Thank you both @NotAThether and @Carlton Banks.
Problem solved.
Topic: [solved] Bitcoin core behind Tor Hidden service problem (Read 367 times)
I presume the "ust72...onion" address is the one you want to keep?
If that's the case do what Carlton Banks suggested and delete the onion_private_key file. It's used to make the other hidden service that's in the getnetworkinfo output ("q3v3...").
From the bitcoin docs about Tor:
So Bitcoin Core will automatically create a hidden service by default.
If that's the case do what Carlton Banks suggested and delete the onion_private_key file. It's used to make the other hidden service that's in the getnetworkinfo output ("q3v3...").
From the bitcoin docs about Tor:
2. Automatically create a Bitcoin Core onion service
Bitcoin Core makes use of Tor's control socket API to create and destroy ephemeral onion services programmatically. This means that if Tor is running and proper authentication has been configured, Bitcoin Core automatically creates an onion service to listen on. The goal is to increase the number of available onion nodes.
This feature is enabled by default if Bitcoin Core is listening (-listen) and it requires a Tor connection to work. It can be explicitly disabled with -listenonion=0. If it is not disabled, it can be configured using the -torcontrol and -torpassword settings.
Bitcoin Core makes use of Tor's control socket API to create and destroy ephemeral onion services programmatically. This means that if Tor is running and proper authentication has been configured, Bitcoin Core automatically creates an onion service to listen on. The goal is to increase the number of available onion nodes.
This feature is enabled by default if Bitcoin Core is listening (-listen) and it requires a Tor connection to work. It can be explicitly disabled with -listenonion=0. If it is not disabled, it can be configured using the -torcontrol and -torpassword settings.
So Bitcoin Core will automatically create a hidden service by default.
try settting listenonion=0 in bitcoin.conf, then deleting the onion_private_key file from your .bitcoin config directory (then shutdown/restart bitcoind)
Hello. I'm back to this topic because I just setup one other node and the same is happening, but I'm using default ports this time. I don't understand why Tor is creating 2 onion addresses instead of one.
I'll share all settings I'm using and also that I'm running this node on a RockPro64 board.
/etc/tor/torrc
~/.bitcoin/bitcoin.conf
and when I run
bitcoin-cli getnetworkinfo
I get:
I know we have already discussed about this but it was in a slightly different situation.
Any help is appreciated!
Thanks
darkv0rt3x
I'll share all settings I'm using and also that I'm running this node on a RockPro64 board.
/etc/tor/torrc
Code:
ExitPolicy reject *:* # no exits allowed --> this is for LN node
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGrouReadable 1
HiddenServiceDir /var/lib/tor/bitcoin-node-service
HiddenServiceVersion 3
HiddenServicePort 8333 127.0.0.1:8333
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGrouReadable 1
HiddenServiceDir /var/lib/tor/bitcoin-node-service
HiddenServiceVersion 3
HiddenServicePort 8333 127.0.0.1:8333
~/.bitcoin/bitcoin.conf
Code:
dbcache=2048
par=1 -daemon
server=1
rpcauth=[REPLACED]:[REPLACED]
rpcallowip=127.0.0.1
rpcport=8332
rpcbind=127.0.0.1
maxtxfee=0.00002000
mintxfee=0.00000002
network=mainnet
prune=550
debug=net
debug=tor
debuglogfile=/home/darkv0rt3x/.bitcoin/debug.log
addresstype=bech32
changetype=bech32
listen=1
proxy=127.0.0.1:9050
listen=1
bind=127.0.0.1
externalip=ust72z3wsgefcjkfybb2bbhyup2zcdidzdxzs4amtly7ubv2ljglkrad.onion
onlynet=onion
par=1 -daemon
server=1
rpcauth=[REPLACED]:[REPLACED]
rpcallowip=127.0.0.1
rpcport=8332
rpcbind=127.0.0.1
maxtxfee=0.00002000
mintxfee=0.00000002
network=mainnet
prune=550
debug=net
debug=tor
debuglogfile=/home/darkv0rt3x/.bitcoin/debug.log
addresstype=bech32
changetype=bech32
listen=1
proxy=127.0.0.1:9050
listen=1
bind=127.0.0.1
externalip=ust72z3wsgefcjkfybb2bbhyup2zcdidzdxzs4amtly7ubv2ljglkrad.onion
onlynet=onion
and when I run
bitcoin-cli getnetworkinfo
I get:
Code:
"localaddresses": [
{
"address": "q3v3e2gspdaxojxhxntisltp37eze4qj5odoz3kkmlym4r6mfcsbywyd.onion",
"port": 8333,
"score": 4
},
{
"address": "ust72z3wsgefcjkfybb2bbhyup2zcdidzdxzs4amtly7ubv2ljglkrad.onion",
"port": 8333,
"score": 4
}
],
{
"address": "q3v3e2gspdaxojxhxntisltp37eze4qj5odoz3kkmlym4r6mfcsbywyd.onion",
"port": 8333,
"score": 4
},
{
"address": "ust72z3wsgefcjkfybb2bbhyup2zcdidzdxzs4amtly7ubv2ljglkrad.onion",
"port": 8333,
"score": 4
}
],
I know we have already discussed about this but it was in a slightly different situation.
Any help is appreciated!
Thanks
darkv0rt3x
Well... I ended up by uninstalling tor completely and reinstalling it.
Permissions seems to be ok and I am using a simpler setup for bitcoin core.
It seems to be working and no multiple onion addresses are being used. Only one.
Also, there is this parameter score that shows up in bitcoin-cli getnetworkinfo that didn't increase as it was supposed before, and now it is increasing.
I'll keep settings this way for now.
Permissions seems to be ok and I am using a simpler setup for bitcoin core.
It seems to be working and no multiple onion addresses are being used. Only one.
Also, there is this parameter score that shows up in bitcoin-cli getnetworkinfo that didn't increase as it was supposed before, and now it is increasing.
I'll keep settings this way for now.
@NotATether thank you for that.
Actually about permissions, 'S' should be an 's' as the 'S' means that the group has no execution permission, so no effect whatsoever. Not sure this is a problem or not and I won't have, until someone else sets up bitcoin core to use Tor and tell me if it works perfectly well or not and show me permissions in those folders/files.
But my folder is with the same permissions as yours.
I tried to change the 'S' to an 's' but nothing changed. Or better, a small detail changed but still not enough to be sure if this is a problem or not. The only difference it made is that when running the command tor --verify-config, I get an error message saying that the user running Tor is not 'debian-tor' but my username, and before it just said it didn't have permissions to read there.
About the onion address I have no interest in making my own address. I just want one. And apparently my setup is creating 2 onion addresses and I can't understand why,
Actually about permissions, 'S' should be an 's' as the 'S' means that the group has no execution permission, so no effect whatsoever. Not sure this is a problem or not and I won't have, until someone else sets up bitcoin core to use Tor and tell me if it works perfectly well or not and show me permissions in those folders/files.
But my folder is with the same permissions as yours.
I tried to change the 'S' to an 's' but nothing changed. Or better, a small detail changed but still not enough to be sure if this is a problem or not. The only difference it made is that when running the command tor --verify-config, I get an error message saying that the user running Tor is not 'debian-tor' but my username, and before it just said it didn't have permissions to read there.
About the onion address I have no interest in making my own address. I just want one. And apparently my setup is creating 2 onion addresses and I can't understand why,
@NotATether, could you please share your /var/lib/tor/ permission settings with an ls -lah /var/lib/tor/ command so that I can compare with mine?
Sure, but I don't have Tor installed so it's going to be a fresh install from my Ubuntu node. I created a dummy hidden service to see what's in that folder.
Code:
$ ls -lah /var/lib/tor/
total 7.6M
total 7.6M
drwx--S--- 4 debian-tor debian-tor 4.0K Dec 10 23:36 .
drwxr-xr-x 76 root root 4.0K Dec 10 23:23 ..
-rw------- 1 debian-tor debian-tor 20K Dec 10 23:23 cached-certs
-rw------- 1 debian-tor debian-tor 2.2M Dec 10 23:23 cached-microdesc-consensus
-rw------- 1 debian-tor debian-tor 5.4M Dec 10 23:36 cached-microdescs
-rw------- 1 debian-tor debian-tor 0 Dec 10 23:36 cached-microdescs.new
drwx--S--- 3 debian-tor debian-tor 4.0K Dec 10 23:36 hidden_service
drwx--S--- 2 debian-tor debian-tor 4.0K Dec 10 23:23 keys
-rw------- 1 debian-tor debian-tor 0 Dec 10 23:36 lock
-rw------- 1 debian-tor debian-tor 3.7K Dec 10 23:36 state
total 7.6M
total 7.6M
drwx--S--- 4 debian-tor debian-tor 4.0K Dec 10 23:36 .
drwxr-xr-x 76 root root 4.0K Dec 10 23:23 ..
-rw------- 1 debian-tor debian-tor 20K Dec 10 23:23 cached-certs
-rw------- 1 debian-tor debian-tor 2.2M Dec 10 23:23 cached-microdesc-consensus
-rw------- 1 debian-tor debian-tor 5.4M Dec 10 23:36 cached-microdescs
-rw------- 1 debian-tor debian-tor 0 Dec 10 23:36 cached-microdescs.new
drwx--S--- 3 debian-tor debian-tor 4.0K Dec 10 23:36 hidden_service
drwx--S--- 2 debian-tor debian-tor 4.0K Dec 10 23:23 keys
-rw------- 1 debian-tor debian-tor 0 Dec 10 23:36 lock
-rw------- 1 debian-tor debian-tor 3.7K Dec 10 23:36 state
Code:
$ ls -lah /var/lib/tor/hidden_service/
total 24K
drwx--S--- 3 debian-tor debian-tor 4.0K Dec 10 23:36 .
drwx--S--- 4 debian-tor debian-tor 4.0K Dec 10 23:37 ..
drwx--S--- 2 debian-tor debian-tor 4.0K Dec 10 23:36 authorized_clients
-rw------- 1 debian-tor debian-tor 63 Dec 10 23:36 hostname
-rw------- 1 debian-tor debian-tor 64 Dec 10 23:36 hs_ed25519_public_key
-rw------- 1 debian-tor debian-tor 96 Dec 10 23:36 hs_ed25519_secret_key
total 24K
drwx--S--- 3 debian-tor debian-tor 4.0K Dec 10 23:36 .
drwx--S--- 4 debian-tor debian-tor 4.0K Dec 10 23:37 ..
drwx--S--- 2 debian-tor debian-tor 4.0K Dec 10 23:36 authorized_clients
-rw------- 1 debian-tor debian-tor 63 Dec 10 23:36 hostname
-rw------- 1 debian-tor debian-tor 64 Dec 10 23:36 hs_ed25519_public_key
-rw------- 1 debian-tor debian-tor 96 Dec 10 23:36 hs_ed25519_secret_key
That S in the permission in the keys files is the setgid bit. That just ensures all the child files have the debian-tor group. It's set by default as you can see above so its not relevant to this problem.
I did some digging, and found that you can't just set an arbitrary .onion URL for a hidden service, because it has an associated private key.
There exists tools to generate a vanity .onion address (appears to be same concept as in bitcoin) using mkp2240. You can create an onion address starting with characters you pick, but you can't create any address you like, because it will take forever to generate the whole thing. You can only choose what you want in the beginning of the address.
You clone it from Github and build it from source (standard ./autogen.sh - ./configure - make sequence - it has a dependency on libsodium-dev from apt), and then run it like ./mkp224o -d OUTPUT_FOLDER PREFIX. PREFIX is the beginning of the onion address you want and it generates the rest of it along with private keys. Then you can just drop the folder inside /var/lib/tor, chmod 2700 the folder, chown debian-tor:debian-tor it as well and it should use your custom address.
After that you won't need the externalip= setting in bitcoin.conf and you should remove that to get rid of the other onion address.
Maybe Debian made the bitcoin-serv folder readable only to debian-tor user? Check the permissions with stat command.
Can you try verifying the config as root user? That should definitely work as root overrides all permissions.
When you restarted tor, did you also restart bitcoin core? Try doing that, the stream of errors looks like it's listening to a local address that's now dead because the port number changed.
Can you try verifying the config as root user? That should definitely work as root overrides all permissions.
When you restarted tor, did you also restart bitcoin core? Try doing that, the stream of errors looks like it's listening to a local address that's now dead because the port number changed.
I rebooted my laptop. I also removed this /var/lib/tor/bitcoin-serv and replaced it by a new one (/var/lib/tor/bitcoin-service) and also removed ~/.bitcoin/onion_private_key file.
I set all ports to default in bitcoin.conf and in /etc/tor/torrc. Restarted tor and the new /var/lib/tor/bitcoin-service folder and new onion are already available.
Restarted bitcoin core and it seems to be working.
Permissions now for this new folder. It sould be available to me but I don't know what means the 'S'.
Code:
$ sudo ls -lah /var/lib/tor
total 8.8M
drwx--S--- 5 debian-tor debian-tor 4.0K Dec 10 01:14 .
drwxr-xr-x 52 root root 4.0K Dec 6 20:32 ..
drwx--S--- 2 debian-tor debian-tor 4.0K Dec 10 01:08 bitcoin-service
total 8.8M
drwx--S--- 5 debian-tor debian-tor 4.0K Dec 10 01:14 .
drwxr-xr-x 52 root root 4.0K Dec 6 20:32 ..
drwx--S--- 2 debian-tor debian-tor 4.0K Dec 10 01:08 bitcoin-service
Same as before.
I always stop bitcoin core. About tor, I usually only restart it after changing the config file.
Tomorrow, I'll be messing around with this again. It looks to be working now on default ports, but I still haven't understood why sometimes it just refuses to connect to the Socks thing. I have a big problem with networking. I can't understand how most things work, so I have to go by brute-force and sometimes this becomes daunting...
Well, it's working but I'm not happy.
I have 2 onion addresses and I shouldn't. The weirdest thing is that the onion that I set up is not changing the "score" and the other one that shows up (who knows where from) is changing the score.
Code:
"localaddresses": [
{
"address": "ixfn57hqops66hlp.onion", <-- no idea why or where from is this one coming from
"port": 8333,
"score": 132
},
{
"address": "u4fxj2n52zhdfcai.onion", <-- the onion I set up in tor
"port": 8333,
"score": 4
}
],
"warnings": ""
}
{
"address": "ixfn57hqops66hlp.onion", <-- no idea why or where from is this one coming from
"port": 8333,
"score": 132
},
{
"address": "u4fxj2n52zhdfcai.onion", <-- the onion I set up in tor
"port": 8333,
"score": 4
}
],
"warnings": ""
}
@NotATether, could you please share your /var/lib/tor/ permission settings with an ls -lah /var/lib/tor/ command so that I can compare with mine?
[moderator's note: consecutive posts merged]
Maybe Debian made the bitcoin-serv folder readable only to debian-tor user? Check the permissions with stat command.
Can you try verifying the config as root user? That should definitely work as root overrides all permissions.
When you restarted tor, did you also restart bitcoin core? Try doing that, the stream of errors looks like it's listening to a local address that's now dead because the port number changed.
Can you try verifying the config as root user? That should definitely work as root overrides all permissions.
When you restarted tor, did you also restart bitcoin core? Try doing that, the stream of errors looks like it's listening to a local address that's now dead because the port number changed.
But those lines are needed to generate the onion address. Otherwise how woul I get my onion address.
In that case I don't think you should remove the whole thing, just change the IP-address:port value at HiddenServicePort from 127.0.0.1:8333 to 127.0.0.1:8334 (as you changed bitcoin core's listening port from 8333 to 8334)
So that line should now look like this:
Code:
HiddenServicePort 8334 127.0.0.1:8334
Damnnnnn...
It just got worse... Can't understand this crap.
I changed to
Code:
HiddenServiceDir /var/lib/tor/bitcoin-serv
HiddenServiceVersion 2
HiddenServicePort 8334 127.0.0.1:8334
HiddenServiceVersion 2
HiddenServicePort 8334 127.0.0.1:8334
Restarted tor and now I just get this from bitcoin core:
Code:
2020-12-10T00:42:59Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:00Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:00Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:01Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:01Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:02Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:02Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:03Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:03Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:04Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:04Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:05Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:05Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:06Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:06Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:07Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:07Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:00Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:00Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:01Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:01Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:02Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:02Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:03Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:03Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:04Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:04Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:05Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:05Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:06Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:06Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:07Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
2020-12-10T00:43:07Z connect() to 127.0.0.1:9050 failed after select(): Connection refused (111)
I ran
Code:
$tor --verify-config
and I get this:
Code:
Dec 10 00:47:10.105 [notice] Read configuration file "/etc/tor/torrc".
Dec 10 00:47:10.107 [warn] Directory /var/lib/tor/bitcoin-serv cannot be read: Permission denied
Dec 10 00:47:10.107 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Dec 10 00:47:10.107 [err] Reading config failed--see warnings above.
Dec 10 00:47:10.107 [warn] Directory /var/lib/tor/bitcoin-serv cannot be read: Permission denied
Dec 10 00:47:10.107 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details.
Dec 10 00:47:10.107 [err] Reading config failed--see warnings above.
But I'm not sure this is really what it means, because the user running 'tor' is 'debian-tor' and I checked that me (user running bitcoin core) in in debian-tor group because when I run groups I see 'debian-tor' at the end of the list of groups I belong to.
But those lines are needed to generate the onion address. Otherwise how woul I get my onion address.
In that case I don't think you should remove the whole thing, just change the IP-address:port value at HiddenServicePort from 127.0.0.1:8333 to 127.0.0.1:8334 (as you changed bitcoin core's listening port from 8333 to 8334)
So that line should now look like this:
Code:
HiddenServicePort 8334 127.0.0.1:8334
Your bitcoin.conf file binds on port 8333 when it connects to your 127.0.0.1:9050 SOCKS proxy, making one hidden service and simultaneously, your torrc binds port 8334 to connect to your *first* local address, creating a second hidden service. So the way your torrc config is wired, makes it fetch data from port 8334 <-- port 8333 when someone connects to your node at port 8334. This extra forwarding is not necessary.
Delete the HiddenService* lines from your torrc to remove the second hidden service.
Delete the HiddenService* lines from your torrc to remove the second hidden service.
Ok, I might be a mess at these settings but the goal was to use different ports than the default ones. For instance, instead of 9050 I wanted to use 9005, and instead of 8333 I wanted to use 8334.
Is this possible? I guess it is but this is confusing to me, about binding and proxy'ing and forwarding and bla bla bla, at least until I get it working once!
Yes you can change the Tor port and the bitcoin core port. In your case you would start Tor on port 9005, then you change your bitcoin.conf to:
Code:
proxy=127.0.0.1:9005
listen=1
bind=127.0.0.1
externalip=53hhdjgv4jailcee.onion
onlynet=onion
port=8334
listen=1
bind=127.0.0.1
externalip=53hhdjgv4jailcee.onion
onlynet=onion
port=8334
And, if you changed anything in /etc/tor/torrc and you don't want the second address in localaddresses, remove those modifications.
But those lines are needed to generate the onion address. Otherwise how woul I get my onion address.
Instructions I followed are here in Method 2
https://en.bitcoin.it/wiki/Setting_up_a_Tor_hidden_service
Quote
Method 2
This sets up a manual hidden service controlled by the tor daemon. The hidden service address (xxxx.onion). Note that as in method 1, your xxxxx.onion address will stay the same until you delete your key file. Someone tracking you can't necessarily associate the xxxx.onion with you, but they will know it is run by the same person or entity.
Add these lines to your torrc:
HiddenServiceDir /var/lib/tor/bitcoin-service/
HiddenServicePort 8333 127.0.0.1:8333
Restart Tor. As root, run cat /var/lib/tor/bitcoin-service/hostname. Your onion address will be reported. If it didn't work, then probably your distro's version of Tor doesn't actually use /var/lib/tor for this purpose. You should try to figure out the correct HiddenServiceDir location.
In the following steps, replace ONION_ADDR with the onion address reported above.
If you don't care about anonymity and are only looking to help the network, add the following lines to bitcoin.conf:
onion=127.0.0.1:9050
listen=1
externalip=ONION_ADDR
discover=1
This will allow you to accept connections both via your onion address and your IP address (if you have port 8333 forwarded), and Tor will only be used for connections to and from Tor hidden services.
If you care about anonymity, instead of the above, add the following lines to bitcoin.conf to use Tor for everything:
proxy=127.0.0.1:9050
listen=1
bind=127.0.0.1
externalip=ONION_ADDR
If you additionally want Bitcoin Core to only connect out to Tor hidden services, also add this line (not particularly recommended):
onlynet=onion
Now restart Bitcoin Core. You should eventually get incoming connections via your hidden service.
This sets up a manual hidden service controlled by the tor daemon. The hidden service address (xxxx.onion). Note that as in method 1, your xxxxx.onion address will stay the same until you delete your key file. Someone tracking you can't necessarily associate the xxxx.onion with you, but they will know it is run by the same person or entity.
Add these lines to your torrc:
HiddenServiceDir /var/lib/tor/bitcoin-service/
HiddenServicePort 8333 127.0.0.1:8333
Restart Tor. As root, run cat /var/lib/tor/bitcoin-service/hostname. Your onion address will be reported. If it didn't work, then probably your distro's version of Tor doesn't actually use /var/lib/tor for this purpose. You should try to figure out the correct HiddenServiceDir location.
In the following steps, replace ONION_ADDR with the onion address reported above.
If you don't care about anonymity and are only looking to help the network, add the following lines to bitcoin.conf:
onion=127.0.0.1:9050
listen=1
externalip=ONION_ADDR
discover=1
This will allow you to accept connections both via your onion address and your IP address (if you have port 8333 forwarded), and Tor will only be used for connections to and from Tor hidden services.
If you care about anonymity, instead of the above, add the following lines to bitcoin.conf to use Tor for everything:
proxy=127.0.0.1:9050
listen=1
bind=127.0.0.1
externalip=ONION_ADDR
If you additionally want Bitcoin Core to only connect out to Tor hidden services, also add this line (not particularly recommended):
onlynet=onion
Now restart Bitcoin Core. You should eventually get incoming connections via your hidden service.
Your bitcoin.conf file binds on port 8333 when it connects to your 127.0.0.1:9050 SOCKS proxy, making one hidden service and simultaneously, your torrc binds port 8334 to connect to your *first* local address, creating a second hidden service. So the way your torrc config is wired, makes it fetch data from port 8334 <-- port 8333 when someone connects to your node at port 8334. This extra forwarding is not necessary.
Delete the HiddenService* lines from your torrc to remove the second hidden service.
Delete the HiddenService* lines from your torrc to remove the second hidden service.
Ok, I might be a mess at these settings but the goal was to use different ports than the default ones. For instance, instead of 9050 I wanted to use 9005, and instead of 8333 I wanted to use 8334.
Is this possible? I guess it is but this is confusing to me, about binding and proxy'ing and forwarding and bla bla bla, at least until I get it working once!
Yes you can change the Tor port and the bitcoin core port. In your case you would start Tor on port 9005, then you change your bitcoin.conf to:
Code:
proxy=127.0.0.1:9005
listen=1
bind=127.0.0.1
externalip=53hhdjgv4jailcee.onion
onlynet=onion
port=8334
listen=1
bind=127.0.0.1
externalip=53hhdjgv4jailcee.onion
onlynet=onion
port=8334
And, if you changed anything in /etc/tor/torrc and you don't want the second address in localaddresses, remove those modifications.
Your bitcoin.conf file binds on port 8333 when it connects to your 127.0.0.1:9050 SOCKS proxy, making one hidden service and simultaneously, your torrc binds port 8334 to connect to your *first* local address, creating a second hidden service. So the way your torrc config is wired, makes it fetch data from port 8334 <-- port 8333 when someone connects to your node at port 8334. This extra forwarding is not necessary.
Delete the HiddenService* lines from your torrc to remove the second hidden service.
Delete the HiddenService* lines from your torrc to remove the second hidden service.
Ok, I might be a mess at these settings but the goal was to use different ports than the default ones. For instance, instead of 9050 I wanted to use 9005, and instead of 8333 I wanted to use 8334.
Is this possible? I guess it is but this is confusing to me, about binding and proxy'ing and forwarding and bla bla bla, at least until I get it working once!
An btw, I want the persistante onion address and the explicit control. So I need the HiddenService lines. At least it's what the docs says!
Re: [ANN] Bitcoin (BTC) on Tor addnodes Project
- https://bitcointalksearch.org/topic/m.52425757
EDIT: Additional ...
Bitcoin generated "ephemeral" v2 onion_private_key ... i.e. RSA1024:MIICX ...
Tor hidden_service generated v2 .onion ...
i.e.
-----BEGIN RSA PRIVATE KEY-----
MIICX ...
-----END RSA PRIVATE KEY-----
N.B. You can manually reformat the keys to correspond (depending on how you intend to run your node) ...
Always make sure you stop Bitcoin and Tor before editing and restarting etc.,
- https://bitcointalksearch.org/topic/m.52425757
...snip...
Configuration examples;
Bitcoin (BTC) bitcoin.conf ... Linux (Tor only and pruned mode) ...
See: https://en.bitcoin.it/wiki/Setting_up_a_Tor_hidden_service
...
Tor - torrc ... Linux (CLIENT only Tor hidden_service, for pruned mode i.e. will only relay Bitcoin traffic over Tor, with reduced bandwidth!) ...
Updated April 2020 ...
See: https://2019.www.torproject.org/docs/tor-manual.html.en
...
Full howto node set-up guide coming soon, including dual stack server, firewall and ddos prevention etc.,
...snip...
Configuration examples;
Bitcoin (BTC) bitcoin.conf ... Linux (Tor only and pruned mode) ...
Code:
cd ~/.bitcoin && sudo nano bitcoin.conf
Quote
prune=5000
listen=1
bind=127.0.0.1
externalip=ONION_ADDR
port=8333
onion=127.0.0.1:9050
proxy=127.0.0.1:9050
maxconnections=256
addnode=satofxsc3xjadxsm.onion:8333
addnode=shindo45rxrk3737.onion:8333
addnode=naka7nzsu3binfim.onion:8333
addnode=motoixfjxnf4joga.onion:8333
listen=1
bind=127.0.0.1
externalip=ONION_ADDR
port=8333
onion=127.0.0.1:9050
proxy=127.0.0.1:9050
maxconnections=256
addnode=satofxsc3xjadxsm.onion:8333
addnode=shindo45rxrk3737.onion:8333
addnode=naka7nzsu3binfim.onion:8333
addnode=motoixfjxnf4joga.onion:8333
See: https://en.bitcoin.it/wiki/Setting_up_a_Tor_hidden_service
...
Tor - torrc ... Linux (CLIENT only Tor hidden_service, for pruned mode i.e. will only relay Bitcoin traffic over Tor, with reduced bandwidth!) ...
Updated April 2020 ...
Code:
sudo nano /etc/tor/torrc
Quote
ClientOnly 1
SOCKSPort 9050
SOCKSPolicy accept 127.0.0.1/8
Log notice file /var/log/tor/notices.log
ControlPort 9051
HiddenServiceDir /var/lib/tor/bitcoin-service/
HiddenServiceVersion 2
HiddenServicePort 8333 127.0.0.1:8333
HiddenServiceStatistics 0
ExtraInfoStatistics 0
ORPort 443
DirPort 80
BandwidthRate 8MB
BandwidthBurst 10MB
ExitPolicy reject *:*
NumCPUs 1
AvoidDiskWrites 1
ConnectionPadding 1
ReducedConnectionPadding 1
GeoIPExcludeUnknown 1
ExcludeNodes Unnamed,default,{ae},{af},{bd},{bh},{bi},{bj},{bn},{bo},{by},{cd},{cf},{ci},{cn},{co},{cu},{cy},{dz},{ec},{eg},{er},{et},{fj},{ht},{id},{iq},{ir},{jo},{kg},{kh},{kp},{kw},{kz},{la},{lb},{lk},{lr},{ly},{ma},{mm},{mw},{np},{om},{ph},{pk},{ps},{qa},{ru},{rw},{sa},{sd},{so},{sy},{th},{tj},{tm},{tn},{tr},{tw},{ua},{ug},{uz},{ve},{vn},{ye},{zw},{??}
SOCKSPort 9050
SOCKSPolicy accept 127.0.0.1/8
Log notice file /var/log/tor/notices.log
ControlPort 9051
HiddenServiceDir /var/lib/tor/bitcoin-service/
HiddenServiceVersion 2
HiddenServicePort 8333 127.0.0.1:8333
HiddenServiceStatistics 0
ExtraInfoStatistics 0
ORPort 443
DirPort 80
BandwidthRate 8MB
BandwidthBurst 10MB
ExitPolicy reject *:*
NumCPUs 1
AvoidDiskWrites 1
ConnectionPadding 1
ReducedConnectionPadding 1
GeoIPExcludeUnknown 1
ExcludeNodes Unnamed,default,{ae},{af},{bd},{bh},{bi},{bj},{bn},{bo},{by},{cd},{cf},{ci},{cn},{co},{cu},{cy},{dz},{ec},{eg},{er},{et},{fj},{ht},{id},{iq},{ir},{jo},{kg},{kh},{kp},{kw},{kz},{la},{lb},{lk},{lr},{ly},{ma},{mm},{mw},{np},{om},{ph},{pk},{ps},{qa},{ru},{rw},{sa},{sd},{so},{sy},{th},{tj},{tm},{tn},{tr},{tw},{ua},{ug},{uz},{ve},{vn},{ye},{zw},{??}
See: https://2019.www.torproject.org/docs/tor-manual.html.en
...
Full howto node set-up guide coming soon, including dual stack server, firewall and ddos prevention etc.,
...snip...
EDIT: Additional ...
Bitcoin generated "ephemeral" v2 onion_private_key ... i.e. RSA1024:MIICX ...
Code:
cd ~/.bitcoin && sudo nano onion_private_key
Tor hidden_service generated v2 .onion ...
Code:
sudo nano /var/lib/tor/bitcoin-service/hostname
Code:
sudo nano /var/lib/tor/bitcoin-service/private_key
i.e.
-----BEGIN RSA PRIVATE KEY-----
MIICX ...
-----END RSA PRIVATE KEY-----
N.B. You can manually reformat the keys to correspond (depending on how you intend to run your node) ...
Always make sure you stop Bitcoin and Tor before editing and restarting etc.,
I think I don't need such a complex configuration but thank you for the reply!
Re: [ANN] Bitcoin (BTC) on Tor addnodes Project
- https://bitcointalksearch.org/topic/m.52425757
EDIT: Additional ...
Bitcoin generated "ephemeral" v2 onion_private_key ... i.e. RSA1024:MIICX ...
Tor hidden_service generated v2 .onion ...
i.e.
-----BEGIN RSA PRIVATE KEY-----
MIICX ...
-----END RSA PRIVATE KEY-----
N.B. You can manually reformat the keys to correspond (depending on how you intend to run your node) ...
Always make sure you stop Bitcoin and Tor before editing and restarting etc.,
- https://bitcointalksearch.org/topic/m.52425757
...snip...
Configuration examples;
Bitcoin (BTC) bitcoin.conf ... Linux (Tor only and pruned mode) ...
See: https://en.bitcoin.it/wiki/Setting_up_a_Tor_hidden_service
...
Tor - torrc ... Linux (CLIENT only Tor hidden_service, for pruned mode i.e. will only relay Bitcoin traffic over Tor, with reduced bandwidth!) ...
Updated April 2020 ...
See: https://2019.www.torproject.org/docs/tor-manual.html.en
...
Full howto node set-up guide coming soon, including dual stack server, firewall and ddos prevention etc.,
...snip...
Configuration examples;
Bitcoin (BTC) bitcoin.conf ... Linux (Tor only and pruned mode) ...
Code:
cd ~/.bitcoin && sudo nano bitcoin.conf
Quote
prune=5000
listen=1
bind=127.0.0.1
externalip=ONION_ADDR
port=8333
onion=127.0.0.1:9050
proxy=127.0.0.1:9050
maxconnections=256
addnode=satofxsc3xjadxsm.onion:8333
addnode=shindo45rxrk3737.onion:8333
addnode=naka7nzsu3binfim.onion:8333
addnode=motoixfjxnf4joga.onion:8333
listen=1
bind=127.0.0.1
externalip=ONION_ADDR
port=8333
onion=127.0.0.1:9050
proxy=127.0.0.1:9050
maxconnections=256
addnode=satofxsc3xjadxsm.onion:8333
addnode=shindo45rxrk3737.onion:8333
addnode=naka7nzsu3binfim.onion:8333
addnode=motoixfjxnf4joga.onion:8333
See: https://en.bitcoin.it/wiki/Setting_up_a_Tor_hidden_service
...
Tor - torrc ... Linux (CLIENT only Tor hidden_service, for pruned mode i.e. will only relay Bitcoin traffic over Tor, with reduced bandwidth!) ...
Updated April 2020 ...
Code:
sudo nano /etc/tor/torrc
Quote
ClientOnly 1
SOCKSPort 9050
SOCKSPolicy accept 127.0.0.1/8
Log notice file /var/log/tor/notices.log
ControlPort 9051
HiddenServiceDir /var/lib/tor/bitcoin-service/
HiddenServiceVersion 2
HiddenServicePort 8333 127.0.0.1:8333
HiddenServiceStatistics 0
ExtraInfoStatistics 0
ORPort 443
DirPort 80
BandwidthRate 8MB
BandwidthBurst 10MB
ExitPolicy reject *:*
NumCPUs 1
AvoidDiskWrites 1
ConnectionPadding 1
ReducedConnectionPadding 1
GeoIPExcludeUnknown 1
ExcludeNodes Unnamed,default,{ae},{af},{bd},{bh},{bi},{bj},{bn},{bo},{by},{cd},{cf},{ci},{cn},{co},{cu},{cy},{dz},{ec},{eg},{er},{et},{fj},{ht},{id},{iq},{ir},{jo},{kg},{kh},{kp},{kw},{kz},{la},{lb},{lk},{lr},{ly},{ma},{mm},{mw},{np},{om},{ph},{pk},{ps},{qa},{ru},{rw},{sa},{sd},{so},{sy},{th},{tj},{tm},{tn},{tr},{tw},{ua},{ug},{uz},{ve},{vn},{ye},{zw},{??}
SOCKSPort 9050
SOCKSPolicy accept 127.0.0.1/8
Log notice file /var/log/tor/notices.log
ControlPort 9051
HiddenServiceDir /var/lib/tor/bitcoin-service/
HiddenServiceVersion 2
HiddenServicePort 8333 127.0.0.1:8333
HiddenServiceStatistics 0
ExtraInfoStatistics 0
ORPort 443
DirPort 80
BandwidthRate 8MB
BandwidthBurst 10MB
ExitPolicy reject *:*
NumCPUs 1
AvoidDiskWrites 1
ConnectionPadding 1
ReducedConnectionPadding 1
GeoIPExcludeUnknown 1
ExcludeNodes Unnamed,default,{ae},{af},{bd},{bh},{bi},{bj},{bn},{bo},{by},{cd},{cf},{ci},{cn},{co},{cu},{cy},{dz},{ec},{eg},{er},{et},{fj},{ht},{id},{iq},{ir},{jo},{kg},{kh},{kp},{kw},{kz},{la},{lb},{lk},{lr},{ly},{ma},{mm},{mw},{np},{om},{ph},{pk},{ps},{qa},{ru},{rw},{sa},{sd},{so},{sy},{th},{tj},{tm},{tn},{tr},{tw},{ua},{ug},{uz},{ve},{vn},{ye},{zw},{??}
See: https://2019.www.torproject.org/docs/tor-manual.html.en
...
Full howto node set-up guide coming soon, including dual stack server, firewall and ddos prevention etc.,
...snip...
EDIT: Additional ...
Bitcoin generated "ephemeral" v2 onion_private_key ... i.e. RSA1024:MIICX ...
Code:
cd ~/.bitcoin && sudo nano onion_private_key
Tor hidden_service generated v2 .onion ...
Code:
sudo nano /var/lib/tor/bitcoin-service/hostname
Code:
sudo nano /var/lib/tor/bitcoin-service/private_key
i.e.
-----BEGIN RSA PRIVATE KEY-----
MIICX ...
-----END RSA PRIVATE KEY-----
N.B. You can manually reformat the keys to correspond (depending on how you intend to run your node) ...
Always make sure you stop Bitcoin and Tor before editing and restarting etc.,
Your bitcoin.conf file binds on port 8333 when it connects to your 127.0.0.1:9050 SOCKS proxy, making one hidden service and simultaneously, your torrc binds port 8334 to connect to your *first* local address, creating a second hidden service. So the way your torrc config is wired, makes it fetch data from port 8334 <-- port 8333 when someone connects to your node at port 8334. This extra forwarding is not necessary.
EDIT: When I looked at your config a second time and read the torrc documentation, it looks like your torrc configuration is listening on port 8334, and is redirecting it to 127.0.0.1:8333, and nothing is even listening on port 8333. So it definitely should be removed as it's an invalid configuration.
According to the docs:
HiddenServicePort 8334 <-- this defines the port of your onion URL
127.0.0.1:8333 <-- this is where Tor redirects the traffic to.
Delete the HiddenService* lines from your torrc to remove the second hidden service.
EDIT: When I looked at your config a second time and read the torrc documentation, it looks like your torrc configuration is listening on port 8334, and is redirecting it to 127.0.0.1:8333, and nothing is even listening on port 8333. So it definitely should be removed as it's an invalid configuration.
According to the docs:
HiddenServicePort 8334 <-- this defines the port of your onion URL
127.0.0.1:8333 <-- this is where Tor redirects the traffic to.
Delete the HiddenService* lines from your torrc to remove the second hidden service.
Hello,
Recently I had to reinstall/compile Bitcoin Core in my freshly installed Debian Buster laptop.
I followed instructions here for method 2 at the bottom of the site:
https://en.bitcoin.it/wiki/Setting_up_a_Tor_hidden_service
But shortly after I started my node, I noticed that the command
was reporting 2 onion addresses at the bottom of the returned JSON object, at section localaddresses.
These are my settings related to Bitcoin Core and Tor
Bitcoin Core config file
and in /etc/tor/torrc
I also added this to
but these lines are for c-lightning node configuration, so I assume they play no role for Bitcoin Core configuration regarding method 2.
Inside /var/lib/tor/bitcoin-service/hostname I can see only one onion address which is the one in my Bitcoin Core config file.
I already tried to delete my bitcoin onion_private_key file and also deleted my /var/lib/tor/bitcoin-service folder, but still 2 onion addresses are showing up.
So, where is it Bitcoin Core picking up the other onion address?
Can anyone help me?
Recently I had to reinstall/compile Bitcoin Core in my freshly installed Debian Buster laptop.
I followed instructions here for method 2 at the bottom of the site:
https://en.bitcoin.it/wiki/Setting_up_a_Tor_hidden_service
But shortly after I started my node, I noticed that the command
Code:
bitcoin-cli getnetworkinfo
was reporting 2 onion addresses at the bottom of the returned JSON object, at section localaddresses.
Code:
"localaddresses": [
{
"address": "rs6srmllckfcveu2.onion",
"port": 8333,
"score": 6
},
{
"address": "53hhdjgv4jailcee.onion",
"port": 8334,
"score": 4
}
],
"warnings": ""
{
"address": "rs6srmllckfcveu2.onion",
"port": 8333,
"score": 6
},
{
"address": "53hhdjgv4jailcee.onion",
"port": 8334,
"score": 4
}
],
"warnings": ""
These are my settings related to Bitcoin Core and Tor
Bitcoin Core config file
Code:
proxy=127.0.0.1:9050
listen=1
bind=127.0.0.1
externalip=53hhdjgv4jailcee.onion
onlynet=onion
port=8334
listen=1
bind=127.0.0.1
externalip=53hhdjgv4jailcee.onion
onlynet=onion
port=8334
and in /etc/tor/torrc
Code:
HiddenServiceDir /var/lib/tor/bitcoin-service
HiddenServiceVersion 2
HiddenServicePort 8334 127.0.0.1:8333
HiddenServiceVersion 2
HiddenServicePort 8334 127.0.0.1:8333
I also added this to
but these lines are for c-lightning node configuration, so I assume they play no role for Bitcoin Core configuration regarding method 2.
Code:
SocksPort 9050
CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /run/tor/control.authcookie
CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /run/tor/control.authcookie
Inside /var/lib/tor/bitcoin-service/hostname I can see only one onion address which is the one in my Bitcoin Core config file.
I already tried to delete my bitcoin onion_private_key file and also deleted my /var/lib/tor/bitcoin-service folder, but still 2 onion addresses are showing up.
So, where is it Bitcoin Core picking up the other onion address?
Can anyone help me?
Jump to: