Installing Bitcoind on digital ocean VPS

This tutorial is intended for those with GenesisCoin Bitcoin ATMs that want to host their own Bitcoind on a Digital Ocean VPS (Get $10 free by signing up using my Referral Link).

 

Step 0:

You can skip this step if you already have your SSH Public Key within your Digital Ocean account.

Unix/Linux/Mac OSx

  1. Open a terminal and type ssh-keygen -t rsa and hit enter. You will also be prompted for a password to secure your ssh key with.

This will generate your id_rsa.pub (your public key). It’s stored in the .ssh directory in your home directory. You will want to upload this to DigitalOcean

Under the Digital Ocean user settings, go to Security, then add ssh key.

Screen Shot 2015-06-04 at 1.35.54 PM

Step 1: Create the droplet.

Create a Digital Ocean Droplet

Screen Shot 2015-06-04 at 1.28.18 PM

For the hostname you want to chose a random string (i.e. ads9hf2hsd328sd8ddjjDS).

For size select the $20/month droplet with 40GB SSD (Or select a larger size, this really depends on how many ATMs/transactions you are having).

For region, I normally select New York 3, it seems plenty fast.

Screen Shot 2015-06-04 at 1.31.49 PM

For Select Image, select Ubuntu 14.04 x64.

Under SSH Keys, click the SSH pub key we just uploaded to Digital Ocean earlier.

Then click “Create Droplet”

The droplet creating process normally takes around 30-45 seconds but can at times take a couple minutes.

 

Step 2: Update the System and install bitcoind.

Using your favorite ssh client, ssh to the IP address of your new server (digital ocean lists this on their control panel). Since we don’t want anybody stumbling upon your server through DNS, please do NOT setup DNS for your bitcoind server. Just use the IP address to connect to it.

# ssh root@<your-servers-ip-address>

Once logged into the server, issue the following commands to update the packages.

# apt-get update && apt-get upgrade -y

Then lets add some swap space, bitcoind likes it.

# fallocate -l 4G /swapfile && chmod 600 /swapfile && mkswap /swapfile && swapon /swapfile && echo "/swapfile none swap sw 0 0" >> /etc/fstab && echo "vm.swapiness=10" >> /etc/sysctl.conf && echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf
 

Now you are going to want to give the server a reboot

# reboot

Wait 30-45 seconds and then re-ssh to the server and enter the following commands to install bitcoind

# apt-add-repository ppa:bitcoin/bitcoin && apt-get update && apt-get install bitcoind -y

Okay Bitcoind is now installed.

Step 3: Configuring Bitcoin

Now that Bitcoin is installed we need to configure it.

mkdir -p ~/.bitcoin
echo -n 'rpcuser=' > ~/.bitcoin/bitcoin.conf
head -c 16 /dev/urandom | md5sum | cut -b 1-32 >> ~/.bitcoin/bitcoin.conf 
echo -n 'rpcpassword=' >> ~/.bitcoin/bitcoin.conf 
head -c 16 /dev/urandom | md5sum | cut -b 1-32 >> ~/.bitcoin/bitcoin.conf 
echo -e 'daemon=1 \nkeypool=10000 \nrpcssl=1 \n' >> ~/.bitcoin/bitcoin.conf
echo -e 'rpcsslcertificatechainfile=server.crt \n ' >> ~/.bitcoin/bitcoin.conf
echo -e 'rpcprivatekeyfile=server.pem \n'>> ~/.bitcoin/bitcoin.conf
echo -e 'rpcsslciphers=TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH \n'>> ~/.bitcoin/bitcoin.conf 
echo -n 'rpcport='>> ~/.bitcoin/bitcoin.conf
od -A n -N 2 -t u2 /dev/urandom>> ~/.bitcoin/bitcoin.conf

Now lets generate SSL Cert:

cd ~/.bitcoin/

openssl genrsa -des3 -out server.key 1024

openssl req -new -key server.key -out server.csr

cp server.key server.key.org

openssl rsa -in server.key.org -out server.key

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

cat server.crt server.key > server.pem

Step 4: Security concerns.

A. IP Restrict Access to the bitcoind.

It is best practice to enable IP restriction on RPC use. Please whitelist the servers your going to be using. To whitelist Genesis Coin’s servers we do this:

echo -e 'rpcallowip=54.193.6.150 \n' >> ~/.bitcoin/bitcoin.conf
echo -e 'rpcallowip=54.254.178.167' >> ~/.bitcoin/bitcoin.conf

 

B. Change the default SSH port.

sed -i s/22/3729/ /etc/ssh/sshd_config

C. Enable UFW Firewall.

First lets find out the port that bitcoind is using:

# cat ~/.bitcoin/bitcoin.conf |grep port

This will return a port.

ufw allow 3729
ufw allow ssh
ufw allow port-from-above-command
ufw enable

D. Install fail2ban.

apt-get install fail2ban

Step 5. Make it start at boot and auto-restart

nano /etc/init/bitcoind.conf

and enter the following:

description "bitcoind"

start on filesystem
stop on runlevel [!2345]
oom score -500
expect fork
respawn
respawn limit 10 60 # 10 times in 60 seconds

script
 user=root
 home=/root
 cmd=/usr/bin/bitcoind
 pidfile=/root/bitcoind.pid
 # Don't change anything below here unless you know what you're doing
 [[ -e $pidfile && ! -d "/proc/$(cat $pidfile)" ]] && rm $pidfile
 [[ -e $pidfile && "$(cat /proc/$(cat $pidfile)/cmdline)" != $cmd* ]] && rm $pidfile
 exec start-stop-daemon --start -c $user --chdir $home --pidfile $pidfile -m --startas $cmd
end script

Then issue the following command:

initctl reload-configuration

Now you can use

service bitcoind start

and

service bitcoind stop

To start and stop the Bitcoin daemon.

 

Now your done. Go ahead and start bitcoind by typing bitcoind at the command line. Now a wallet.dat will be generated and the blockchain will be downloaded. Be sure to CAREFULLY backup your wallet.dat – unlike on QT, bitcoind does not encrypt the file by default.

Leave a Reply