Run a Bitcoin Node
Requirements:
This guide is written for a Unix based system. It's reasonable to expect some modifications will be required for other operating systems.
When started, the Bitcoin node will take several days to reach chain tip.
Bitcoin Core >= v25.0
Host with a minimum of:
2 vCPU (a single dedicated cpu for the bitcoind process)
4GB Memory (during sync, more available memory will improve sync time)
1TB free disk space
User account:
bitcoin:bitcoin
Chainstate directory located at:
/bitcoin/mainnet
bitcoin
user must have read/write access.
Config directory located at:
/etc/bitcoin
bitcoin
user must have at least read access
Add bitcoin user and set file ownership
$ sudo mkdir -p /bitcoin/mainnet
$ sudo mkdir /etc/bitcoin
$ sudo useradd bitcoin -d /bitcoin
$ sudo chown -R bitcoin:bitcoin /bitcoin /etc/bitcoin/
Bitcoin Config
Below is a sample config used to sync a bitcoin node - feel free to adjust as needed.
btuser:btcpass
is hardcoded as an rpcauth user/password (generated using this script).Only localhost access is allowed (
127.0.0.1
) on the standard mainnet ports.dbcache
is set to the maximum of 16GB.Wallet (and wallet rpc calls) are disabled.
## [rpc]
# Accept command line and JSON-RPC commands.
server=1
# Allow JSON-RPC connections from specified source.
rpcallowip=127.0.0.1/0
# Bind to given address to listen for JSON-RPC connections.
rpcbind=127.0.0.1:8332
# Username and HMAC-SHA-256 hashed password for JSON-RPC connections.
# Use the script at https://github.com/bitcoin/bitcoin/tree/master/share/rpcauth to generate
# Note: may be specified multiple times for different users.
rpcauth=btcuser:18857b4df4b1f0f5e6b1d7884617ab39$de6e02e1da8ee138ee702e13e0637e24679d844756216b066c3aeac4bcac5e10 # btuser:btcpass
# Optional: rpcwhitelist can restrict listed RPC calls to specific rpcauth users.
# Uncomment the below the restrict the `limited` user to a small subset of `get` commands
# rpcauth=limited:350c91a60895b567c4662c27e63e9a41$25188b0f51f2f974dcdc75c1e0d41174e8f7ae19fb96927abf68ac5bc1e8897b # limited:limited
# rpcwhitelist=limited:getblockchaininfo,getblock,getblockcount,getblockhash,getblockheader,getnetworkinfo
# rpcwhitelistdefault=0
## [core]
# Specify data directory
datadir=/bitcoin/mainnet
# Do not keep transactions in the mempool longer than <n> hours (default: 336)
mempoolexpiry=24
# Bind to given address and always listen on it (default: 0.0.0.0)
bind=127.0.0.1:8333
# Maximum database cache size <n> MiB (4 to 16384, default: 450). In addition, unused mempool memory is shared for this cache
dbcache=16384
# Maintain a full transaction index, used by the getrawtransaction rpc call
txindex=1
## [wallet]
# Do not load the wallet and disable wallet RPC calls
disablewallet=1
Systemd unit file
ref: https://github.com/bitcoin/bitcoin/blob/master/contrib/init/bitcoind.service
[Unit]
Description=Bitcoin daemon
Documentation=https://github.com/bitcoin/bitcoin/blob/master/doc/init.md
# https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/usr/bin/bitcoind -pid=/run/bitcoind/bitcoind.pid \
-conf=/etc/bitcoin/bitcoin.conf \
-startupnotify='systemd-notify --ready' \
-shutdownnotify='systemd-notify --stopping'
# Make sure the config directory is readable by the service user
PermissionsStartOnly=true
ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin
# Process management
####################
Type=notify
NotifyAccess=all
PIDFile=/run/bitcoind/bitcoind.pid
Restart=on-failure
TimeoutStartSec=infinity
TimeoutStopSec=600
# Directory creation and permissions
####################################
# Run as bitcoin:bitcoin
User=bitcoin
Group=bitcoin
# /run/bitcoind
RuntimeDirectory=bitcoind
RuntimeDirectoryMode=0710
# /etc/bitcoin
ConfigurationDirectory=bitcoin
ConfigurationDirectoryMode=0710
# /var/lib/bitcoind
StateDirectory=bitcoind
StateDirectoryMode=0710
# Hardening measures
####################
# Provide a private /tmp and /var/tmp.
PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full
# Deny access to /home, /root and /run/user
ProtectHome=true
# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true
# Restrict ABIs to help ensure MemoryDenyWriteExecute is enforced
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target
Enable and start the Bitcoin service
$ sudo systemctl daemon-reload
$ sudo systemctl enable bitcoin.service
$ sudo systemctl start bitcoin.service
Last updated
Was this helpful?