Versions Compared

Version Old Version 14 New Version Current
Changes made by

Charles Wernicke

Charles Wernicke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#FFF0B3

This guide is based on VPS installation only!

...

This guide

...

demonstrates Bitcoin Core installation for version: 27.0

...

Other/newer versions may (and probably will) work, but this guide only supports this version.

...

Info

 Before you begin…

The following example presumes you have the following ready:

  • root access to a server running any current Ubuntu LTS (2024.04 in this example),

  • sufficient free space on your storage/hard drive for the full Bitcoin blockchain,

    • the blockchain increases in size by approximately 20GB per month,

  • 4+ GB of memory (RAM).

...

Download and install the Bitcoin daemon on your server:

Code Block
wget https://bitcoinbitcoincore.org/bin/bitcoin-core-27.0.20.1/bitcoin-27.0.20.1-x86_64-linux-gnu.tar.gz

Optional: verify the file integrity:

Code Block
wget https://bitcoincore.org/bin/bitcoin-core-27.0.20.1/SHA256SUMS.asc
gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com --refresh-keys
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0x90C8019E36C2E964
gpg --edit-key 0x90C8019E36C2E964 trust

  • Press 5 (“5 = I trust ultimately” ), and “y”:

...

  • then type “quit” to exit gpg. Next, examine the signature:

Code Block
gpg --keyid-format long --list-keys --with-fingerprint 0x90C8019E36C2E964

  • expect to see: "Key fingerprint = 01EA 5486 DE18 A882 D4C2  6845 90C8 019E 36C2 E964"

Code Block
gpg --verify
SHA256SUMS.asc

  • expect to see: 'gpg: Good signature from "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>"'

Code Block
sha256sum --ignore-missing --check SHA256SUMS.asc

...

  • If successfully verified, you’ll see: "bitcoin-0.2027.0.1-x86_64-linux-gnu.tar.gz: OK" .ignore anything additionally reported by the last command.
  • There are additional (optional) steps that can be taken to authenticate your download, and you are definitely encouraged to avail yourself of them. See: https://bitcoincore.org/en/download/
Decompress the Bitcoin Core tarball:
 Code Block
tar xzf bitcoin-27.0.20.1-x86_64-linux-gnu.tar.gz
Install 
...
the 2 required binaries to the system:
 Code Block
sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-27.0.20.1/bin/*/bin/bitcoind
sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-27.0/bin/bitcoin-cli
...
2. Create an RPC token:
The RPC token is designed to eliminate the need for hard-coded passwords in configuration and script files. You will receive a password here ONCE (unless you repeat the process and generate a new token).
 Tip
This password is required for CAS - it's your “RPC Password” noted in Step 6.
Download rpcauth.py 
...
from GitHub:
 Code Block
sudo wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py -O /usr/local/bin/rpcauth.py
...
 Code Block
rpcauth.py AnyNameYouWantHere
  • Replace AnyNameYouWantHere with any preferred user name.Avoid using 
    • Don’t use spaces or any special symbols.
 Tip
The user name is required for CAS - it's your “RPC User” as noted in Step 6.
Example:
...
  • Save all the information securely. You'll need every detail in the steps to follow.  
  • The RPC User = AnyNameYouWantHere
  • The RPC Password = Kq66rZya7MNpCU_e0zZSgjR2Mb7rBeyX9QSeGhwPMeY=
  • The cookie/token ("rpcauth") will only be required in the Bitcoin Core configuration file (next step). The token authenticates the specific username+password combination created.
 Tip
The RPC Password is required for CAS - as noted in Step 6.
The cookie/token is a secure hash of your password. The point is to hide your password on the node server to other users of the node. If your node is secure, then using the cookie is simply added security in the event of a server breach, however if your server is breached - you have a bigger problem than an exposed password - and that hash will afford very little protection.
The password is sent to the RPC server software by CAS, and must be kept encrypted while traveling over the Internet. This is accomplished using “tunnels” (more on that below).
...
3. Create the Bitcoin Core configuration file.
...
 Code Block
nano $HOME/.bitcoin/bitcoin.conf
Add the following settings & rpcauth credentials (created above):
 Code Block
server=1
daemon=1
rpcport=8332
rpcauth=AnyNameYouWantHere:cbb36c03b15219cafb1e72ae9329d5fd$72de450660cdb6dd2689cd2cba4091646a5e8005490dec07dc577b6dad608a80
# enable RBF
walletrbf=1
  • Replace the “rpcauth” line with the cookie/token you generated in the previous step 2.
  • Exit the nano editor with Control+X and “Y” to save your changes.
  • The CAS parameter “port” is the same as the “rpcport” specified in this step (8332).
...
"When Bitcoin Core daemon first starts, it will begin to download the blockchain. This step will take at least several days, and it may take much more time on a slow Internet connection or with a slow computer."
- from https://bitcoin.org/en/full-node#other-linux-daemon
 Code Block
bitcoind
  • It may will take several a few minutes for Bitcoin Core to completely start.
  • In actual practiceWith the first startup, expect to wait 1- 5+ days for bitcoind to fully synchronize. 
  • CAS will NOT be able to interact with bitcoind until the synchronization is COMPLETE!
    • When restarting the node, the sync will happen quickly (an hour or less).
  • To check the status, get the current block being processed by your node: 
    •  Code Block
      bitcoin-cli getblockcount
    •  Compare the returned number to the latest network block:
    • The debug log is typically located at $HOME/.bitcoin/debug.log 
      • You can also check the status periodically using tail .bitcoin/debug.log
...
 Code Block
bitcoin-cli stop
  • It may take a few minutes to completely shut down.
  • It will resume downloading synchronizing from the point where it stopped the next time you start it. It may take a few minutes to completely shut down. 
 Tip
The Bitcoin Core node (bitcoind) is now running.
  • It won’t be usable until fully synchronized - which may take up to 5+ days.
...
5. Setup a secure tunnel for 
...
The tunnel must be live 24x7.
...
encrypted communication.
Your CAS server and this node must have a secure line. Your password and other sensitive information will be passed back & forth. Encrypt (and thus protect) this communication by using a secure SSH tunnel.
The GB Wallet Tunnel is recommended.
General Bytes has incorporated an open-source ssh SSH client into CAS.
Click here for instructions to install the GB Wallet Tunnel Server .
  • The CAS “host” parameter used will be this node’s public IP.
  • The CAS “port” parameter will be the same port specified as the “rpcport” in Step 3 (above).
Option 2: Creating an SSH tunnel:
You may elect to use a SSH tunnel for secure RPC communication with the node. We also discourage running any software on your CAS server (except for CAS itself) and this includes Bitcoin Core. The solution is use port forwarding to enable access to your separate Bitcoin Core node. We recommend "dialing out" from CAS to the node. Seeon this node.
Alternative (unsupported):
Build an SSH tunnel (instead of the GB Wallet Tunnel), see: https://generalbytes.atlassian.net/
...
l/
...
The general usage would be:
 Code Block
ssh -f -N -i /home/gb/.ssh/bitcoind -L 8332:127.0.0.1:8332 gb@35.237.163.176
In the above example,
  • "ssh -f -N" is the "create a permanent tunnel in the background" command.
  • "-i /home/gb/.ssh/bitcoind" specifies the private SSH key to be used.
  • "-L 8332:127.0.0.1:8332" are the node's RPC port definitions.
  • "gb@35.237.163.176" is the SSH "dial-in" identity of the node.
Recruit an IT professional if you are uncomfortable with any of this!
cp/b7j5AVHA
  • For those instructions, set FORWARDED_PORT=8332
...
6. Save the required information for CAS:
...
password: is the “RPC Password” you also created earlier in Step 2.
...
7. Create a Wallet
After the node has fully synchronized, you’ll need to create a hot wallet. 
Create a Descriptor wallet:
 Code Block
bitcoin-cli -named createwallet wallet_name=cas_default avoid_reuse=true load_on_startup=true
  • Creates a subfolder cas_default containing a wallet.dat file (the actual wallet),
  • sets the avoid_reuse flag to comply with Bitcoin convention, and
  • loads the cas_default wallet automatically when starting the node.
Create a new wallet address for funding:
 Code Block
bitcoin-cli getnewaddress bech32m
...
  • The latest “bech32m” (Taproot) option is demonstrated, but any type works with CAS.
  • Send Bitcoin to whatever address is generated to fund your node.
    • The address bc1q4wv99c3yqpwttt7a59qqqqmyxda0z8l2ups7fx is only an example (do not send BTC to it).
Wallet labels
  • Bitcoin “Best Practices” discourages the usage of wallet labels
  • Despite this, a wallet label can be set using bitcoin-cli getnewaddress "funding" bech32m
...
8. Final Step: Configure your CAS
Your bitcoind node is now complete, but you’ll still need to plug in the parameters (created above) into your Bitcoin Crypto Settings.
 Tip
Configure your CAS Crypto Settings
...
Notes
...
1. Remote Procedure 
...
Calls (RPC) 
...
(all):
More information about the RPC API: https://developer.bitcoin.org/reference/rpc/index.html
 Note
Note: bitcoin-qt is NOT supported at this time.
...
2. Pruning nodes:
A "pruning node" (or lightweight node) is a special configuration that may be applied to bitcoind. It is unsupported by General Bytes. It is a substantial security risk when operating a BATM. Per the Bitcoin wiki:
...
 Warning
The instructions given in this guide do not enable “pruning nodes”. 
  • Install a full node as recommended by the Bitcoin community.
...
Housekeeping
This data is outside the scope of GB Support, but is presented here because it is frequently asked.
RBF and CPFP
Deploying a Bitcoin Core node grants you the ability to modify your unconfirmed transaction fees. Without a node, you must rely on third-party services to “unstuck” a low-fee transaction.
CPFP (Child Pays For Parent) is no longer necessary for modern transactions using this Core version. It has been fully replaced by RBF (Replace By Fee) and is less reliable than RBF. Using the instructions from this article, your node is already configured to use RBF.
To verify that your node is creating RBF-compatible transactions by default, use:
 Code Block
bitcoin-cli getmempoolinfo
  • The results should include this: "fullrbf": true
RBF Instructions:
Backups
Backup is a matter of copying simple matter of executing this RPC call:
 Code Block
bitcoin-cli backupwallet "backup_name.dat"
You can also just copy/archive the wallet file normally located in $HOME/.bitcoin/wallet.dat .
...
A file backup would be the most comprehensive recovery option in the event of catastrophe. Since the file is so sensitive though, having multiple copies also increases your hack risks. Secure your backups!
Private Keys
It is not recommended dangerous to print or expose your private key, especially in a terminal or any other insecure environment. However, if you absolutely need to your private key(s). Be extremely cautious with these operations. Anyone with access to your private key(s) can control your Bitcoin funds associated with that address. We generally recommended you use hardware wallets or other secure methods for managing your private keys. 
If you absolutely must retrieve your private key for a specific address - you must first determine the type of wallet you’re using:
 Code Block
bitcoin-cli
...
 getwalletinfo
  • Examine the descriptors attribute in the result.
    • true = use the listdescriptors method.
    • false = use the dumpprivkey method.
The dumpprivkey command is deprecated and unusable for non-legacy wallets. Example:
 Code Block
bitcoin-cli dumpprivkey "your_bitcoin_address"
  • Replace "your_bitcoin_address" with the actual address for which you want to retrieve the private key. This command will output the private key associated with that address.Be extremely cautious with this operation. Anyone with access to your private key can control your Bitcoin funds associated with that address. We generally recommended you use hardware wallets or other secure methods for managing your private keys
  • Only works for legacy-type (non-descriptor) wallets.
The listdescriptors command works for non-legacy wallets (bech32, bech32m, and descriptors). It is a bit more complex to use than dumpprivkey, and prints out the all the keys in JSON format.
 Code Block
bitcoin-cli listdescriptors true
  • Returns all descriptors and their private keys, including their derivation paths.
...
Related articles
 Filter by label (Content by label)
showLabelsfalse
max5
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@10d56
showSpacefalse
sortmodified
typepage
reversetrue
labelscas bitcoind node hotwallet
cqllabel in ( "node" , "cas" , "bitcoind" , "hotwallet" ) and type = "page" and space = "ESD"
...
hiddentrue
...