2.1 Bitcoin client: Bitcoin Core
We install Bitcoin Core, the reference client implementation of the Bitcoin network.
This may take some time
Bitcoin Core will download the full Bitcoin blockchain, and validate all transactions since 2009. We're talking more than 800'000 blocks with a size of over 465 GB, so this is not an easy task.
Installation
We download the latest Bitcoin Core binary (the application) and compare this file with the signed and timestamped checksum. This is a precaution to make sure that this is an official release and not a malicious version trying to steal our money.
💡 If you want to install the Ordisrespector patch to reject the Ordinals of your mempool, follow the Ordisrespector bonus guide and come back to continue with the "Create the bitcoin user" section.
💡 If you want to install Bitcoin Core from the source code but without the Ordisrespector patch, follow the Ordisrespector bonus guide skipping Apply the patch “Ordisrespector” and come back to continue with the "Create the bitcoin user" section.
Download binaries
Login as
admin
and change to a temporary directory which is cleared on reboot
Set a temporary version environment variable to the installation
Get the latest binaries and signatures
Checksum check
Check that the reference checksum in the file
SHA256SUMS
matches the checksum calculated by you (ignore the "lines are improperly formatted" warning)
Example of expected output:
Signature check
Bitcoin releases are signed by several individuals, each using its own key. To verify the validity of these signatures, you must first import the corresponding public keys into your GPG key database.
The next command downloads and imports automatically all signatures from the Bitcoin Core release attestations (Guix) repository
Expected output:
Verify that the checksums file is cryptographically signed by the release signing keys. The following command prints signature checks for each of the public keys that signed the checksums
Check that at least a few signatures show the following text
Timestamp check
The binary checksum file is also timestamped with the Bitcoin blockchain using the OpenTimestamps protocol, proving that the file existed before some point in time. Let's verify this timestamp. On your local computer, download the checksums file and its timestamp proof:
Click to download the checksum file
Click to download its timestamp proof
In your browser, open the OpenTimestamps website
In the "Stamp and verify" section, drop or upload the downloaded
SHA256SUMS.ots
proof file in the dotted boxIn the next box, drop or upload the
SHA256SUMS
fileIf the timestamps are verified, you should see the following message. The timestamp proves that the checksums file existed on the release date of the latest Bitcoin Core version
The following screenshot is just an example of one of the versions:
If you're satisfied with the checksum, signature, and timestamp checks, extract the Bitcoin Core binaries
If you want to generate a full bitcoin.conf file, follow the proper extra section, and then come back to continue with the next section
If you want to install the manual page for bitcoin-cli
, follow the manual page for the bitcoin-cli extra section, and then come back to continue with the next section
Binaries installation
Install it
Check the correct installation requesting the output of the version
The following output is just an example of one of the versions:
(Optional) Delete installation files of the
tmp
folder to be ready for the next installation
Create the bitcoin user & group
The Bitcoin Core application will run in the background as a daemon and use the separate user “bitcoin” for security reasons. This user does not have admin rights and cannot change the system configuration.
Create the
bitcoin
user and group
Add the user
admin
to the group "bitcoin" as well
Allow the user
bitcoin
to use the control port and configure Tor directly by adding it to the "debian-tor
" group
Create data folder
Bitcoin Core uses by default the folder .bitcoin
in the user's home. Instead of creating this directory, we create a data directory in the general data location /data
and link to it.
Create the Bitcoin data folder
Assign as the owner to the
bitcoin
user
Switch to the user
bitcoin
Create the symbolic link
.bitcoin
that points to that directory
Check the symbolic link has been created correctly
Expected output:
Generate access credentials
For other programs to query Bitcoin Core they need the proper access credentials. To avoid storing the username and password in a configuration file in plaintext, the password is hashed. This allows Bitcoin Core to accept a password, hash it, and compare it to the stored hash, while it is not possible to retrieve the original password.
Another option to get access credentials is through the .cookie
file in the Bitcoin data directory. This is created automatically and can be read by all users who are members of the "bitcoin" group.
Bitcoin Core provides a simple Python program to generate the configuration line for the config file.
Enter to the bitcoin folder
Download the RPCAuth program
Run the script with the Python3 interpreter, providing the username (
minibolt
) and your"password [B]"
arguments
All commands entered are stored in the bash history. But we don't want the password to be stored where anyone can find it. For this, put a space ( )
in front of the command shown below
Example of expected output:
Copy the
rpcauth
line, we'll need to paste it into the Bitcoin config file
Configuration
Now, the configuration file bitcoind
needs to be created. We'll also set the proper access permissions.
Still as the user
"bitcoin"
, creates thebitcoin.conf
file
Enter the complete next configuration. Save and exit
Replace the whole line starting with "rpcauth=..."
the connection string you just generated
(Optional) If you checked on the Check IPv6 availability section and you don't have IPv6 available, you can discard the IPv6 network and cjdns of the Bitcoin Core by adding the next lines at the end of the configuration file:
-> This is a standard configuration. Check this Bitcoin Core sample bitcoind.conf file with all possible options or generate one yourself following the proper extra section
Set permissions: only the user
bitcoin
and members of thebitcoin
group can read it (needed for LND to read the "rpcauth
" line)
Exit the
bitcoin
user session back to the useradmin
Create systemd service
The system needs to run the bitcoin daemon automatically in the background. We use systemd
, a daemon that controls the startup process using configuration files
Create the systemd configuration
Enter the complete next configuration. Save and exit
Enable autoboot (optional)
Prepare “bitcoind” monitoring by the systemd journal and check the logging output. You can exit monitoring at any time with Ctrl-C
Keep this terminal open, you'll need to come back here on the next step to monitor the logs
Run
To keep an eye on the software movements, start your SSH program (eg. PuTTY) a second time, connect to the MiniBolt node, and log in as admin
Start the service
Monitor the log file for a few minutes to see if it works fine (it may stop at "dnsseed thread exit
", that's ok)
Link the Bitcoin data directory from the
admin
user home directory as well. This allowsadmin
user to work with bitcoind directly, for example using the commandbitcoin-cli
This symbolic link becomes active only in a new user session. Log out from SSH by entering the next command
Log in again as a user
admin
opening a new SSH sessionCheck symbolic link have been created correctly
Expected output:
Troubleshooting note:
If you don't obtain the before-expected output () and you only have (.bitcoin
), you must follow the next steps to fix that:
Delete the failed created symbolic link
Try to create the symbolic link again
Check the symbolic link has been created correctly this time and you have now the expected output:
Wait a few minutes until Bitcoin Core starts, and enter the next command to obtain your Tor and I2P addresses. Take note of them, later you might need it
Example of expected output:
Check the correct enablement of the I2P and Tor networks
Example of expected output:
Ensure bitcoind is listening on the default RPC & P2P ports
Expected output:
Please note:
When “bitcoind” is still starting, you may get an error message like “verifying blocks”. That’s normal, just give it a few minutes.
Among other info, the “verificationprogress” is shown. Once this value reaches almost 1 or near (0.999…), the blockchain is up-to-date and fully validated.
Bitcoin Core is syncing
This process is called IBD (Initial Block Download). This can take between one day and a week, depending mostly on your PC performance. It's best to wait until the synchronization is complete before going ahead
Explore bitcoin-cli
If everything is running smoothly, this is the perfect time to familiarize yourself with Bitcoin, the technical aspects of Bitcoin Core, and play around with bitcoin-cli
until the blockchain is up-to-date.
The Little Bitcoin Book is a fantastic introduction to Bitcoin, focusing on the "why" and less on the "how"
Mastering Bitcoin by Andreas Antonopoulos is a great point to start, especially chapter 3 (ignore the first part how to compile from source code):
Learning Bitcoin from the Command Line by Christopher Allen gives a thorough deep dive into understanding the technical aspects of Bitcoin
Also, check out the bitcoin-cli reference
Activate mempool & reduce 'dbcache' after a full sync
Once Bitcoin Core is fully synced, we can reduce the size of the database cache. A bigger cache speeds up the initial block download, now we want to reduce memory consumption to allow the Lightning client and Electrum server to run in parallel. We also now want to enable the node to listen to and relay transactions.
As user
admin
, edit thebitcoin.conf
file
Bitcoin Core will then just use the default cache size of 450 MiB instead of your setting RAM setup. If blocksonly=1
is left uncommented it will prevent Electrum Server from receiving RPC fee data and will not work. Save and exit
Comment the following lines (adding a
#
at the beginning)
Restart Bitcoin Core for the settings to take effect
OpenTimestamps client
When we installed Bitcoin Core, we verified the timestamp of the checksum file using the OpenTimestamp website. In the future, you will likely need to verify more timestamps, when installing additional programs (e.g. LND) and when updating existing programs to a newer version. Rather than relying on a third party, it would be preferable (and more fun) to verify the timestamps using your blockchain data. Now that Bitcoin Core is running and synced, we can install the OpenTimestamp client to locally verify the timestamp of the binaries checksums file.
As user
admin
, install dependencies
Install the OpenTimestamp client
Display the OpenTimestamps client version to check that it is properly installed
Example of expected output:
To update the OpenTimestamps client, simply exec sudo pip3 install --upgrade opentimestamps-client
Extras (optional)
Slow device mode
As user
admin
editbitcoin.conf
file
Add these lines to the end of the file
Comment these lines
Renovate your Bitcoin Core Tor and I2P addresses
With user
admin
, stop bitcoind and dependencies
Delete
Start bitcoind again
If you want to monitor the bitcoind logs and the starting progress, type
journalctl -fu bitcoind
in a separate SSH sessionWait a minute to identify your newly generated addresses with
Example of expected output:
The manual page for bitcoin-cli
For convenience, it might be useful to have the manual page for
bitcoin-cli
in the same machine so that they can be consulted offline, they can be installed from the directory
If you followed the Ordisrespector bonus guide this section is not needed because man pages are installed by default, type directly man bitcoin-cli
command to see the man pages
Now you can read the docs doing
Now come back to the section Binaries installation to continue with the Bitcoin Core installation process, not if you followed the Ordisrespector bonus guide
Generate a full bitcoin.conf example file
This extra section is valid if you compiled it from the source code using the Ordisrespector bonus guide
Follow the complete Installation progress before or the Ordisrespector installation progress to install the
bitcoind
binary on the OSWith user
admin
, go to the temporary folder
Clone the source code from GitHub
Copy-paste the bitcoind binary file existing on your OS to the source code folder
Go to the
devtools
folder
Exec the
gen-bitcoin-conf
script to generate the file
Expected output:
Use
cat
to print it on the terminal to enable a copy-paste
Or
nano
to examine the content
(Optional) Delete the bitcoin
folder from the temporary folder
Upgrade
The latest release can be found on the GitHub page of the Bitcoin Core project. Always read the RELEASE NOTES first! When upgrading, there might be breaking changes or changes in the data structure that need special attention. Replace the environment variable "VERSION=x.xx"
value for the latest version if it has not been already changed in this guide.
Login as
admin
user and change to the temporary directory
Set a temporary version environment variable to the installation
Download binary, checksum, signature files, and timestamp file
Verify the new version against its checksums
Example of expected output:
The next command downloads and automatically imports all signatures from the Bitcoin Core release attestations (Guix) repository
Expected output:
Verify the checksums file is cryptographically signed by the release signing keys. The following command prints signature checks for each of the public keys that signed the checksums
Check that at least a few signatures show the following text
If you completed the IBD (Initial Block Download), now you can verify the timestamp with your node. If the prompt shows you
-bash: ots: command not found
, ensure that you are installing the OTS client correctly in the proper section
The following output is just an example of one of the versions:
Now, just check that the timestamp date is close to the release date of the version you're installing
If you obtain this output:
-> This means that the timestamp is pending confirmation on the Bitcoin blockchain. You can skip this step or wait a few hours/days to perform this verification. It is safe to skip this verification step if you followed the previous ones and continue to the next ones
If you're satisfied with the checksum, signature, and timestamp checks, extract the Bitcoin Core binaries
Install them
Check the new version
The following output is just an example of one of the versions:
(Optional) Delete installation files of the
/tmp
folder to be ready for the next upgrade
Restart the Bitcoin Core to apply the new version
Uninstall
Uninstall service
Ensure you are logged in with the user
admin
, stop bitcoind
Disable autoboot (if enabled)
Delete the service
Delete user & group
Delete bitcoin user's group
Delete the
bitcoin
user. Don't worry aboutuserdel: bitcoin mail spool (/var/mail/bitcoin) not found
output, the uninstall has been successful
Delete the bitcoin group
Detele data directory
Delete the complete
bitcoin
directory
Uninstall binaries
Delete the binaries installed
Uninstall FW configuration
If you followed the Bisq bonus guide, you needed to add an allow rule on UFW to allow the incoming connection to the 8333
port (P2P)
Ensure you are logged in with the user
admin
, display the UFW firewall rules, and note the numbers of the rules for Bitcoin Core (e.g. "Y" below)
Expected output:
If you don't have any rule matched with this, you don't have to do anything, you are OK
Delete the rule with the correct number and confirm with "
yes
"
Port reference
Port | Protocolo | Use |
---|---|---|
8333 | TCP | P2P port |
8332 | TCP | RPC port |
8334 | TCP | P2P secondary port |
Last updated