Author

Topic: Raspberry Pi 2 B - Prep, Hardening and Full Bitcoin Node Procedures (Read 5486 times)

newbie
Activity: 6
Merit: 1
Do you have an updated guide for the new raspberry pi 4 - 4 gigs of ram?

Tips on tuning the node to make better use of higher upstream and downstream bandwidth, increasing connections, etc?
full member
Activity: 135
Merit: 100
Zettel-Dolphin
thanks for this guide. I started using it a while ago, and it is very helpful.
hero member
Activity: 679
Merit: 507
Hello.

This is the better guide that I see for node in rPI, thanks, but I would like that you update it with he new version of bitcoin core, ASAP.

Today we can download the new version 0.12.0 and I Would like update it.

Thank you in advance.
Best regards.
Antuam.

up. no news for 0.12.0 or 0.12.1 version of bitcoin core ?? I think it's difficult to install because QT version is pasted to V5.5 (for 0.11 version, it's QT V4)

=> $ sudo apt-get install qt4-dev-tools libprotobuf-dev protobuf-compiler libqrencode-dev

How to install QT V5.5 on raspberry ?
legendary
Activity: 1722
Merit: 1005
Hello.

This is the better guide that I see for node in rPI, thanks, but I would like that you update it with he new version of bitcoin core, ASAP.

Today we can download the new version 0.12.0 and I Would like update it.

Thank you in advance.
Best regards.
Antuam.
member
Activity: 78
Merit: 10
Recent testing has shown that using the ext4 file system is not able to support the heavy load of Bitcoin Core (~/.bitcoin) causing file corruption after minutes or a few hours of use and resulting in requiring a re-download of the block chain again or re-side loading it from another system. Formatting the dedicated MicroSD or SSD External Storage supporting Bitcoin Core using the Flash Friendly File System (f2fs) has resolved this problem allowing for stable 24/7 operations. The procedure above has been updated to reflect this change.

I have also just completed implementing a Full Bitcoin Node on the Raspberry Pi using Ubuntu Mate v11.10 (Wily) and Bitcoin Core 0.11.2. The procedures were similar. The Make did not error with the leveldb library so this section can be skipped above if running these versions: 'Compile leveldb Library'. In my opinion, Ubuntu is so much smoother and refined and I prefer this over Raspbian.

-Ondart
member
Activity: 78
Merit: 10

I have updated the procedures above with new sections as follows:

SSD Performance Tuning – TRIM the SSD
SSD Performance Tuning – Disable SSD 'noatime'


I have added a bash script to automate side loading the block chain to an SSD

Optional Automated Sideload Script

-Ondart
member
Activity: 78
Merit: 10

I run Bitcoin Core on my Ubuntu system and I was able to configure bitcoin.conf on it and my Pi and used the addnode parameter to tell my system to connect to my Raspberry Pi Bitcoin Full Node that is on the same subnet. Network traffic shows it's pulling the blocks mostly from my Pi due to lower latency. I'll be adding a new section to the procedures above soon for this.

-Ondart
member
Activity: 78
Merit: 10
Tymothy, glad you resolved the slow issue. I wanted to see if my Pi could pull down the entire block chain and it was unsuccessful. It would die after 24 hours and I would have to keep restarting it. I finally just side loaded the entire ~/.bitcoin folder from my Ubuntu system onto the Pi SSD and then the Bitcoin-Qt worked like a charm and it runs hands off 24/7 now.

-Ondart
full member
Activity: 224
Merit: 100
Ah! Fixed my slowness a bit I opened the debug window and used "reconsiderblock" followed by the hash number for the block. it had been stuck at. The CPU utilization went way up, then bitcoin-qt crashed. Restarted at a slower overclock and it seems to be chugging along.
full member
Activity: 224
Merit: 100
Thanks for this. I've been trying to get a node up and running myself here. Very slow to sync, maybe a few weeks of blockchain history per day. I'm on a decent connection, ports are properly opened and I see lots of peers. CPU usually runs at under 10%. Set the cache to 500 MB, tried to increase the swap file to 2 GB, stably overclocked to 1100 mhz but not much luck with faster syncs. I'm trying to figure out my real bottle neck.

I'm using a 32 GB SanDisk Ultra: http://www.amazon.com/gp/product/B010Q57T02?psc=1&redirect=true&ref_=oh_aui_detailpage_o00_s00

As well as a 128 GB Cruzer Ultra Fit: http://www.amazon.com/SanDisk-Ultra-128GB-Flash-SDCZ43-128G-G46/dp/B00YFI1EBC/ref=sr_1_5?s=pc&ie=UTF8&qid=1445887029&sr=1-5&keywords=cruzer+ultra+fit

And a Wifi N dongle.

Now I realize the Cruzer Ultra fit doesn't have great sustained write performance. I guess I thought my connection + the USB 2.0 interface on the RPi was such a bottleneck it wouldn't make sense investing in a really fast USB 3.0 drive, and I liked the compact size.

What's my biggest bottleneck here, probably? Would hooking this up to Ethernet improve performance since all the USB ports are limited to one bandwidth? If it's the USB drive, what do you think about a cheap SSD like this: http://www.amazon.com/dp/B00EZ2FRU2/ref=twister_B00PB9BSIS?_encoding=UTF8&psc=1

At some point this does get economically inefficient. For the price of the USB drive alone I could buy an old windows Atom netbook with a bigger drive and 2 GB of RAM- an all in one node solution. Now I'll admit this is a hobby project for me, but it does seem a bit wasteful to go about buying this high bandwidth stuff the RPi2 can't really take fully advantage over.
copper member
Activity: 2898
Merit: 1465
Clueless!

No problem Searing. I'll help if I can. if you find something that would make this procedure more accurate I'd like your input also. I'm going to be cloning my MicroSD (the OS) next into a 32 GB Sandisk MicroSD that I bought and that just shipped from Amazon. I'm going to add imaging the current MicroSD that came with the Pi for backup on my other computer and then restoring it to the new 32 GB MicroSD next. When it wears out eventually, it will be a quick fix and I'll have the image file for a backup also.



Sounds good. I have managed to get stuff setup up to FINALLY getting up the bitseeds v2 node I got in MAY (yeah I know but between keeping the Titan(s) up and other stuff kept putting it off). To tell the truth only putting these nodes up as a 'pacifier' for when my Titan(s) become doorstops and home mining is dead for me. (13c kwh it is gonna go zombie soon imho)

So......got to have SOMETHING to run 24/7 I can putty into..if for no other reason then will have 2 old laptops with linux unbuntu sitting there ready to do so ..when miners 'brick out'

So the bitcoin node I'm set. For me it will be a litecoin node on my raspberry pi 2 B (the newest one) that and 2 Sidehack Gekko BTC miners 8gh usb sticks at 25 bucks each I will have SOMETHING still flickering on the Home Inet with crypto as my 'legacy' to my lost home mining.  (sigh so hard ...will be like putting down the family dog shutting down these miners)
anyway I'm so clueless I probably will yell for help on putting up the bitseed v2 node and 'supposedly' that is 'idiot' proof Smiley

member
Activity: 78
Merit: 10

No problem Searing. I'll help if I can. if you find something that would make this procedure more accurate I'd like your input also. I'm going to be cloning my MicroSD (the OS) next into a 32 GB Sandisk MicroSD that I bought and that just shipped from Amazon. I'm going to add imaging the current MicroSD that came with the Pi for backup on my other computer and then restoring it to the new 32 GB MicroSD next. When it wears out eventually, it will be a quick fix and I'll have the image file for a backup also.
copper member
Activity: 2898
Merit: 1465
Clueless!
This seems like quite a guide! Good work. Can't wait to see the 2nd part...

Yep fine work. Be prepared for me to yell for help. If I can manage to get around to doing this.

(so many projects ....so little time) Smiley
legendary
Activity: 1512
Merit: 1012
This seems like quite a guide! Good work. Can't wait to see the 2nd part...
member
Activity: 78
Merit: 10
Raspberry Pi 2 B Bitcoin Full Node
Installation and Configuration (2 of 2)


This procedures installs a Bitcoin Full Node with or without the Graphical User Interface (headless). A prerequisite procedure 'Raspberry Pi Prep and Hardening' is required to be executed before this procedure is executed. A dedicated extended storage device (MicroSD or SSD) is required to support this procedure.


Extended Storage: Format, partition, auto mount & set perms

Note: the size of the dedicated extended storage to support the Bitcoin application should be at least double the current size of the block-chain to provide for more for growth

Format the dedicated MicroSD or SSD Partition using Flash Friendly File System (f2fs)

The f2fs file system is crucial for heavy operations. Testing has proven the ext4 file system cannot sustain the heavy load of Bitcoin Core causing corruption of block chain files as they are written. Formatting an SSD with f2fs to support the /.bitcoin folder and files has resolved this corruption issue.

Insert the MicroSD card or SSD USB Flash Drive

Code:
$ sudo apt-get install f2fs-tools
$ sudo mke2fs.f2fs -l BTC /dev/sdX

Note: Where X is the actual device letter for the dedicated MicroSD or SSD extended storage

Acquire the Storage UUID

Code:
$ sudo blkid

Example Results
/dev/sda1: LABEL="BTC" UUID="d59ca828-b9d7-47c9-9356-1eb807d61af5" TYPE="f2fs" PARTUUID="b11a0970-01"

Edit fstab for auto mount

Code:
$ sudo nano /etc/fstab

Add the following mount details using the device UUID

UUID=d59ca828-b9d7-47c9-9356-1eb807d61af5 /media//BTC  auto  acl,rw,user,auto,exec    0    0

Note: replace the example UUID shown above with the actual UUID of the device

SSD Performance Tuning – TRIM the SSD

If using an SSD to host ~/.bitcoin, enable TRIM to run as a daily cron job to stop your SSD from slowing down after using it for a while. If you do not enable TRIM the writes may become slower due to the erasing of the deleted blocks.

List Block Devices to Check if TRIM is supported in the SSD hosting ~/.bitcoin

$ lsblk

NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda           8:0    0 119.2G  0 disk
└─sda1        8:1    0 119.2G  0 part /media//BTC
mmcblk0     179:0    0   7.4G  0 disk
├─mmcblk0p1 179:1    0   819M  0 part
├─mmcblk0p2 179:2    0     1K  0 part
├─mmcblk0p3 179:3    0    32M  0 part
├─mmcblk0p5 179:5    0    60M  0 part /boot
└─mmcblk0p6 179:6    0   6.5G  0 part /


$ sudo hdparm -I /dev/sda | grep "TRIM supported"

      *   Data Set Management TRIM supported (limit 8 blocks)

Run fstrim to confirm no errors are presented

$ sudo /sbin/fstrim --all -v || true

Example Result
/: 4 MiB (4206592 bytes) trimmed


If TRIM is Supported on the SSD TRIM it daily (or weekly)

$ sudo nano /etc/cron.daily/fstrim

#!/bin/sh
# trim all mounted file systems which support it
/sbin/fstrim --all || true


Configure Cron job for Execution

$ sudo chmod +x /etc/cron.daily/fstrim

SSD Performance Tuning – Disable SSD 'noatime'

Configure SSD for Performance

Disable SSD writes for last modified time: 'noatime'. Modify the fstab device entry just added previously

Note: Keep in mind that some applications (like mail) may use last modified time to function.

UUID=d59ca828-b9d7-47c9-9356-1eb807d61af5 /media//BTC  auto acl,rw,user,auto,exec,noatime    0    0

Reboot and Confirm the Device Mounts without Error

$ sudo reboot

Configure the Pi for Bitcoin

Allocated more RAM (Bitcoin Core Only (headless))

Code:
$ sudo raspi-config

Select "8 Advanced Options" then select "Memory Split"

Change 64 to 16, save and boot

Enlarge Swap Space

A swap file allows the microSD card to be used as extra memory if needed. Raspbian defaults to a 100Mb swap file. If the the block-chain gets significantly behind, the downloading of extra blocks to catch up can exceed the built in memory and cause Bitcoin core to crash. Enlarging the swap file by a little bit protects against this possibility.

Edit the the swap file configuration

Code:
$ sudo nano /etc/dphys-swapfile

Change the default size, save and exit


CONF_SWAPSIZE=1000


Setup the Swap File

Code:
$ sudo dphys-swapfile setup

Modify (harden) the extended storage perms

Note: sets the extended storage ownership to the current Pi userid; sets perms to the Pi user and group only; Sub-folders inherit the root folder perms; Sets the Execute bit on all files with inheritance

Code:
$ sudo chmod 770 /media//BTC
$ sudo chown : /media//BTC
$ sudo chmod g+s /media//BTC
$ setfacl -d -m u::rwX,g::rwX,o::- /media//BTC

Create work and .bitcoin folders

Code:
$ mkdir /media//.bitcoin
$ mkdir /media//work

Check the folder perms. They should look like this

Code:
$ ls -an /media//BTC

Example Result
drwxrws---+ : .bitcoin
drwxrws---+ : work


Establish a Symbolic Link from the Home ~/.bitcoin folder to the BTC Storage partition

Code:
$ ln -s /media//BTC/.bitcoin /home//.bitcoin


Install Bitcoin Package Dependencies

Installing Bitcoin Core Dependencies

Code:
$ sudo apt-get update
$ sudo apt-get install build-essential autoconf git libssl-dev libboost-dev libboost-chrono-dev libboost-filesystem-dev libboost-program-options-dev libboost-system-dev libboost-test-dev libboost-thread-dev -y

Installing bitcoin-Qt (GUI) Dependencies (optional if headless)

Code:
$ sudo apt-get install qt4-dev-tools libprotobuf-dev protobuf-compiler libqrencode-dev
-y

Intelligently Upgrade Packages to the Latest Version

Code:
$ sudo apt-get install dist-upgrade


Compile, Make and Install Bitcoin

Download, Compile, Make and Install Berkley DB (bitcoin-Qt only)


Note: Skip this section if installing Bitcoin Core (headless).
Code:
$ cd /media//BTC/work
$ wget http://download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz
$ tar -xzvf db-4.8.30.NC.tar.gz
$ cd db-4.8.30.NC/build_unix/
$ ../dist/configure --enable-cxx
$ make -j 2
$ sudo make install

Download and Prepare Bitcoin Core

Code:
$ cd /media//BTC/work
$ git clone -b 0.11 https://github.com/bitcoin/bitcoin.git bitcoin-0.11
$ cd bitcoin-0.11
$ ./autogen.sh

Compile leveldb Library

Note: The following error was produced when the Make was performed without this step. It is not known if this error happens to others but there is a solution if it does, thanks to 'tspacepilot' on another thread: https://bitcointalk.org/index.php?topic=1107660.new#new

   ./leveldb/libleveldb.a: error adding symbols: File format not recognized
   collect2: error: ld returned 1 exit status
   Makefile:2746: recipe for target 'test/test_bitcoin' failed
   make[2]: *** [test/test_bitcoin] Error 1
   make[2]: Leaving directory '/media//BTC/work/bitcoin-0.11/src'
   Makefile:6459: recipe for target 'all-recursive' failed
   make[1]: *** [all-recursive] Error 1
   make[1]: Leaving directory '/media//BTC/work/bitcoin-0.11/src'
   Makefile:622: recipe for target 'all-recursive' failed
   make: *** [all-recursive] Error 1


Code:
$ cd src/leveldb
$ make clean
$ make -j 2

Compile and Make Bitcoin Core (headless)

Note: Skip this section if installing Bitcoin-Qt (GUI)
Code:
$ cd /media//BTC/work/bitcoin-0.11
$ ./configure --without-gui --disable-wallet --with-cli
$ make -j 2
$ make check
$ sudo make install


Compile and Make bitcoin-Qt (GUI) with Wallet Disabled

Compile, Make and Install bitcoin-Qt (GUI)

Note: Skip this section if installing Bitcoin Core (headless)

Code:
$ cd /media//BTC/work/bitcoin-0.11
$ ./configure CPPFLAGS="-I/usr/local/BerkeleyDB.4.8/include -O2" LDFLAGS="-L/usr/local/BerkeleyDB.4.8/lib" --disable-wallet --with-gui
$ make -j 2
$ make check
$ sudo make install


Temporarily launch bitcoind to establish the ~/.bitcoin files


Code:
$ bitcoind

The process will fail the first time and this is expected. The file structure under ~/.bitcoind will be created. The following result will be presented:

Error: To use bitcoind, or the -server option to bitcoin-qt, you must set an rpcpassword in the configuration file: /home//.bitcoin/bitcoin.conf
It is recommended you use the following random password:
 rpcuser=bitcoinrpc
 rpcpassword=83kdib8FLxrF45nUGdTGhffRauem7nq9pXAwqS7a948W
(you do not need to remember this password)
The username and password MUST NOT be the same. If the file does not exist, create it with owner-readable-only file permissions. It is also recommended to set alertnotify so you are notified of problems; for example: alertnotify=echo %s | mail -s "Bitcoin Alert" [email protected]


Create ~/bitcoin/bitcoin.conf, paste in the recommended userid and password and save the file

Code:
$ nano ~/.bitcoin/bitcoin.conf

Execute Bitcoin Core (headless)

Code:
$ bitcoind

Confirm no errors are presented

Execute Bitcoin Core (bitcoin-qt (GUI))

Code:
$ bitcoin-qt

Confirm no errors are presented

Shutdown Bitcoin Core


Side load an Existing Bitcoin Core (.bitcoin) Instance - Direct MicroSD or SSD Transfer

Option: If an up to date Bitcoin Core block-chain is already downloaded and available on another Linux system, this procedure will directly transfer an up to date Bitcoin Core (~/.bitcoin) folder (the blockchain) from the other bitcoin instance. This process will avoid downloading the entire block-chain potentially saving days of time. At the time of the writing of this procedure, downloading the entire block-chain on a Raspberry Pi 2 B has yet to be successful producing an error about 24 hours in. This procedure mitigates this problem.

If the Symbolic Link is Identical to the Raspberry Pi Symbolic Link

Note: If the system where the current copy of the bock-chain is hosted has the exact same symbolic link and destination folder as the Raspberry  Pi, remove the symbolic link before inserting the storage device to prevent data corruption. Once the extended storage is mounted back into the Raspberry Pi, reestablish the symbolic link.

Code:
$ rm /home//.bitcoin
$ ln -s /media//BTC/.bitcoin /home//.bitcoin

Exit Bitcoin on the source computer for the copy

Code:
$ bitcoind stop

Make a copy of ~/.bitcoin/bitcoin.conf

Code:
$ cp ~/.bitcoin/bitcoin.conf ~/.bitcoin/bitcoin.conf.sav

Shutdown the Pi

Code:
$ sudo halt

Remove the Extended storage from the Pi
Insert the Extended Storage into the system hosting the block-chain to copy from

Side load a copy a current Bitcoin Core folder to the MicroSD or SSD

Code:
$ cp -r ~/.bitcoin /media//BTC

Restore the saved Bitcoin configuration file
Code:
$ cp  /media//BTC/.bitcoin/bitcoin.conf.sav /media//BTC/.bitcoin/bitcoin.conf

Eject the media, install it in the Raspberry Pi and boot it up

Optional Automated Sideload Script

To run this script, edit as necessary and place the file in the path to /usr/local/bin. Insert the SSD into a client Linux system that hosts bitcoind and a current copy of the blockchain. Open a Terminal window and execute 'sideload'. The blockchain will be copied to the SSD, typically within 30 minutes. Gracefully dismount the SSD and insert it into the Pi, boot it up and run bitcoind or bitcoin-qt.

Code:
#!/bin/bash
# Filename:                sideload
# Description:             Side loads (copies) the Bitcoin Core Blockchain to an SSD
# Supported Langauge(s):   Bash 3.2.x
# Time-stamp:              <2015-10-31>
# -------------------------------------------------------
# Should be run with sudo. Tested on Ubuntu 15.04
# Place script in the path: /usr/local/bin and run it from Terminal
# -------------------------------------------------------

clear
src=/media/[color=blue][/color]/Virtual\ Currency
dst=/media/[color=blue][/color]i/BTC
ps cax | grep bitcoind > /dev/null
if [ $? -eq 0 ]; then
 echo Bitcoin Core is running
 echo Shutdown Bitcoin Core and try again
 echo Bitcoin Blockchain Sideload aborted!
else
 if mount | grep -q "$dst" ; then
  echo The destination SSD is Mounted...
  if [ -e "$src/.bitcoin" ] && [ -d "$dst" ] ; then
   echo " Source exists: $src"/.bitcoin""
   echo " Destination exists: $dst"
   if [ -e "$dst/.bitcoin/bitcoin.conf" ] ; then
    echo Saving the destination bitcoin.conf file to: bitcoin.conf.sav
    sleep 10
    cp $dst"/.bitcoin/bitcoin.conf" $dst"/.bitcoin/bitcoin.conf.sav"
   fi
   echo Side Loading the Bitcoin Blockchain to $dst will begin in 30 seconds
   x=10
   while [ $x -ge 0 ]
    do
    clear
    echo Side Loading the Bitcoin Blockchain to $dst will begin in $x seconds...
    sleep 1
   x=$(( $x - 1 ))
   done
   cp -r -v "$src"/.bitcoin"" "$dst"
   chown -R [color=blue]1001:1001[/color] "$dst/.bitcoin"
   if [ -e "$dst/.bitcoin/wallet.dat" ] ; then
    echo Removing the source copied wallet.dat from destination for security...
    rm $dst"/.bitcoin/wallet.dat"
   fi
   if [ -e "$dst/.bitcoin/bitcoin.conf.sav" ] ; then
    echo Restoring original destination bitcoin.conf...
    cp $dst"/.bitcoin/bitcoin.conf.sav" $dst"/.bitcoin/bitcoin.conf"
   fi
   echo Bitcoin Core Blockchain Sideload complete!
  else
   echo A Bitcoin Core Source or Destination folder is not accessible
   echo  Source: $src"/.bitcoin"
   echo  Destination: $dst
   echo Bitcoin Blockchain Sideload aborted!
  fi
 else
  echo Destination SSD is not mounted: $dst
  echo Bitcoin Blockchain Sideload aborted!
 fi
fi

Side load an Existing Bitcoin Core (.bitcoin) Instance - SSH Transfer

Option: If an up to date Bitcoin Core block-chain is already downloaded and available on another Linux system, this procedure will perform an SSH transfer over the network an up to date Bitcoin Core (~/.bitcoin) folder (the blockchain) from another bitcoin instance. This process will avoid downloading the entire block-chain potentially saving several days of time. This procedure assumes FileZilla is installed. Another SSH application or via command line are other viable options.

Code:
$ filezilla

Establish an SSH connection from the source computer hosting an up to date copy of  the block-chain to the Raspberri Pi MicroSD or SSD.

Configure FileZilla to change the 'Default file exists action' to 'Overwrite if size differs or source file is newer'. Select Transfer, Default file exists action.

SFTP the entire source ~/.bitcoind folder to the Raspberry Pi MicroSD or SSD /media//BTC .bitcoin folder.


Start the Bitcoin daemon at Boot


Code:
$ sudo crontab -e

Scroll to the bottom of the file displayed and add the following line:

@reboot sudo -u /usr/bin/bitcoind -daemon -dbcache=50 -disablewallet 2>&1 >/tmp/bitcoind.cron-out

Note: The start-up may take up to 10 minutes to load the database chains

Start Bitcoin Core, confirm a synchronized block-chain (headless)

Code:
$ bitcoind

Start Bitcoin Core, confirm a synchronized block-chain (GUI)

Code:
$ bitcoin-qt


Congratulations, Bitcoin Core has successfully been installed!



Other General Bitcoin Instructions that may be helpful

Start Bitcoin-Qt (GUI)

Code:
$ bitcoin-qt

Manual Start of the Bitcoin daemon (headless)
Code:
$ bitcoind -daemon

Manual Stop of the Bitcoin daemon (headless)

Code:
$ bitcoind stop

Confirm the Node is reachable by the network

To confirm that you are seeding the bitcoin network you can either check and see if you have more than 8 connections to bitcoin core by running:

Code:
$ bitcoind getinfo

An alternative method: Go to the http://bitnodes.io website and verify the connection

Validate the bitcoind process is running

Code:
$ ps aux | grep bitcoind

Clean up After a Compile Failure

Note: If the MAKE Compile errors out, clean out the environment and try again?

Code:
$ make distclean
$ ./autogen.sh

The Bitcoind API Command List and other Commands

Reference: https://en.bitcoin.it/wiki/Original_Bitcoin_client/API_calls_list

member
Activity: 78
Merit: 10
I have written detailed procedures regarding configuring a Raspberry Pi 2 B as a Full Bitcoin Node using Bitcoin Core 0.11 headless or the GUI (Bitcoin Qt). Please feel free to make any corrections or recommendations to make this better. There are two procedures 'Raspberry Pi Prep and Hardening' and 'Raspberry Pi Full Bitcoin Node. About 1 GB will remain for the OS on an 8 GB MicroSD once complete. I have added some recommendations from my experience regarding MicroSD and SSD storage. I had a 128GB MicroSD card Strontium Class 10 Nitro UHS-1 that failed on me the first time through that I ended up returning.



Raspberry Pi 2 B
System Information, SSH, VNC, Firewall and Hardening


This procedure provides instructions to prepare a Raspberry Pi 2 B for application installation and Internet accessibility. At the time of the writing of this procedure the Operating System used was Raspbian Jesse (v4.0.7-47+). This procedure assumes the operating system is already installed, running and accessible.

Recommended OS and Extended Storage

Operating System Storage

SanDisk Extreme PLUS 32GB microSDXC UHS-I/U3 Card with Adapter (SDSQXSG-032G-GN6MA) MicroSD

Reference: http://www.amazon.com/gp/product/B010NE3QS0?psc=1&redirect=true&ref_=oh_aui_detailpage_o00_s00

Extended (application) Storage (SSD with embedded SSD Controller)

Corsair Flash Voyager GTX 128GB USB 3.0 Flash Drive (CMFVYGTX3B-128GB)

Reference: http://www.amazon.com/gp/product/B00S89FIDE?psc=1&redirect=true&ref_=oh_aui_detailpage_o02_s00

Note: This rock solid SSD USB Flash Drive hosts an internal SSD controller. This device is reliable, relatively fast and has a 5 year warranty. The USB is wide so a short USB extension cable may be required to be able to use all the USB ports on the Raspberry Pi. The device gets very warm with normal use.

General System Info Commands

Just some general commands that may be useful later.

Display Hardware Information

Code:
$  cat /proc/cpuinfo
$  cat /proc/meminfo
$  cat /proc/partitions
$  cat /proc/version
$  free -o -h #available memory
$  vcgencmd get_mem && vcgencmd get_em gpu

Display Real time System Usage

Code:
$ top

View boot log

Code:
$ dmesg

Configure Raspian

Code:
$ sudo raspi-config

Start GUI

Code:
$ startx

Shutdown, Restart or power off

Code:
$ sudo shutdown -r now
$ sudo reboot
$ sudo halt

View Installed Packages by Package Name

Code:
$ dpkg-query -f '${binary:Package}\n' -W

Install SSH Console (SecPanel)

Code:
sudo apt-get install SecPanel

First Time Setup

Update and Upgrade Raspbian

Code:
 $ sudo apt-get update
 $ sudo apt-get upgrade

Install git and certifications to reach github

Code:
$ sudo apt-get install ca-certificates
$ sudo apt-get install git-core

Update firmware

Code:
$ sudo rpi-update
$ sudo ldconfig
$ sudo reboot


Tight VNC Server Remote Console Setup

This procedure allows for remote console access from another system on the same subnet for ease of use.

Reference: http://www.howtogeek.com/141157/how-to-configure-your-raspberry-pi-for-remote-shell-desktop-and-file-transfer/all/?PageSpeed=noscript

On the server

Code:
$ sudo apt-get install tightvncserver

On the client

Code:
$ sudo apt-get install vncviewer

Execute tightvncserver and enter a password for remote access when prompted

Code:
$ tightvncserver

Fix a ownership problem with VNC on PI

Code:
$ sudo chown pi /home/pi/.Xauthority

Auto start VNCServer on Pi

Code:
$ sudo nano /etc/init.d/tightvnc

Paste the following script into the file and save it

Note: Replace below with the existing userid for your Raspberry Pi. Note that later in this procedure this userid will change. Remember to edit this file and change it later when that happens.

#!/bin/sh
### BEGIN INIT INFO
# Provides: tightvncserver
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start vnc server
# Description:
### END INIT INFO

case "$1" in
start)
su -c 'vncserver :1 -geometry 1600x900 -depth 16 -pixelformat rgb565:'
echo "VNC Started"
;;
stop)
pkill Xtightvnc
echo "VNC Terminated"
;;
*)
echo "Usage: /etc/init.d/tightvnc {start|stop}"
exit 1
;;
esac


Set perms after edit

Code:
$ sudo chmod 755 /etc/init.d/tightvnc

Tight VNC Server Remote Console Start/Stop (Script) Execution - Test it

Code:
$ sudo /etc/init.d/tightvnc start
$ sudo /etc/init.d/tightvnc stop

Update the rc.d file (which tracks which initialization scripts are in the /init.d/ folder)

Code:
$ sudo update-rc.d tightvnc defaults
$ sudo reboot

To kill vncserver

Code:
$ vncserver --kill :1

To manually Start VNC and configure resolution

Code:
$ vncserver :1 -geometry 1600×900 -depth 16 -pixelformat rgb565:

VNC Viewer Installation and Execution - on the Client

Code:
$ vncviewer

Enter the VNC Server and Session ID - on the Client

1:1


Create vncviewer Password file for SSO - on the Client

Reference: http://www.dotkam.com/2009/03/22/vnc-into-remote-server-without-typing-a-password/

Code:
$ vncpasswd
$ vncviewer -p /home//.vnc/passwd  :1


SSH Commands

Note: replace the example IP address referenced below with an available address on your subnet for your Raspberry Pi

SSH Login


Code:

SSH Change Password

Code:
$ ssh [email protected] passwd

Bind Address for Remote Web Interface over SSH

Code:
$ ssh -L 8888:127.0.0.1:80 [email protected]

Open Browser and Navigate

http://localhost:8888



Replace Default Account

Create new Username & Delete the default account (pi)
Code:
$ sudo useradd -m  -G sudo
$ sudo passwd

Reboot, Login and perform a command with sudo to confirm rights

Delete the default pi account

Code:
$ sudo deluser -remove-home pi

Install and Configure Uncomplicated Firewall (UFW)

Reference: https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server

Install

Code:
$ sudo apt-get install ufw
$ sudo ufw status

Configure

Code:
$ sudo vi /etc/default/ufw
Ensure IPV6=yes

Configure the Firewall Rules

Code:
$ sudo ufw allow ssh
$ sudo ufw allow 22/tcp
$ sudo ufw allow 8333/tcp
$ sudo ufw default deny incoming
$ sudo ufw status numbered

Note: If creating a Bitcoin Full Node, Port TCP/8333 is to allow inbound connectivity to the Bitcoin Node. Your router can provide connectivity through a Guest network configured with port forwarding on this port.

To Enable or Disable UFW
Code:
$ sudo ufw enable
$ sudo ufw disable

Configure Raspberry Pi for automated security updates

Install

Code:
$ sudo apt-get install unattended-upgrades

Edit and Add

Code:
$ sudo nano /etc/apt/apt.conf.d/10periodic

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";


Modify for unattended upgrade

Edit and change the following line at the first section

Code:
$ nano /etc/apt/apt.conf.d/50unattended-upgrades

from
"origin=Debian,archive=stable,label=Debian-Security";
to
// "origin=Debian,archive=stable,label=Debian-Security";
"origin=Raspbian";


SSH File transfer (GUI)

Note: there are many SSH tools. This is just one of them that works well.

Install FileZilla

Code:
$ sudo apt-get install filezilla
Jump to: