01.2022: Add RTL install instructions
17.07.2022: Update guide -- all latest versions! Bitcoin Core v23.0, electrs 0.9.8, c-lightning 0.11.2 and RTL v0.12.3.
22.08.2022: Update guide -- all latest versions! Bitcoin Core v23.0, electrs 0.9.9, Core Lightning v0.11.2 and RTL v0.13.0.
16.03.2023: Update guide -- latest versions except Core... (to-do): electrs 0.9.12, Core Lightning v23.02.2 and RTL v0.13.6.
26.06.2023: Update guide -- all latest versions! Bitcoin Core v25.0, electrs 0.9.12, Core Lightning v23.05.1 and RTL v0.14.0.
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Ride The Lightning (RTL) GUI
I will preface the RTL install instruction: it is not required to run and manage C-Lightning nodes, but it makes a lot of things a lot simpler. And of course it's graphical opposed to the purely command-line based C-Lightning interface. Unfortunately, it is based on NodeJS, which many people find is bloated, that should also be kept in mind. So unless you need it, you can omit RTL in the beginning.

Also another remark: You can install c-lightning-REST as a C-Lightning plugin, which is a pretty cool feature of C-Lightning (ability to add features as plugins), however I recommend installing as services, since it makes it easier to restart them without restarting C-Lightning all the time (which is not optimal).

Part 1: Installing the backend - c-lightning-REST

[1] Install dependencies
Check out the latest non-development nodejs version in the package manager:
Code:
sudo zypper search nodejs

At the time of writing, it is version 16.
Code:
S | Name                    | Summary                                    | Type
--+-------------------------+--------------------------------------------+-----------
  | nodejs-common           | Common files for the NodeJS ecosystem      | package
  | nodejs-default          | Default version of nodejs                  | package
  | nodejs-devel-default    | Headers for default version of nodejs      | package
  | nodejs-emojione         | A set of emojis designed for the web       | package
  | nodejs-emojione-awesome | Emojione templates                         | package
  | nodejs-emojione-demo    | EmojiOne Demos                             | package
  | nodejs-emojione-meteor  | EmojiOne utility for Meteor                | package
  | nodejs-emojione-python  | EmojiOne utility for Python                | package
  | nodejs-emojione-swift   | EmojiOne utility for swift                 | package
  | nodejs-packaging        | Node.js Dependency generators for openSUSE | package
  | nodejs-underscore       | A utility belt library for JavaScript      | package
  | nodejs10                | Evented I/O for V8 JavaScript              | package
  | nodejs10                | Evented I/O for V8 JavaScript              | srcpackage
  | nodejs10-devel          | Development headers for NodeJS 10.x        | package
  | nodejs10-docs           | Node.js API documentation                  | package
  | nodejs12                | Evented I/O for V8 JavaScript              | package
  | nodejs12                | Evented I/O for V8 JavaScript              | srcpackage
  | nodejs12-devel          | Development headers for NodeJS 12.x        | package
  | nodejs12-docs           | Node.js API documentation                  | package
  | nodejs14                | Evented I/O for V8 JavaScript              | package
  | nodejs14                | Evented I/O for V8 JavaScript              | srcpackage
  | nodejs14-devel          | Development headers for NodeJS 14.x        | package
  | nodejs14-docs           | Node.js API documentation                  | package
  | nodejs16                | Evented I/O for V8 JavaScript              | srcpackage
  | nodejs16                | Evented I/O for V8 JavaScript              | package
  | nodejs16-devel          | Development headers for NodeJS 16.x        | package
  | nodejs16-docs           | Node.js API documentation                  | package
  | nodejs8                 | Evented I/O for V8 JavaScript              | package
  | nodejs8                 | Evented I/O for V8 JavaScript              | srcpackage
  | nodejs8-devel           | Development headers for NodeJS 8.x         | package
  | nodejs8-docs            | Node.js API documentation                  | package

Install the non-development version.
Code:
sudo zypper install nodejs16

[2] While still in your privileged user, check if ports 3001 and 4001 are already in use (shouldn't be), as follows. If the commands return nothing, you're clear.
Code:
sudo lsof -i :3001
sudo lsof -i :4001
Otherwise, try other high port numbers. Best would be to refer to Wikipedia to make sure you're not going to conflict with another webservice of sorts on your machine. Again try with the sudo lsof -i[tt/] command as shown and note two ports of your choice.

[3] Clone the c-lightning-REST repository and check out the latest version.
Code:
su - bitcoin
git clone https://github.com/Ride-The-Lightning/c-lightning-REST.git
cd c-lightning-REST
git checkout v0.10.4

[4] Install this version in 'production' mode.
Code:
npm install --only=prod

[5] Create new config file from sample config and leave all values on their defaults for now.
Code:
cp sample-cl-rest-config.json cl-rest-config.json

[6] If you got an issue in step 2 with ports 3001 and / or 4001 already in use, open the file cl-rest-config.json now and change the values to the ones you chose and verified were clear to use. Otherwise you can skip this step.
Code:
nano cl-rest-config.json

[7] Log out of unprivileged bitcoin account and create a service file.
Code:
exit
sudo nano /usr/lib/systemd/system/c-lightning-REST.service

[8] Add the following contents:
Code:
[Unit]
Description=c-lightning-REST daemon
Wants=lightningd.service
After=lightningd.service

[Service]
ExecStart=/usr/bin/node /home/bitcoin/c-lightning-REST/cl-rest.js
WorkingDirectory=/home/bitcoin/c-lightning-REST
User=bitcoin
Group=users
Restart=always
TimeoutSec=120
RestartSec=30

[Install]
WantedBy=multi-user.target

[9] Enable and start the c-lightning-REST service.
Code:
sudo systemctl enable c-lightning-REST.service
sudo service c-lightning-REST start

[10] Check that the service is running and everything's fine so far. Exit by just typing the letter Q.
Code:
sudo service c-lightning-REST status



Part 2: Installing the frontend - RTL

[1] Change back into unprivileged bitcoin user and clone the repository. Also going to check out the latest release.
Code:
su - bitcoin
git clone https://github.com/Ride-The-Lightning/RTL.git
cd RTL
git checkout v0.14.0

[2] Install requests dependency and RTL in production mode.
Code:
npm install request --save
npm install --only=prod --legacy-peer-deps

[3] Create a new configuration file and open it up.
Code:
nano RTL-Config.json

[4] Enter the following.
Code:
{
  "multiPass": "password",
  "port": "3000",
  "SSO": {
    "rtlSSO": 0,
    "rtlCookiePath": "",
    "logoutRedirectLink": ""
  },
  "nodes": [
    {
      "index": 1,
      "lnNode": "c-lightning",
      "lnImplementation": "CLT",
      "Authentication": {
        "macaroonPath": "/home/bitcoin/c-lightning-REST/certs/"
      },
      "Settings": {
        "userPersona": "OPERATOR",
        "themeMode": "NIGHT",
        "themeColor": "PURPLE",
"channelBackupPath": "/home/bitcoin/RTL/",
        "bitcoindConfigPath": "/home/bitcoin/.bitcoin/",
        "logLevel": "INFO",
        "fiatConversion": false,
        "lnServerUrl": "https://127.0.0.1:3001/v1"
      }
    }
  ]
}

[5] Change to privileged account to create a new service file for RTL.
Code:
exit
sudo nano /usr/lib/systemd/system/RTL.service

[6] Enter the following.
Code:
[Unit]
Description=RTL daemon
Wants=c-lightning-REST.service
After=c-lightning-REST.service

[Service]
ExecStart=/usr/bin/node /home/bitcoin/RTL/rtl.js
User=bitcoin
Group=users
Restart=always
TimeoutSec=120
RestartSec=30

[Install]
WantedBy=multi-user.target

[7] Activate and install the service.
Code:
sudo systemctl enable RTL.service
sudo service RTL start

[8] Make sure the service is up and running correctly.
Code:
sudo service RTL status

[9] If you just want to access RTL on the node itself, visit a web browser and type localhost:3000. Otherwise, either open port 3000 to access the node in your local network or proceed with the next step to tunnel this again through Tor!

[10] Open torrc and add the following below the previously installed Tor hidden services.
Code:
sudo nano /etc/tor/torrc

Code:
HiddenServiceDir /var/lib/tor/rtl_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 3000 127.0.0.1:3000

[11] Restart Tor and retrieve the Tor URL for RTL.
Code:
sudo service tor restart
sudo cat /var/lib/tor/rtl_hidden_service/hostname

[12] You can now access Ride The Lightning from anywhere through Tor Browser, on Desktop and even Mobile!

Simply type in the [mumbojumbo].onion:3000 address from step 11. Highly recommend to bookmark it or otherwise save it, since you can't probably memorize it! Wink

[13] VERY IMPORTANT! Changing the password. By default, it is password. Change it to something secure and add 2FA through an open-source 2FA application (not Google Authenticator).



Part 3 (optional): Hardening
This is a version 3 hidden service, so it cannot be found in any way unlike servers in the clearnet or Tor v2. You also have authentication within RTL. If you don't deem this secure enough though, you can set up client authentication, which involves generating a shared secret and setting it up on both the node and the client (Tor browser or Tor service on client computer).

I am not trying this, since I find Onion v3 addresses good enough, especially when paired with a secure password and 2FA code.
If you still want it (e.g. multiple BTC in channels, etc.), here's a guide I found:
https://matt.traudt.xyz/posts/2019-01-19-creating-private-v3-onion-services/

I also archived it twice, since I saw this guy already moved his blog once in the past.
https://archive.fo/80CN4
https://web.archive.org/web/20220130032823/https://matt.traudt.xyz/posts/2019-01-19-creating-private-v3-onion-services/

Instead of doing this, I would simply turn off RTL via service when not needed (C-Lightning will obviously continue running) as shown.
Code:
sudo service RTL stop

Turning it back on for completeness:
Code:
sudo service RTL start
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
C-Lightning
[1] Install dependencies
Code:
sudo zypper install sqlite3-devel gmp-devel zlib-devel python3-Mako gettext-tools

echo -e '#!/bin/sh\ntouch $2\nexit 0' | sudo tee /usr/local/bin/mrkd
sudo chmod 755 /usr/local/bin/mrkd

[2] Create another Tor hidden service for C-Lightning. Similar procedure as before.
Code:
sudo nano /etc/tor/torrc

[3] Below the other hidden service, add this info for Lightning.
Code:
HiddenServiceDir /var/lib/tor/lightningd_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 9735 127.0.0.1:9735

[4] Then restart Tor and retrieve the new v3 Tor hostname for your Lightning installation. Copy it somewhere so you have it handy in step 7.
Code:
sudo service tor restart
sudo cat /var/lib/tor/lightningd_hidden_service/hostname

[5] Log into bitcoin user and download + build Lightning. v23.05.1 needs to be set to the currently latest version.
Code:
su - bitcoin
git clone https://github.com/ElementsProject/lightning.git
cd lightning
git checkout v23.05.1

pip3 install --upgrade pip
pip3 install mako mistune==0.8.4 mrkd

./configure
make -j $(nproc)

[6] Create Lightning config.
Code:
mkdir -p /home/bitcoin/.lightning/bitcoin
nano /home/bitcoin/.lightning/bitcoin/lightningd.conf

[7] Enter the following. Alias can be chosen at will! Smiley Replace onion_address_you_got with the hidden service hostname you got in step 4!
Code:
daemon
alias=alias_for_your_node
network=bitcoin
log-level=debug
log-file=/home/bitcoin/.lightning/debug.log

# incoming via tor
bind-addr=127.0.0.1:9735
announce-addr=onion_address_you_got.onion

# outgoing via tor
proxy=127.0.0.1:9050
always-use-proxy=true

[8] Log back out of the unprivileged bitcoin account to install Lightning and create the service.
Code:
exit
cd /home/bitcoin/lightning
sudo git config --global --add safe.directory /home/bitcoin/lightning
sudo git config --global --add safe.directory /home/bitcoin/lightning/external/libwally-core
sudo make install

sudo nano /usr/lib/systemd/system/lightningd.service

[9] In the service file, we need the following contents.
Code:
[Unit]
Description=C-Lightning daemon
Requires=bitcoind.service
After=bitcoind.service
Wants=network-online.target
After=network-online.target

[Service]
ExecStart=/usr/local/bin/lightningd --daemon --conf /home/bitcoin/.lightning/bitcoin/lightningd.conf

User=bitcoin
Group=users
Type=forking
Restart=on-failure

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target

[10] Start the Lightning service
Code:
sudo systemctl enable lightningd.service
sudo service lightningd start

[11] To check if it's running, we can use the lightning-cli command as bitcoin user with any of its parameters.
Code:
su - bitcoin
lightning-cli getinfo
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
electrs
Since one of the main benefits of running a full node is privacy during transaction & address lookup, an Electrum server is needed. Otherwise you'd have to query using Bitcoin Core all the time and can't just use your mobile and desktop applications for that.

[1] Install dependencies, make sure you're logged into your sudoer account and not in bitcoin.
Code:
sudo zypper install clang cargo rust tor libstdc++6-devel-gcc11

[2] Download and build electrs as bitcoin. It took my machine around 10 minutes.
Code:
su - bitcoin
git clone https://github.com/romanz/electrs
cd electrs
cargo build --locked --release --no-default-features
mkdir database

[3] Create electrs config file
Code:
nano electrs.toml

[4] Enter the following:
Code:
cookie_file = "/home/bitcoin/.bitcoin/.cookie"

# The listening RPC address of bitcoind, port is usually 8332
daemon_rpc_addr = "127.0.0.1:8332"

# The listening P2P address of bitcoind, port is usually 8333
daemon_p2p_addr = "127.0.0.1:8333"

# Directory where the index should be stored. It should have at least 70GB of free space.
db_dir = "/home/bitcoin/electrs/database"

# bitcoin means mainnet. Don't set to anything else unless you're a developer.
network = "bitcoin"

# How much information about internal workings should electrs print. Increase before reporting a bug.
log_filters = "INFO"

[5] Log back out into your sudo account, and open the Tor config file.
Code:
exit
sudo nano /etc/tor/torrc

[6] Add the following contents, preferably in the right section (somewhere where there's HiddenServiceDir stuff commented out).
Code:
HiddenServiceDir /var/lib/tor/electrs_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 50001 127.0.0.1:50001

ExitPolicy reject *:* # no exits allowed

[7] Start up Tor and fetch your electrs Tor hostname. The hostname can then be entered in wallets like Wasabi and BlueWallet settings.
Code:
sudo systemctl enable tor.service
sudo service tor restart
sudo cat /var/lib/tor/electrs_hidden_service/hostname

[8] Create a service so electrs starts on startup
Code:
sudo nano /usr/lib/systemd/system/electrs.service

[9] Enter this information
Code:
[Unit]
Description=Electrs
After=bitcoind.service

[Service]
WorkingDirectory=/home/bitcoin/electrs
ExecStart=/home/bitcoin/electrs/target/release/electrs
User=bitcoin
Group=users
Type=simple
KillMode=process
TimeoutSec=60
Restart=always
RestartSec=60

[Install]
WantedBy=multi-user.target

[10] Start the service
Code:
sudo systemctl enable electrs.service
sudo service electrs start

[11] Check that it's running. This should return the electrs version.
Code:
echo '{"jsonrpc": "2.0", "method": "server.version", "params": ["", "1.4"], "id": 0}' | netcat 127.0.0.1 50001
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Bitcoin Core
[1] Install prerequisites:
Code:
sudo zypper addrepo https://download.opensuse.org/repositories/devel:languages:python:Factory/openSUSE_Leap_15.3/devel:languages:python:Factory.repo
sudo zypper refresh

sudo zypper -v install git python310 make automake autoconf gcc9 gcc9-c++ libtool libevent-devel libdb-4_8-devel
sudo zypper -v install libboost_filesystem-devel libboost_program_options-devel libboost_system-devel libboost_test-devel libboost_thread-devel

sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 20

sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 30
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-9 30
sudo update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++-9 30

[2] Switch to unprivileged bitcoin user. Commands should output bitcoin (user) and /home/bitcoin (working directory)
Code:
su - bitcoin
whoami
pwd

[3] Download & build Bitcoin Core. v25.0 parameter needs to be adapted to the latest version whenever you read this guide.
Code:
git clone https://github.com/bitcoin/bitcoin.git
cd bitcoin
git checkout v25.0
./autogen.sh
./configure
make -j $(nproc)

[4] Create random username and password to access core via RPC.
Code:
cd share/rpcauth/
python3 rpcauth.py the_username_of_the_user_you_want cleartext_password_unique_long

[4.1] Delete history, otherwise the password remains in history file in cleartext.
Code:
history -c
history -w

[5] Create Bitcoin config file
Code:
mkdir ~/.bitcoin
nano ~/.bitcoin/bitcoin.conf

[6] Fill it like follows:
Code:
daemon=1
server=1
maxmempool=50
mempoolexpiry=2
rpcauth=user_chose_in_step_4:hash_created_in_step_4
dbcache=2048
banscore=10
datadir=/home/bitcoin/.bitcoin/

[7] Exit back to admin account
Code:
exit

[8] Install Bitcoin
Code:
cd /home/bitcoin/bitcoin
sudo make install
cd

[9] Still logged in as sudoer, create Bitcoin service:
Code:
sudo nano /usr/lib/systemd/system/bitcoind.service

[10] Contents should be like shown:
Code:
[Unit]
Description=Bitcoin daemon
After=network.target

[Service]
ExecStart=/usr/local/bin/bitcoind -daemon -conf=/home/bitcoin/.bitcoin/bitcoin.conf

# Make sure the config directory is readable by the service user
PermissionsStartOnly=true

# Process management
####################

Type=forking
Restart=on-failure

# Directory creation and permissions
####################################

# Run as bitcoin:bitcoin
User=bitcoin
Group=users

# Hardening measures
####################

# Provide a private /tmp and /var/tmp.
PrivateTmp=true

# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full

# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true

# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true

# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target

[11] Enable & start service
Code:
sudo systemctl enable bitcoind.service
sudo service bitcoind start

[12] Check if running
Code:
tail -f /home/bitcoin/.bitcoin/debug.log

[13] Exit with CTRL+C, now wait for many moons (or hours) for the IBD to finish.
To check on the progress, you may use the tail command from before again or check disk utilization.
Code:
du -h /home/bitcoin/.bitcoin/blocks

After initial block download is finished, bitcoin-cli getblockchaininfo should return 99.999% verification like this.
Code:
"verificationprogress": 0.9999999999,
"initialblockdownload": false

As alluded to in the start post, IBD was going for around a week and still under 50%. Then I bought a second stick of 4GB RAM, look what happened.
For now, I would like to share my experience with a node that I've setup a few days ago. It is one of my nodes that needed a bit of maintenance; it was quite cluttered and had outdated software so I rebuilt it from scratch. I will also post a guide about it soon (OpenSUSE node walkthrough).
The hardware is a laptop motherboard with 4GB RAM and 2 500GB HDDs.
After it had taken almost a week to achieve ~40% sync, it was going super slow; around 1-2% a day, so I thought it may be a good idea to just plop in a second stick of RAM and see if it does anything. I kind of expected something to happen, but I was astonished at the speed it was going at afterwards! The HDD arm was moving much less now (audible difference); I suspect it was swapping a ton before, and the log was literally flying.

Here's a graph of some measurements I took; I let you guys guess at which point in time I upgraded the node from 4GB to 8GB Cheesy


hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
openSUSE
Setting up openSUSE is analogous to any other Linux install; I would just recommend to go with the Leap version for stability instead of rolling-release Tumbleweed option.
For Sysadmins, Enterprise Developers, and ‘Regular’ Desktop Users
Regular release with the benefits of both enterprise-grade engineering and community-developed innovation.

Simply download the ISO and checksum here:
https://get.opensuse.org/leap/#download
And verify it on your local machine. Instructions can be found here:
https://www.suse.com/support/security/download-verification/

After installing openSUSE on the target machine, setup a Bitcoin user
Code:
sudo useradd -m bitcoin
sudo passwd bitcoin

Restrict sudo access to your administrator user account by editing sudoers via visudo:
Code:
sudo visudo

Go to the line that looks like:
Code:
root ALL=(ALL) ALL

And add another line like follows. Replace your_user with your 'admin' account which will be the only sudo-capable account.
Code:
your_user ALL=(ALL) ALL

Further edit the file to prevent the unprivileged bitcoin user to execute sudo commands, even if it has a root user's password.
The last two lines must be commented out like shown.
Code:
## In the default (unconfigured) configuration, sudo asks for the root password.
## This allows use of an ordinary user account for administration of a freshly
## installed system. When configuring sudo, delete the two
## following lines:
#Defaults targetpw   # ask for the password of the target user i.e. root
#ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
hero member
Activity: 868
Merit: 5808
not your keys, not your coins!
Since I wanted to rebuild one of my full nodes anyway, and like to experiment with different distro's, this time I went for OpenSUSE. It's enterprise-ready software with long-term support and should be very stable. Perfect for a Bitcoin node!

Disclaimers: I used @mocacinno's great centos 7 guide in parts and he generously helped me with some SUSE issues as well, so I want to give credit for that. His walkthrough is very good, but CentOS 7 is now outdated and I also wanted to add Electrum as well as configuring Electrum & C-Lightning to use Tor.

I opted to configure Electrum and C-Lightning to just use Tor. I find this the best way for privacy, circumventing NAT issues (home networks) and it has built-in encryption thus requiring no TLS certificates.
Finally, your eyes might be bleeding looking at all the nano commands. I myself obviously prefer vim, but someone who isn't familiar with it might prefer nano instead, that's why I wrote it down like this.

The hardware is quite low-end stuff, which goes to show that even a cheap node can run the 'full stack' Smiley
  • Intel® Core™ i3-2328M -- 2 cores, 4 threads, 2.2GHz
  • 8GB RAMI started with 4GB, the additional 4 sped up the IBD a ton
  • 2x 500GB HDDsNow 1TB SSD with OS and software & blockchain still on 500GB HDD
  • Regular broadband internet connection & LAN, nothing fancy

Note: By now, I switched to a 1TB SSD. Since then, the electrum server (still through Tor) is super snappy. My clients seem to connect and refresh much quicker. It still takes a bit longer than through clearnet, but Tor is hassle-free and secure.

mocacinno's remarks apply here as well:
some remaks:
  • i didn't document the firewall rules, because there are several possible firewall-implementations, and basically, if i'd have to go into the details of setting up firewallrules, i'd need a completely seperate firewall tutorial alltogether. If you have a clean (unused) VPS or you're installing a server in your HOME network (behind your own firewall), you *might* want to disable the firewall for testing puposes (re-enable it afterwards tough!!!)
  • i didn't document the backup procedures. Always make sure you backup wallets, seeds,...
  • no guarantee... If you follow these steps and lose money: don't blame me
  • no help... Sure, i might try to help you out if you run into problems, but i'm under no obligation to do so. Best effort only, and only when i have time to help you
  • no docker. Sure, docker is great, but if you run docker containers, you'll never know what's under the hood Smiley. It's easy to download and spin up a docker container, but you'll learn little (or nothing). Don't get me wrong, if you're building your own containers or if you don't want to learn how to setup your service, docker is great... Just not if you want to get your hands dirty Smiley
  • bitcoin core, c-lightning and RTL are built from source in this walktrough... It's up to you to periodically perform updates (not only for these binaries, but for all packages on your system)
  • this tutorial is a work in progress... There are many other steps (hardening, cleanup,...) that could happen. I'll probably edit these steps when i get input, or when i think about something myself. This is also why i split up this thread, this way every step has the chance/space to grow in the future...

Software list
Bitcoin Core: Reference implementation of Bitcoin, fully verified, keeps whole blockchain, requires no trust.
ElectRS: Lightweight Electrum implementation - get privacy for your SPV wallets!
C-Lightning: Lightweight Lightning Network implementation - instant and cheap BTC payments.
Ride The Lightning: Lightning management GUI, accessible via LAN from other devices in the network.



My C-Lightning backup guide can now be found here:
https://bitcointalksearch.org/topic/guide-c-lightning-backup-guide-5384133



How to update your node:
https://bitcointalksearch.org/topic/m.61920456
Jump to: