It looks like some kind of electrical junction with a Bitcoin logo on it.

What is a Bitcoin node?

This guide requires you to use the command line interface, or CLI, and an SSH client. SSH (Secure Shell) is a popular tool to “remote control” devices securely. In principle, it functions similarly to a VPN, with the exception that you gain access to a computer, rather than the entire internet.

Windows

Windows 10 has a native command line interface, though it might not be installed by default. To install it:

  1. Go to Settings > Apps
  2. Click Manage optional features under Apps & features

If an SSH client is installed on your machine it should appear here. If not, you can add it by clicking Add a Feature and then OpenSSH Client. Don’t install the OpenSSH Server.

To use the SSH client, you need to first open a PowerShell, which can be done by right-clicking the Start Menu or by pressing Windows+X and then selecting the PowerShell.

Once you have launched the PowerShell you enter SSH to be ready.

Mac OS

Open the terminal with Spotlight, the Launch Pad, or Finder.

Linux

Open the command line with Ctrl+Alt+T

Useful tips when using the command line

  • Copy/paste: The standard Ctrl+C and Ctrl+V won’t work in the command line, but you can use Ctrl+Shift+C and Ctrl+Shift+V instead. You can also use your mouse pointer to select text and then copy/paste it by right-clicking the area that you marked. Often you can also paste content by clicking the middle-key or wheel on your mousepad or mouse.
  • Using the up/down arrows in your keyboards will let you browse through recently executed commands, which is very useful if all you need is to change a small typo.
  • Use Ctrl+C to abort a command that is stuck. This will also get you out of most menus or programs.
  • The command line is also a bit like a one-dimensional file explorer. Use the ls command to see which files exist in the current folder, or cd to move to a specific directory. cd .. will move one directory down and cd ~/ goes back to the home folder.

A screenshot of the command line.

  • See which drives are currently connected and how much they are used with the df -h option.
  • You can use the Tab button to autocomplete many instances, for example when selecting a folder to move into with cd, copy with cp, move with mv, or delete with rm. Typing cd d followed by the Tab button will automatically complete a folder starting with d, if it exists. If there are multiple folders starting with d you can press the Tab button again to see the full list.

A screenshot of the command line.

Get a Virtual Private Server

Any server will do. With little effort, you can even convert an old laptop or use a mini PC for about 100 USD. Even a computer as small as a Raspberry Pi would theoretically suffice.

In our case, we will rent a Virtual Private Server (VPS) from Lunanode. We chose Lunanode because it’s relatively easy to sign up without identification—it accepts Bitcoin—and it’s reliable. Another great alternative is Cryptohost (which even takes Lightning!). Pricier but also requiring less personal information for signup is Njal.la.

Alternatively, you may also opt for one of the larger providers such as AWS, Digital Ocean, or Rackspace.

Sign Up

To sign up to Lunanode, you’ll need to verify your email address and phone number, then select your country and choose a password. You can immediately deposit Bitcoin into your account to start paying for your server or enter a credit card to bill you automatically.

Pricing

We recommend the m2 server for 7 USD per month. For the purposes of Bitcoin mining, we’ll add 80GB of storage for an extra 2.7 USD per month.

Find your SSH key

  • In Windows, use the SSH client (see above).
    1. If this is your first time using the SSH client, type ssh-keygen -o -b 4096 -t rsa on the command line to generate a key.
    2. Once you have generated a key, or if you already have a key, find it at C:\Users\YourUserName\.ssh\id_rsa.pub
    3. Open this file with your notepad and add it to your Lunanode panel
  • In Mac OS, open the terminal with Spotlight, Launch Pad, or Finder
    1. Create an SSH key with the command: ssh-keygen -o -b 4096 -t rsa
    2. You can then find your SSH key under ~/.ssh/id_rsa.pub
    3. Open this file with your notepad and add it to your Lunanode panel.
  • In Linux, open a terminal with the command: Ctrl+Alt+T
    1. Create an SSH with the command: ssh-keygen -o -b 4096 -t rsa
    2. You can then find your SSH key under ~/.ssh/id_rsa.pub
    3. Open this file with your notepad and add it to your Lunanode panel.

Add your SSH key

In your Lunanode dashboard, find the option “SSH Keys” on the left side. Give your SSH key a name and paste the contents of your notepad in its entirety into the public key field, then click “Add SSH Keypair.” It should then appear in the list.

Launch your server

To create your virtual machine, click on “Create VM” on the top left corner of your Lunanode dashboard. Choose a location, a plan, and an operating system, then decide on a hostname. In our case, that is Toronto, m2 on Ubuntu 18.04 (64 bit) and we named it Torontola. You’ll also need to add your keypair so you can securely log in.

Log in to your server

Under “virtual machine” you should see your instance now. Click on its name and you should see, among others, its external IP address. You can log in to your server by opening up a Terminal window and entering the command:

ssh ubuntu@

for example: ssh ubuntu@192.168.1.1

Since it’s your first login, you will likely be told the authenticity of your host couldn’t be confirmed. Enter yes to add your machine to your list of trusted devices. You’ll be warned again if the key changes.

Configure your server

Set up a simple firewall to protect the server. Ufw (uncomplicated firewall) should be pre-installed on your machine. Check if it’s installed or enabled by typing sudo ufw status

If you aren’t shown a “Status” message in response, you can install it with sudo apt install ufw

More important, enable SSH to log in to our machine remotely. Skip this step if you have direct access to the server, meaning you can plug a monitor and keyboard into it. If you can’t, you must enable SSH with sudo ufw allow ssh

Now turn the firewall on with sudo ufw enable

Update your server

Make sure your server is up to date by running the commands sudo apt update and sudo apt upgrade.

Now you’re all set! The next steps describe how to set up the Bitcoin node.

***

It looks like some kind of electrical junction with a Bitcoin logo on it.

How to set up your own Bitcoin node

Includes a full node, Lightning, Tor support, Zap Desktop and iOS wallet, ejabberd, and BTCPay Server.

1. Add a server volume

To start, get the server ready for Bitcoin mining.

On the left side of your Lunanode panel, you’ll find the Volumes option.

You should see it immediately in your list of volumes. Click on “Manage” and “Attach to VM”. Make sure that the virtual machine you attach it to is the correct one (if you purchased extra storage, use that one).

We’ll keep the default disk driver at “virtio.”

In your terminal, logged into your server, you can now run the command sudo fdisk -l to confirm the volume name. It’s very likely the same as ours, /dev/vdc

To permanently attach the volume to our server, become a superuser temporarily. Become a superuser by running the command: sudo -i

Our username now changes to root@torontola, and we can run the following commands without sudo:

mkfs.ext4 /dev/vdc (formats the empty drive)
mkdir /media/bitcoin (creates a mount point)
mount /dev/vdc /media/bitcoin (mounts the device at the mount point)
echo '/dev/vdc /media/bitcoin ext4 defaults 0 2' >> /etc/fstab (makes the mount point permanent)
chown -R ubuntu /media/bitcoin (allows us to later write data to this drive as the default ubuntu user)

Go back to our regular user (safer) by typing exit

Our server is now ready to be a Bitcoin node!

2. Install and configure Bitcoind

Log in to (or stay logged in to) the server.

Install Bitcoind

To install Bitcoind, you first need to add the Bitcoin repository:

sudo add-apt-repository ppa:bitcoin/bitcoin

Confirm the choice, update the package manager with sudo apt update

Install Bitcoind with the command: sudo apt install bitcoind

Create a simple config file

Sync Bitcoin into our added volume, which requires a line addition to the config file. You might also want to prune it, which means limiting the size of the Blockchain by only keeping recent blocks on the disk.

Pruning allows us to save on storage space and cost. Create a bitcoin directory with the command: mkdir .bitcoin (the dot is important)

Then a config file with the command: nano ~/.bitcoin/bitcoin.conf

Now copy/paste the following into it:
datadir=/media/bitcoin
daemon=1
prune=70000

Save the file with the keys Ctrl+O and close the window with the command: Ctrl+X

Start Bitcoind

Start Bitcoind with the command bitcoind

You should get the response “Bitcoin server starting.” To see what your Bitcoin node is doing you can run the command tail -f /media/bitcoin/debug.log

You can also open a new terminal window, SSH into your machine, and keep this window open if you’d like. It will give you an easy overview of everything. You can exit the window by holding the keys Ctrl+C at the same time.

Check up on your computer

Check the health of our node also by typing bitcoin-cli --getinfo

In the example below, you can see we have synced 388,343 blocks (of ~566,000) and are connected to 16 peers.

A screenshot of the terminal commands.

Run the command top anytime to see how many resources are being consumed. This might also be useful when seeing if a process is still running. Below we can see that Bitcoind is consuming most of our memory, but relatively little CPU.

A screenshot of Terminal.

Now… Wait

Syncing Bitcoin will take a while. It’s best to pause here and continue later. You can periodically check back on your node using the bitcoin-cli --getinfo command or by observing the logs using tail -f /media/bitcoin/debug.log

Optional: Open ports

Allow incoming connections to our future Bitcoin node with sudo ufw allow 8333/tcp

Open ports help the network as it creates more space for others to connect.

Optional: Buy extra CPU time

Syncing your node for the first time can be CPU intensive. In your Lunanode admin panel, go to “Virtual Machines,” click on your server, then on “CPU.”

Change the option from “No” to “Yes” under “Pay for CPU utilization above baseline performance?” A complete sync of a Bitcoin node should not cost more than 4 USD.

3. Download and install Go

We’re roughly following the installation guide found on the Lightning Network Github, tailored to the Lunanode instance that we already have. We’ll try to keep our guide up to date, but if you see any unexpected errors, it might be worth checking there if anything has changed.

Download Go

Download the Go code with the command: wget https://dl.google.com/go/go1.11.5.linux-amd64.tar.gz

Verify that the data is correct by typing sha256sum go1.11.5.linux-amd64.tar.gz | awk -F " " '{ print $1 }'

This shows us the SHA256 hash of the data we downloaded. We expect the output to be ff54aafedff961eb94792487e827515da683d61a5f9482f668008832631e5d25

Install Go

The file comes compressed, similar to a zip file. Unpack Go into the home directory tar -C ~/ -xzf go1.11.5.linux-amd64.tar.gz

Copy it over to a more appropriate place with sudo mv ~/go /usr/local

Next, tell the server where it can find the Go code. This may differ from machine to machine. In our case it is:

export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH

To make this permanent, add the lines to .bashrc file. Open the file using nano ~/.bashrc then scroll to the bottom and paste there.

Save and close nano by pressing the buttons Ctrl+O and Ctrl+X

Check if go is properly installed

Test if Go is properly installed by typing go version
Expect the output: go version go1.11.5 linux/amd64

4. Install lnd

Prerequisites

Download essentials before commencing the installation.

Run the command: sudo apt-get install -y build-essential
Make sure Git is installed. If not, install it with sudo apt install git

Download lnd

To install lnd, download the code go get -d github.com/lightningnetwork/lnd

Install lnd

Move into the directory of lnd with the command: cd ~/go/src/github.com/lightningnetwork/lnd

It’s generally recommended to stick with the latest release, rather than updating to the latest code on master. Check what the latest release of lnd is here. In our case it’s version v0.5.2-beta. We will “check out” this version with the command
git fetch --tags
git checkout v0.5.2-beta

Finally, install lnd with the command: make && make install

Now navigate back to the home folder with cd ~/

Check if lnd is properly installed

You should now be able to see if lnd is installed by typing lnd --version and lncli --version

It should read version 0.5.2-beta commit=v0.5.2-beta

Configure lnd

Create a configuration file for lnd. Make the directory with mkdir ~/.lnd

Edit it right away using nano ~/.lnd/lnd.conf

A screenshot of the Terminal.

Don’t forget to fill in the blue fields with your own information! You can freely choose a name and color for your node.

Find your IP address in the dashboard of Lunanode (if that is what you are using for your server).

You’ll need a username and password for the next step. For simplicity, it might be a good idea to avoid special characters.

# [Application Options]
alias=< name of your node >
color=< your favorite color in hex >

# [Bitcoin]
bitcoin.active=1
bitcoin.mainnet=1
bitcoin.node=bitcoind

bitcoind.rpchost=127.0.0.1
bitcoind.rpcuser=< your username >
bitcoind.rpcpass=< your password >

bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333

# [LND]
externalip=< your ip >

Configure Bitcoind

We’ll need to make some amendments to Bitcoind. We’ll open the config file with nano ~/.bitcoin/bitcoin.conf

We will need to add the following lines:
rpcuser=< your username >
rpcpassword=< your password >
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28333

Save and close the config file with Ctrl+O and Ctrl+X and restart Bitcoind with sudo service bitcoind restart

5. Launch lnd and create a wallet

Prerequisites

To begin this step, make sure Bitcoind is fully synced and ready. Test this by running the command: bitcoin-cli --getinfo and compare the value of blocks with a block explorer, for example, Blockstream.info.

The block height displayed by the block explorer should be the same as the “blocks” output of our command. If the number shown by the block explorer is larger, the node is not yet synced.

Use tail -f /media/bitcoin/debug.log to see the logs. This will also show when the last block was created and the sync progress. Our node will be synced up to this date.

A screenshot of Terminal.

Launch lnd

Launch lnd by typing lnd into your terminal. Alternatively, you can also try ~/go/bin/lnd

Does it look like the output below? Great, everything is going according to plan. If you see an error message, make sure Bitcoin is running or go back to the step that the error message suggests is wrong. Are all the configuration files correct?

A screenshot from Terminal

When your output looks like the one above, close lnd again by pressing the keys Ctrl+C

Permanently run lnd in the background with the command: lnd &>/dev/null

Type disown to make sure the task is still running, even if logged out or the terminal is closed.

Optional: Observe lnd through the debug logs

Open a new terminal, SSH back into the server and open the lnd logs to get a good idea of what is going on in the background.

It’s quite interesting, but will also alert you if anything is going wrong. In the new terminal window, type: tail -f ~/.lnd/logs/bitcoin/mainnet/lnd.log

Leave this view anytime by pressing Ctrl+C

Create a wallet

While lnd is running in the background, run the command: lncli create

Enter a wallet password, then confirm it.

Next, we are asked whether we have an existing cipher seed mnemonic. As this is a new Lightning node (as opposed to one that is being restored), we will use n

You can optionally encrypt your cipher seed—a good idea if you are storing the seed in a location accessible to others (under your mattress)—but you must remember the encryption key.

We choose not to encrypt the seed in this example. Below, the cipher seed is blacked out.

A Terminal screenshot of the cipher seed.

Unlock your wallet

If you created a new wallet, it should have unlocked automatically. If something went wrong or you are restarting lnd, you need to unlock your wallet with the command: lncli unlock

Sync lnd

Since this is the first time starting lnd, we will need to sync it.

6. Open a channel

If you prefer to leave the command line at this point, jump to the next step and connect Zap Desktop or Zap iOS to your node. You can then open channels and make payments inside of a neat user interface.

Make sure lnd is running and synced

Do this with the command: lncli getinfo. It should read synced to chain: true.

If it’s not synced, we need to make sure Bitcoind is running and synced, for example, by running bitcoin-cli --getinfo and comparing the current block height of our node with that of a block explorer.

Check the logs that Bitcoind (tail -f /media/ubuntu/bitcoin/debug.log) and lnd (tail -f ~/.lnd/lnd.log) are running.

Deposit coins into your node

Generate a new address with the command: lncli newaddress p2wkh

The output should be something like bc1…

You can now send Bitcoin to this address by copy/pasting the address into your Bitcoin wallet. If your wallet somehow cannot send to an address in the format bc1…, you can also generate a legacy address starting with ‘3’ using the command: lncli newaddress np2wkh

Check the balance anytime by using the command: lncli walletbalance

It will show both the confirmed and unconfirmed balance in Satoshi. 1 Bitcoin is 100 million Satoshi.

Connect to a node

In the next step, we will connect to a node. Maybe you already have a node to connect to or know a friend running a Lightning node. You can also pick one of the popular nodes listed on 1ml.com

A Lightning node’s URI looks like this: 0331f80652fb840239df8dc99205792bba2e559a05469915804c08420230e23c7c@74.108.13.152:9735

It contains the public key of the node before the @, then its IP or domain name and the port.

Connect to this node using the command: lncli connect [0331f80652fb840239df8dc99205792bba2e559a05469915804c08420230e23c7c@74.108.13.152:9735]

When successfully connected, the output should simply be an open and a close bracket without an error message.

Open a channel

Once the deposit has been confirmed on the Bitcoin Blockchain, open a channel. You can open the channel with the node connected with the above, but it is highly recommended that you connect to a diverse group of nodes. You are also welcome to open channels with multiple nodes.

We will open a channel with the command: lncli openchannel 0331f80652fb840239df8dc99205792bba2e559a05469915804c08420230e23c7c 200000, where the long string starting with 0331 is the other node’s public key and the number 200000 represents the amount of funds we want to put into this channel, denominated in Satoshi.

Once your channel is successfully open, you will get the funding transaction. When this transaction is confirmed on the Blockchain, your channel will be open and active. Until then it will be shown under pending channels.

Generally, it will take three confirmations for your channel to become active.

A screenshot of an open channel in Terminal.

Make a payment

To make a payment, you will need outgoing liquidity (have funds in channels with other nodes). To do this, all you need is to deposit Bitcoin into your node and open channels with the network.

Ideally, these channels are directly linked to the counterparties you transact with or well-connected nodes in the network.

You can always check your node with the command: lncli getinfo

Your node should always be synced to the chain, and you should have at least one active channel.

A Lightning invoice looks like this: lnbc10u1pwfxg42pp553wyha3ag66tn40zls69eeaeq0cyluj6ja54sygp7vh50gcy0rnsdqlxycrqvpqwdshgueqvfjhggr0dcsry7qcqzysyrmxj0554vrg4ej2we83m8n7rxj94s8c5a8rwjud07ptc6dw7j2hr42sxt7lnazglku3pfe9jkl8f0gupkuz7jly5xnq35qr202jwwqqy8qs9a

Decode it with the command: lncli decodepayreq [Lightning invoice]

This will show the amount, where the payment is going, and when the invoice expires.

A screenshot of a received payment in Terminal.

To make a payment we will use the command: lncli payinvoice [Lightning invoice]

After confirming the amount and destination, the node will attempt to make the payment. Once the payment has been successful, information about the payment, such as the hops and fees, will be received.

Receive a payment

To receive payments, you will need incoming liquidity. Encourage others to open channels with you (over time, as your node stays online, this will happen automatically).

Every time you make a payment through your channels, you will also automatically free up incoming liquidity. For example, if you deposit 10 USD into your node, open a channel, and make a payment over 2 USD, you will immediately have 2 USD in incoming capacity.

To receive a payment, generate an invoice. The invoice follows the format lncli addinvoice --memo “a memo” --amt --expiry < expiry time in seconds >

For example, we can run lncli addinvoice --memo “for VPN services” --amt 90000 --expiry 3600 for a 90,000 Satoshi invoice that is valid for one hour.

The result will include a r_hash, a pay_req and an add_index. The pay_req is our invoice that we can pass on.

A screenshot of a payment request in Terminal.

Check payments

See the invoices issued and their status with the command: lncli listinvoices. Below, we can see that the invoice we issued above has not yet been paid, as “settled” is set to false.

A screenshot of a payment in Terminal.

7. Useful commands with lnd

By far the most useful command in lnd is lncli help. It lists all the available commands. Get additional information on each command by adding the word “help.” For example, lncli addinvoice help will show you the available options when creating an invoice.

  • lncli getinfo shows you basic information about your node
  • lncli listchannels shows you the channels you currently have open and their status
  • lncli getnetworkinfo shows you the scope of the Lightning network from your point of view
  • lncli feereport shows you how much your node has earned from routing payments
  • lncli connect If a payment channel is offline or inactive, you may try to connect to the peer to revive it manually
  • lncli walletbalance shows you how many Satoshis you own on-chain
  • lncli channelbalance shows you how many Satoshis you own in channels

8. Alternative: Connect Zap Desktop

Zap is a user interface for Lightning node that can run on your computer. If you are running Lightning on your local machine, it’s trivial to connect. But if your node is in the cloud, you’ll need to do a few more steps.

For this step to work, both your Bitcoind and your lnd node need to be fully synced. Check whether lnd is synced with the command: lncli getinfo. It should read “synced to chain: true.”

If they’re not synced, make sure Bitcoind is running and synced, either by checking the log with tail -f /media/bitcoin/debug.log or by running bitcoin-cli --getinfo and comparing the block height with another node, or by checking block explorer.

Download Zap

Download Zap for desktop here. We downloaded the latest release, which in our example is v0.4.1 beta. Make sure you get the right version for your operating system! For Windows, that is ZapDesktop-win32-v0.4.1-beta.exe

Amend lnd.conf

Open our configuration file with nano ~/.lnd/lnd.conf

Amend the following lines:

rpclisten=0.0.0.0:10009
tlsextraip=< your IP address >
Save and close the file with Ctrl+O and Ctrl+X

Stop lnd

To make changes go into effect, restart lnd. To stop lnd, run lncli stop
Wait for a few seconds before starting it again. If you have the logs open, you can see when lnd has shut down. You can also check with top

Delete tls key and certificate

If you made changes to the configuration file that affect the tls key and certificate, you’ll need to delete them. Do so with the command: rm ~/.lnd/tls.cert and rm ~/.lnd/tls.key

To start again, run lnd &>/dev/null and disown

Open the firewall

To use Zap, make incoming connections to our Lightning node. Open the firewall with the command: sudo ufw enable 10009/tcp

Copy over the macaroon and TLS certificate

To authenticate the app and the server, you’ll need to copy two files (shown below).

Zap will check if the TLS key is correct to make sure it is always connected to the correct server (and not one impersonating it). To know which TLS key is right, we will need to tell Zap the TLS certificate.

Windows:

Open a new PowerShell with the command: scp ubuntu@< your nodes ip >:~/.lnd/tls.cert C:\Users\YourUserName\Desktop\ to copy the tls certificate to your desktop.

Use the command: scp ubuntu@< your nodes ip >:~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon C:\Users\YourUserName\Desktop\ to copy the macaroon. If you want, you may copy it into any folder using the explorer.

Mac or Linux:

Open a new terminal and use the command: scp ubuntu@< your nodes ip >:~/.lnd/tls.cert ~/Desktop to copy the tls certificate.

Use the command: scp ubuntu@< your nodes ip >:~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon ~/Desktop to copy the macaroon. You can also copy it into any folder using Finder or Files.

Configure Zap

Open Zap either by clicking on the file downloaded earlier or by finding it in applications. Choose the option Connect your own node in the startup screen.

A screenshot of the Zap connection screen.

Next, enter your IP address and the path to the certificate.

Windows:

This may look like this:
192.168.1.21:10009
C:\Users\YourUserName\Desktop\tls.cert
C:\Users\YourUserName\Desktop\admin.macaroon

Mac or Linux:

This may look like this:
192.168.1.21:10009
~/Desktop/tls.cert
~/Desktop/admin.macaroon

A screenshot of the Zap connection details screen.

Login

After clicking on Next and confirming your selection, you should be logged into your node. You can see your balance as well as your recent payments.

8b. Alternative: Connect Zap iOS

Zap is a user interface for your Lightning node that is still in alpha, but you can sign up to be a tester here. You can use it to connect remotely, check your funds, open channels, or make and receive payments.

Download Zap for iOS

Once you have joined as a tester, download and install the app through Testflight, Apple’s tool for downloading testing software. It will then show up as a regular app on your home screen.

Download lndconnect

To authenticate the app and the server, we’ll need to pass data from our server to the phone. When connecting Zap on the desktop, two files are copied over to our machine, but that’s not possible on a phone. Instead, use a tool called lndconnect that will generate a QR code for us.

Download lndconnect with the command:
go get -d github.com/LN-Zap/lndconnect

Install lndconnect

To install lndconnect, move into the directory with the command:
cd ~/go/src/github.com/LN-Zap/lndconnect

Install the program with make && make install

Run lndconnect

Type lndconnect in your terminal to make the QR code appear. You may have to zoom out a bit and enlarge the window with Ctrl++ (Keep control pressed and additionally press the plus or minus sign to zoom in or out)

Connect Zap

Open the Zap app in your phone and click Scan when given the option. Scan the QR code generated with lndconnect.

You can now see your balance, make and receive payments, and manage your channels with the app.

9. Optional: Configure Bitcoind over Tor

Privacy is great. Our Bitcoin business is solely our business, and no Internet Service Provider or government should be able to see how we use it.

But privacy is also great for security. If we can hide our Bitcoin activity, we can’t easily be targeted by criminal organizations. And, if our node can’t be found, it cannot be easily corrupted or fed false information.

Install tor

Quickly install tor with the command: sudo apt install tor

Configure tor

First, route all Bitcoin transactions through the Tor network. Then allow incoming transactions only over a hidden service.

To do this, we will need to create a password and its hash. To create a password, use your password manager (or use ours) to generate a 30+ character random password with uppercase letters, lowercase letters, and numbers.

Paste it for now in a notepad, but do not save it.

Create its hash using tor with the command: tor --hash-password “yourpassword”

Paste the output in a notepad for now.

Now edit the tor configuration file. Open it with the command: sudo nano /etc/tor/torrc

The configuration file is already prewritten, but everything is commented out (as indicated by the lines starting with # signs. Towards the bottom of the first section, find the phrase #ControlPort 9051

Remove the # sign, so it reads ControlPort 9051

Also, remove the # signs from these two lines

HashedControlPassword < your password >
CookieAuthentication 1

Replace the existing HashedControlPassword with the hash obtained in the step above. Now delete the hash from the notepad.

Save and close the new config file with Ctrl+O and Ctrl+X

Restart tor with the command: sudo service tor restart

Configure Bitcoind

Enter Bitcoin configuration file with nano ~/.bitcoin/bitcoin.conf

Amend the file with the following configuration:

  • proxy=127.0.0.1:9050 (points the Bitcoin node to the Tor Socks Proxy, so that all data goes through tor)
  • listen=1 (will listen to incoming connections)
  • onlynet=onion (to only connect through tor)
  • listenonion=1 (will listen for incoming connections through an onion address)
  • discover=0 (so our IP address is not broadcast)
  • torcontrol=127.0.0.1:9051 (shows the bitcoin node how to control Tor, for example, to create a hidden service)
  • torpassword=< YourTorPassword > (how the Bitcoin node will authenticate itself to the Tor node)

Paste the password created earlier, then close the notepad.

Close the editor with the commands: Ctrl+O and Ctrl+X
Restart Bitcoind with the command: sudo service bitcoind restart

Close the port

Bitcoin port 8333 no longer needs to be open. Close it with the command: sudo ufw deny 8333/tcp

Test your onion setup

You can now connect to onion nodes. You should find a list of such nodes in the Bitcoin wiki.

For example, connecting to BlueMatt’s node requires the command: bitcoin-cli addnode "nkf5e6b7pl4jfd4a.onion” add

Your Bitcoin node can connect to regular IP addresses still, but only accept incoming connections via the Tor network. Your onion address will show up in your logs at startup in case you want to connect to it specifically from another node you control. You can also find it at the very bottom with the command bitcoin-cli getnetworkinfo