A simple guide to financial sovereignty (set up your Bitcoin fullnode)

In 2009, a 9 pages white paper by satoshi Nakamoto described a protocol that made central banking obselete. It's a new paradigm where monney is no longer controlled by a few, but by the whole network.

The shift is already happening, as we speak, even if it's hard to see, especially if you lack the fundamental knowledege of cryptoghraphy, game theory and economics. It's just a matter of time before you realize that Bitcoin is hard money, and for the first time we have a framework to apply austrian economics, without permission. Time to reset the keynesian monopoly game.

I don't think people are inherently bad, it's just that in the actual system (which I call the legacy system) people are incentivised to make decisions that are good from their individual perspective, but unfortunately, the sum of those individual decisions are bad from the collective group perspective. That's just plain simple game theory. What makes Bitcoin so special is it's perfectly aligned set of incentives that makes individuals and collectives outcomes better. It switches the economic model from keynesian to austrian, inflation to deflation, spending to saving, modern slavery (throught debt) to financial sovereingty, de-evolution to evolution. We are currently shifting from fiat to Bitcoin.

What you think capitalism is has nothing to do with what Capitalism really is in a free market. Capitalism is beautiful, it's simply the act of evolution, saving and optimising for consumming only what's needed (don't forget with live in a world with limited ressources, yes we all forgot). Stop spending and start capitalising, that's what we should be doing. But it's near impossible in a world run by socialists imposing debt using violence. What do you think back the US dollar ? gold ? no no, only tanks, aircraft carriers, soldiers and corrupt politicians.

Our only way out of this madness with the minimum violence is Bitcoin.

To be clear, if you dont run a fullnode, then you don't validate the transactions yourself (which is one purpose of running a fullnode). If you don't do the job yourself, then you have no other choice then to trust someone else for it. That's not necesserely a bad thing, as long as you are aware of it. You have no say in what defines Bitcoin, you enforce no rules. You serve no purpose in the Bitcoin realm. Why not !

Now if you seek financial sovereignty and want to take part in the new money paradigm, you will need to operate a fullnode and get your hands a little dirty. This guide hopefuly will take you there while walking you through the steps of setting up your autonomous Bitcoin Core full node.

Why Bitcoin Core ? simply because the Bitcoin core client implement and enforce the set of rules that I myself define as being Bitcoin.

Prerequis

• Linux (recent ubuntu or debian)
• 300Go minimum
• willing to take responsibility for your kids future

install

Choose & download the latest binaries for your platform directly from github: https://bitcoincore.org/bin/bitcoin-core-0.16.2

at the time of writing, the latest bitcoin core version is 0.16.2

wget https://bitcoincore.org/bin/bitcoin-core-0.16.2/bitcoin-0.16.2-x86_64-linux-gnu.tar.gz
tar -zxvf bitcoin-0.16.2-x86_64-linux-gnu.tar.gz
sudo mv bitcoin-0.16.2/bin/* /usr/local/bin/
rm -rf bitcoin-0.16.2-x86_64-linux-gnu.tar.gz bitcoin-0.16.2 # clean

---

firewall

Make sure the needed ports (8333, 8332) are open on your server.
If you don't know, you can & should use a firewall on your server. I use ufw, which stands for uncomplicated firewall.

sudo apt install ufw # install ufw

configure default rules & enable firewall

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh # if you operate your server via ssh dont forget to allow ssh before enabling
sudo ufw enable

Once your firewall is ready, open the bitcoin ports :

sudo ufw allow 8333 # mainnet
sudo ufw allow 8332 # mainnet rpc/http
sudo ufw allow 7000 # netcat transfert (for trusted sync)

check your firewall rules with sudo ufw status numbered

---

init

Start bitcoind so that it create the initial ~/.bitcoin folder structure.

bitcoind& # launch daemon (the & run the copmmand in the background)
bitcoin-cli stop # stop the daemon once folder structure is created

---

config

In my case, for a personnal fullnode, I want to run a full txindexed chain. We only live once and i want all options to be possible/available :) If you plan to interact with the lightning network in the future and want to stay 100% trustless, I encourage you txindexing the chain (because you'll need an indexed chain). it's not hard to txindex the chain later on, but the less you touch the data, the better. so always better to start with txindex=1 if you want to go for the long run. It only adds 26Go on top of the 200Go non indexed chain. So it's worth it !

Just to get an idea of the size of the bitcoin core chain (August 23, 2018) :

network	folder	txindexed	height	size
mainnet	blocks + chainstate	yes	538.094	209Go + 2.7Go = 211.7
mainnet	blocks + chainstate	no	538.094	193Go + 2.7Go = 195.7Go
testnet	blocks + chainstate	yes	-	-
testnet	blocks + chainstate	no	1.407.580	20Go + 982Mo = 21Go

Create a bitcoin.conf config file in the ~/.bitcoin folder. This is my default settings, feel free to adjust to your need.
[ see full config Running Bitcoin - Bitcoin Wiki ]

# see full config here https://en.bitcoin.it/wiki/Running_Bitcoin

# Global
daemon=1
txindex=1
rpcallowip=0.0.0.0/0 # bind network interface to local only for now
server=1
rest=1

# RPC
rpcport=8332
rpcuser=admin
rpcpassword=password # define a password
rpcworkqueue=100

# zmq
zmqpubrawblock=tcp://*:8331
zmqpubrawtx=tcp://*:8331
#zmqpubhashblock=tcp://*:8331
#zmqpubhashtx=tcp://*:8331

# numbers of peers. default to 125
maxconnections=10

# utxo cache. default to 300M
dbcache=100

# Spam protection
limitfreerelay=10
minrelaytxfee=0.0001

---

Sync the blockchain

There are 2 ways you can donwload/sync the bitcoin blochain :

Network sync (default)

If this is the first time you are setting up a bitcoin full node, it's the only way to trust the data. It will take time, depending on your hardware and network speed, it could vary from hours to days. You have nothing to do but leave the bitcoind daemon running. check status with bitcoin-cli getblockchaininfo, kill daemon with bitcoin-cli stop.

Remember that this is the only procedure you should use in order to sync the blockchain for the first time, as you don't want to trust anyone with that data except the network itself.

Trusted sync

Skip this chapter if this is the first you're setting up a full node.

Once you operate a fully "network trusted" node, if you'd like to operate other nodes, syncing them from your trusted node(s) will go much faster, since you simply have to copy the trusted data from server to server directly, instead of going throught the bitcoin core network sync.

You will need to transfer the chainstate & blocks directory from the ~/.bitcoin folder of one of your trusted node to the new one. The way you achieve that transfer is up to you.

At the time of writing (August 23, 2018), the txindexed blockchain (chainstate + blocks up to height 538.094) is around 220Go.
Moving that quantity of data over the network is not a trivial task, but if the transfer happens between 2 reliable servers, then netcat will be great for the job. (netcat sends raw tcp packets, there is no authentification or resume feature).

Note: with netcat, if one of the servers connection is not stable, and you lose connection, you will have to start again. that's a bummer. in that case you are better of with tools like rsync or rcp that let you resume a transfer.

In order to make the transfer a simple task, make sure you do the following on both of the receiver and the sender server :

• make sure port 7000 is open (or choose whatever port you want, make sure to reflect in .bashrc wrapper fucntions)

  sudo ufw allow 7000
  

• Install netcat & pv (pv is a utility that will show transfer progress)

  sudo apt install netcat tar pv
  

• Add 2 wrapper function in your .bashrc :

  # raw tcp push/pull wrapper over netcat
  # on receiver side, run 'ncpull' in the desired folder
  # on sender side, run 'ncpush {file, dir, path, blob} {host, IP}
  ncpull() { nc -l -p 7000 | pv | tar xf - -C "."; }
  ncpush() { tar cf - $1 | pv | nc -w1 $2 7000; }
  

• Reload your bash source ~/.bashrc

Once both your servers (receiver & sender) are netcat ready, proceed as follow :

• On the receiver side (the node we are setting up)

  cd ~/.bitcoin
  rm -rf blocks chainstate   # first remove existing data
  ncpull # get ready for a push
  

• Then on the sender side (trusted server)

  cd ~/.bitcoin
  ncpush blocks/ receiverIP # make the push
  

• Go grab a coffee, a spliff or whatever rewards you :)
• Repeat ncpull/ncpush for the chainstate folder also.

This is the transfer times for my last data sync between 2 servers hosted at time4vps.eu (not too bad)

folder	size	transfer time
blocks	209Go	5h20
chainstate	2.7Go	4min

---

bitcoind as a service

For ease of use and 100% uptime, simply add bitcoind to your system service manager (in my case systemd)
create the file /etc/systemd/system/bitcoind.service and add the following to it :

[Unit]                                         
Description=Bitcoin daemon
After=network.target
  
[Service]
User=larafale
RuntimeDirectory=bitcoind
Type=forking
ExecStart=/usr/local/bin/bitcoind -conf=/home/larafale/.bitcoin/bitcoin.conf
ExecStop=/usr/local/bin/bitcoin-cli stop
KillMode=process
Restart=always
RestartSec=120
TimeoutSec=240

# Hardening measures
####################
  
# Provide a private /tmp and /var/tmp.
PrivateTmp=true
  
# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full
  
# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true
  
# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true
  
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true
  
[Install]
WantedBy=multi-user.target

Don't forget to correct the user name & the bitcoin.conf path. Once the systemd bitcoind config file is created, reload system services and start the bitcoind service:

sudo systemctl daemon-reload   # reload new services
sudo systemctl enable bitcoind # enable bitcoind
sudo systemctl start bitcoind  # start bitcoind
sudo systemctl status bitcoind # check bitcoind status

If everything worked, status should output the following:

● bitcoind.service - Bitcoin daemon
   Loaded: loaded (/etc/systemd/system/bitcoind.service; enabled; vendor preset: enabled)
   Active: active (running) since jeu. 2018-08-23 21:17:41 CEST; 5s ago
  Process: 5218 ExecStart=/usr/local/bin/bitcoind -conf=/home/larafale/.bitcoin/bitcoin.conf (code=exited, status=0/SUCCESS)
 Main PID: 5219 (bitcoind)
   CGroup: /system.slice/bitcoind.service
           └─5219 /usr/local/bin/bitcoind -conf=/home/larafale/.bitcoin/bitcoin.conf

The bitcoind service is active and will automatically restart on statup/crash.
Wait a couple minutes until the bitcoin-cli getblockchaininfo command returns the chain status.
You can also query the rest interface by opening http://nodeIP:8332/rest/chaininfo.json in your browser.

---

Conclusion

You now have a full Bitcoin core node running on it's own. What's next ?
Well I never blogged before, this is the first time I am outsourcing some of my work. I'm a passionnate enginner working on all kind of technologies. I've been dedicating half of my time to Bitcoin for the last 2 years already, so if this guide was usefull and want to go deeper , just let me know, depending on the feedback I get, i'll consider outsourcing more interesting work. For example next post could be about setting up an Electrum Server so you can safely use SPV wallets trusting your own fullnode.

Also I'm currently working on a trustless bitcoin payment processor called 8333, make sure you follow @_8333_ on twitter. I think I will release the project end of 2018. Ping me if interested.

The best way you can show support is via Bitcoin : 16FKGPiivpo3Z7FFPLdkoVRcV2ASBc7Ktu