This is a step-by-step guide for installing a Bitcoin Core node as a Hot Wallet source for CAS.
This guide has been updated for Bitcoin Core version: 0.20.1
Before you begin…
The following example presumes you have the following ready:
root access to a server running any current Ubuntu LTS (20.04 in this example),
350 GB free disk space (plus 20 GB more every month),
4 GB of memory (RAM)
It’s common for full nodes on high-speed connections to use 200 gigabytes upload or more a month. Download usage is around 20 gigabytes a month, plus around an additional 195 gigabytes the first time you start your node.
Modify the file permissions to allow the python script to execute:
sudo chmod +x /usr/local/bin/rpcauth.py
Then finally run the RPC token generator that you just installed and enabled:
Replace AnyNameYouWantHere with any preferred user name.
Avoid using spaces or any special symbols.
The user name is required for CAS - it's your “RPC User” noted in Step 6.
Save all the information securely. You'll need every detail in the steps to follow.
The RPC User = AnyNameYouWantHere
The RPC Password = Kq66rZya7MNpCU_e0zZSgjR2Mb7rBeyX9QSeGhwPMeY=
The cookie/token ("rpcauth") will only be required in the Bitcoin Core configuration file (next step).
The RPC Password is required for CAS - noted in Step 6.
The cookie/token is a secure hash of your password. The point is to hide your password on the node server to other users of the node. If your node is secure, then using the cookie is simply added security in the event of a server breach, however if your server is breached - you have a bigger problem than an exposed password - and that hash will afford very little protection.
The password is sent to the RPC server software by CAS, and must be kept encrypted while traveling over the Internet. This is accomplished using “tunnels”.
Replace the “rpcauth” line with the cookie/token you generated in the previous step.
Exit the nano editor with Control+X and save your changes.
The CAS parameter “port” is the same as the “rpcport” specified in this step.
4. Start the bitcoind daemon:
"When Bitcoin Core daemon first starts, it will begin to download the blockchain. This step will take at least several days, and it may take much more time on a slow Internet connection or with a slow computer."
The CAS “host” parameter used will be this node’s public IP.
The CAS “port” parameter will be the same port specified as the “rpcport” in Step 3 (above).
Option 2: Creating an SSH tunnel:
If you're running your own CAS server, then you may elect to use a SSH tunnel for secure RPC communication with the node. We also discourage running any software on your CAS server (except for CAS itself) and this includes Bitcoin Core. The solution is use port forwarding to enable access to your separate Bitcoin Core node. We recommend "dialing out" from CAS to the node.
A "pruning node" (or lightweight node) is a special configuration that may be applied to bitcoind. It is unsupported by General Bytes. It is a substantial security risk when operating a BATM. Per the Bitcoin wiki:
“Lightweight nodes are sometimes able to be temporarily tricked into accepting transactions or blocks that are not actually valid. This could cause serious financial damage, especially for websites that automatically process Bitcoin transactions. Full nodes provide the maximum security possible, and so they should be used by all businesses, and also by regular users whenever doing so is convenient.”
The instructions given in this guide do not enable “pruning nodes”.
Install a full node as recommended by the Bitcoin community.