monero-docs/public/running-node/open-node-tor-onion/index.html

115 lines
No EOL
40 KiB
HTML

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="Unofficial Monero Documentation"><meta name=author content="Piotr 'Qertoip' Włodarek"><link href=https://monerodocs.org/running-node/open-node-tor-onion/ rel=canonical><link rel="shortcut icon" href=../../assets/favicon.png><meta name=generator content="mkdocs-1.1.2, mkdocs-material-6.2.5"><title>Running Monero Open Node with Tor Onion Support - Monero Documentation</title><link rel=stylesheet href=../../assets/stylesheets/main.15aa0b43.min.css><link rel=stylesheet href=../../assets/stylesheets/palette.75751829.min.css><meta name=theme-color content=#ffffff><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback"><style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style><link rel=stylesheet href=../../overrides.css></head> <body dir=ltr data-md-color-scheme data-md-color-primary=white data-md-color-accent=indigo> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#running-monero-open-node-tor-onion class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class=md-header data-md-component=header> <nav class="md-header-nav md-grid" aria-label=Header> <a href=https://monerodocs.org title="Monero Documentation" class="md-header-nav__button md-logo" aria-label="Monero Documentation"> <img src=../../images/monero.svg alt=logo> </a> <label class="md-header-nav__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg> </label> <div class=md-header-nav__title data-md-component=header-title> <div class=md-header-nav__ellipsis> <div class=md-header-nav__topic> <span class=md-ellipsis> Monero Documentation </span> </div> <div class=md-header-nav__topic> <span class=md-ellipsis> Running Monero Open Node with Tor Onion Support </span> </div> </div> </div> <label class="md-header-nav__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query data-md-state=active required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </label> <button type=reset class="md-search__icon md-icon" aria-label=Clear data-md-component=search-reset tabindex=-1> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg> </button> </form> <div class=md-search__output> <div class=md-search__scrollwrap data-md-scrollfix> <div class=md-search-result data-md-component=search-result> <div class=md-search-result__meta> Initializing search </div> <ol class=md-search-result__list></ol> </div> </div> </div> </div> </div> <div class=md-header-nav__source> <a href=https://github.com/monerodocs/md/ title="Go to repository" class=md-source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg> </div> <div class=md-source__repository> monerodocs/md </div> </a> </div> </nav> </header> <div class=md-container data-md-component=container> <main class=md-main data-md-component=main> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component=navigation> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--primary" aria-label=Navigation data-md-level=0> <label class=md-nav__title for=__drawer> <a href=https://monerodocs.org title="Monero Documentation" class="md-nav__button md-logo" aria-label="Monero Documentation"> <img src=../../images/monero.svg alt=logo> </a> Monero Documentation </label> <div class=md-nav__source> <a href=https://github.com/monerodocs/md/ title="Go to repository" class=md-source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg> </div> <div class=md-source__repository> monerodocs/md </div> </a> </div> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../.. class=md-nav__link> Home </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-2 type=checkbox id=nav-2> <label class=md-nav__link for=nav-2> Interacting <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Interacting data-md-level=1> <label class=md-nav__title for=nav-2> <span class="md-nav__icon md-icon"></span> Interacting </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../interacting/download-monero-binaries/ class=md-nav__link> Download </a> </li> <li class=md-nav__item> <a href=../../interacting/verify-monero-binaries/ class=md-nav__link> Verify </a> </li> <li class=md-nav__item> <a href=../../interacting/overview/ class=md-nav__link> Overview </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-config-file/ class=md-nav__link> Config file </a> </li> <li class=md-nav__item> <a href=../../interacting/monerod-reference/ class=md-nav__link> monerod </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-wallet-cli-reference/ class=md-nav__link> monero-wallet-cli </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-wallet-gui-reference/ class=md-nav__link> monero-wallet-gui </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-wallet-rpc-reference/ class=md-nav__link> monero-wallet-rpc </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-blockchain-export-reference/ class=md-nav__link> monero-blockchain-export </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-blockchain-import-reference/ class=md-nav__link> monero-blockchain-import </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../technical-specs/ class=md-nav__link> Technical specs </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-4 type=checkbox id=nav-4> <label class=md-nav__link for=nav-4> Cryptography <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Cryptography data-md-level=1> <label class=md-nav__title for=nav-4> <span class="md-nav__icon md-icon"></span> Cryptography </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../cryptography/introduction/ class=md-nav__link> Introduction </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-4-2 type=checkbox id=nav-4-2> <label class=md-nav__link for=nav-4-2> Asymmetric <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Asymmetric data-md-level=2> <label class=md-nav__title for=nav-4-2> <span class="md-nav__icon md-icon"></span> Asymmetric </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../cryptography/asymmetric/introduction/ class=md-nav__link> Introduction </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/private-key/ class=md-nav__link> Private keys </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/public-key/ class=md-nav__link> Public keys </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/edwards25519/ class=md-nav__link> Edwards25519 curve </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/key-image/ class=md-nav__link> Key image </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../cryptography/base58/ class=md-nav__link> Base58 </a> </li> <li class=md-nav__item> <a href=../../cryptography/prng/ class=md-nav__link> PRNG </a> </li> <li class=md-nav__item> <a href=../../cryptography/keccak-256/ class=md-nav__link> Keccak-256 </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-5 type=checkbox id=nav-5> <label class=md-nav__link for=nav-5> Address <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Address data-md-level=1> <label class=md-nav__title for=nav-5> <span class="md-nav__icon md-icon"></span> Address </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../public-address/standard-address/ class=md-nav__link> Standard </a> </li> <li class=md-nav__item> <a href=../../public-address/subaddress/ class=md-nav__link> Subaddress </a> </li> <li class=md-nav__item> <a href=../../public-address/integrated-address/ class=md-nav__link> Integrated </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-6 type=checkbox id=nav-6> <label class=md-nav__link for=nav-6> Proof of Work <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="Proof of Work" data-md-level=1> <label class=md-nav__title for=nav-6> <span class="md-nav__icon md-icon"></span> Proof of Work </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../proof-of-work/what-is-pow/ class=md-nav__link> What is PoW? </a> </li> <li class=md-nav__item> <a href=../../proof-of-work/pow-in-cryptocurrencies/ class=md-nav__link> PoW in Cryptocurrencies </a> </li> <li class=md-nav__item> <a href=../../proof-of-work/cryptonight/ class=md-nav__link> CryptoNight </a> </li> <li class=md-nav__item> <a href=../../proof-of-work/random-x/ class=md-nav__link> RandomX </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../multisignature/ class=md-nav__link> Multisignature </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-8 type=checkbox id=nav-8> <label class=md-nav__link for=nav-8> Infrastructure <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Infrastructure data-md-level=1> <label class=md-nav__title for=nav-8> <span class="md-nav__icon md-icon"></span> Infrastructure </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../infrastructure/networks/ class=md-nav__link> Mainnet, stagenet, testnet </a> </li> <li class=md-nav__item> <a href=../../infrastructure/tor-onion-p2p-seed-nodes/ class=md-nav__link> Tor onion seed nodes </a> </li> <li class=md-nav__item> <a href=../../infrastructure/monero-pulse/ class=md-nav__link> MoneroPulse </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--active md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-9 type=checkbox id=nav-9 checked> <label class=md-nav__link for=nav-9> Running a Node <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="Running a Node" data-md-level=1> <label class=md-nav__title for=nav-9> <span class="md-nav__icon md-icon"></span> Running a Node </label> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" data-md-toggle=toc type=checkbox id=__toc> <label class="md-nav__link md-nav__link--active" for=__toc> Open Node + Tor Onion <span class="md-nav__icon md-icon"></span> </label> <a href=./ class="md-nav__link md-nav__link--active"> Open Node + Tor Onion </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=#why-run-this-specific-setup class=md-nav__link> Why run this specific setup? </a> </li> <li class=md-nav__item> <a href=#assumptions class=md-nav__link> Assumptions </a> </li> <li class=md-nav__item> <a href=#install-tor class=md-nav__link> Install Tor </a> <nav class=md-nav aria-label="Install Tor"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#etctortorrc class=md-nav__link> /etc/tor/torrc </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#install-monero class=md-nav__link> Install Monero </a> <nav class=md-nav aria-label="Install Monero"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#etcmoneroconf class=md-nav__link> /etc/monero.conf </a> </li> <li class=md-nav__item> <a href=#etcmoneroservice class=md-nav__link> /etc/.../monero.service </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#open-firewall-ports class=md-nav__link> Open firewall ports </a> </li> <li class=md-nav__item> <a href=#testing class=md-nav__link> Testing </a> <nav class=md-nav aria-label=Testing> <ul class=md-nav__list> <li class=md-nav__item> <a href=#on-server class=md-nav__link> On server </a> </li> <li class=md-nav__item> <a href=#on-client-machine class=md-nav__link> On client machine </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#debugging class=md-nav__link> Debugging </a> </li> <li class=md-nav__item> <a href=#further-improvements class=md-nav__link> Further improvements </a> <nav class=md-nav aria-label="Further improvements"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#periodic-restarts class=md-nav__link> Periodic restarts </a> </li> </ul> </nav> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-10 type=checkbox id=nav-10> <label class=md-nav__link for=nav-10> Accepting Monero <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="Accepting Monero" data-md-level=1> <label class=md-nav__title for=nav-10> <span class="md-nav__icon md-icon"></span> Accepting Monero </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../accepting-monero/overview/ class=md-nav__link> Overview </a> </li> </ul> </nav> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component=toc> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=#why-run-this-specific-setup class=md-nav__link> Why run this specific setup? </a> </li> <li class=md-nav__item> <a href=#assumptions class=md-nav__link> Assumptions </a> </li> <li class=md-nav__item> <a href=#install-tor class=md-nav__link> Install Tor </a> <nav class=md-nav aria-label="Install Tor"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#etctortorrc class=md-nav__link> /etc/tor/torrc </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#install-monero class=md-nav__link> Install Monero </a> <nav class=md-nav aria-label="Install Monero"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#etcmoneroconf class=md-nav__link> /etc/monero.conf </a> </li> <li class=md-nav__item> <a href=#etcmoneroservice class=md-nav__link> /etc/.../monero.service </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#open-firewall-ports class=md-nav__link> Open firewall ports </a> </li> <li class=md-nav__item> <a href=#testing class=md-nav__link> Testing </a> <nav class=md-nav aria-label=Testing> <ul class=md-nav__list> <li class=md-nav__item> <a href=#on-server class=md-nav__link> On server </a> </li> <li class=md-nav__item> <a href=#on-client-machine class=md-nav__link> On client machine </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=#debugging class=md-nav__link> Debugging </a> </li> <li class=md-nav__item> <a href=#further-improvements class=md-nav__link> Further improvements </a> <nav class=md-nav aria-label="Further improvements"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#periodic-restarts class=md-nav__link> Periodic restarts </a> </li> </ul> </nav> </li> </ul> </nav> </div> </div> </div> <div class=md-content> <article class="md-content__inner md-typeset"> <a href=https://github.com/monerodocs/md/edit/master/docs/running-node/open-node-tor-onion.md title="Edit this page" class="md-content__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg> </a> <h1 id=running-monero-open-node-tor-onion>Running Monero Open Node + Tor Onion<a class=headerlink href=#running-monero-open-node-tor-onion title="Permanent link">&para;</a></h1> <div class="admonition success"> <p class=admonition-title>Powerful setup</p> <p>This is great contribution to Monero network and also a pretty sophisticated personal setup. If you are a beginner, you don't need this.</p> </div> <div class="admonition info"> <p class=admonition-title>The end goal</p> <p>You will publicly offer the following services, where xxx.yyy.zzz.vvv is your server IP address.</p> <ul> <li>xxx.yyy.zzz.vvv:18080 - clearnet P2P service (for other nodes)</li> <li>xxx.yyy.zzz.vvv:18081 - clearnet RPC service (for wallets)</li> <li>yourlongv3onionaddress.onion:18083 - onion P2P service (for other onion nodes)</li> <li>yourlongv3onionaddress.onion:18081 - onion RPC service (for wallets connecting over Tor)</li> </ul> <p>Why different P2P ports for clearnet and onion? This is a <code>monerod</code> requirement.</p> </div> <div class="admonition warning"> <p class=admonition-title>Broadcasting bad transactions from your IP</p> <p>As with any public data broadcast or relay service, "bad traffic" or in this case "bad transactions" may appear to originate from your server IP address from an outside observer perspective - even though they really originate from a remote wallet user. This is a potential risk you need to keep in mind.</p> </div> <h2 id=why-run-this-specific-setup>Why run this specific setup?<a class=headerlink href=#why-run-this-specific-setup title="Permanent link">&para;</a></h2> <p>You will be able to connect your desktop and mobile Monero wallets to your own trusted Monero node, in a secure and private way over Tor. Your node will be always ready w/o delays (always synced up, contrary to intermittently running node on a laptop).</p> <p><strong>Serving blocks and transactions</strong> in Monero P2P network helps new users to bootstrap and sync up their nodes. It also strenghtens Monero P2P network against DDoS attacks and network partitioning.</p> <p><strong>Open wallet inteface</strong> (the "RPC") allows anyone to connect their wallets to Monero network through your node. This is useful for beginner users who don't run their own nodes yet.</p> <p><strong>Tor onion for wallet interface</strong> is useful for wallet users connecting over Tor because it mitigates Tor exit nodes MiTM risks (which are very real). By connecting wallet to an onion service, no MiTM attack is realistic because within the Tor network connections are end-to-end TLS-ed.</p> <p><strong>Tor onion for P2P network</strong> is useful for other full node users as it allows them to broadcast transactions over Tor (using <code>--tx-proxy</code> option).</p> <h2 id=assumptions>Assumptions<a class=headerlink href=#assumptions title="Permanent link">&para;</a></h2> <p>You understand basic Linux administration. You seek Monero specific guidance.</p> <p>You have root access to a Linux server with 2GB+ RAM and 120GB+ SSD (or 50GB+ for the pruned node version). This is current for Jan 2021.</p> <p>Some commands assume Ubuntu but you will easily translate them to your distribution.</p> <h2 id=install-tor>Install Tor<a class=headerlink href=#install-tor title="Permanent link">&para;</a></h2> <p><a href=https://2019.www.torproject.org/docs/debian.html.en#ubuntu>Install Tor</a>.</p> <p>Modify <code>/etc/tor/torrc</code> as shown below.</p> <p>Enable tor service with <code>systemctl enable tor</code> and restart it via <code>systemctl restart tor</code></p> <p>Verify the Tor is up <code>systemctl status tor@default</code></p> <p>A fresh onion address and corresponding key pair got created for you by the <code>tor</code> daemon in <code>/var/lib/tor/monero/</code>. You may want to backup these to secure control over your onion address. This happens on restart whenever you add new <code>HiddenServiceDir</code> to <code>torrc</code> config.</p> <p>Monero daemon itself is not necessary at this point. The onion services (AKA hidden services) will just wait until localhost <code>monerod</code> shows up at specified ports 18081 and 18083.</p> <h3 id=etctortorrc>/etc/tor/torrc<a class=headerlink href=#etctortorrc title="Permanent link">&para;</a></h3> <div class=highlight><pre><span></span><code><span class=nb>HiddenServiceDir</span> <span class=sx>/var/lib/tor/monero</span>
<span class=nb>HiddenServicePort</span> <span class=m>18081</span> <span class=m>127.0.0.1</span>:18081 # interface for wallet (<span class=s2>&quot;RPC&quot;</span>)
<span class=nb>HiddenServicePort</span> <span class=m>18083</span> <span class=m>127.0.0.1</span>:18083 # interface for P2P network
</code></pre></div> <details class=info><summary>How Tor onion services work?</summary><p>The <code>tor</code> daemon will simply pass over the traffic from virtual onion port to actual localhost port, where some service is listening (in our case, this will be <code>monerod</code>). A single onion address can offer multiple services at various virtual ports. We will use this to expose both P2P and RPC <code>monerod</code> services on a single onion. You could host any number of onion addresses at single server or IP address but we won't need that here.</p> </details> <h2 id=install-monero>Install Monero<a class=headerlink href=#install-monero title="Permanent link">&para;</a></h2> <p>Create <code>monero</code> user and group <code>useradd --system monero</code></p> <p>Create monero <strong>binaries</strong> directory (empty for now) <code>mkdir -p /opt/monero</code> and <code>chown -R monero:monero /opt/monero</code></p> <p>Create monero <strong>data</strong> directory <code>mkdir -p /srv/monero</code> and <code>chown -R monero:monero /srv/monero</code></p> <p>Create monero <strong>log</strong> directory <code>mkdir -p /var/log/monero</code> and <code>chown -R monero:monero /var/log/monero</code></p> <p>Feel free to adjust above to your preferred conventions, just remember to adjust the paths accordingly.</p> <p><a href=/interacting/download-monero-binaries/ >Download</a> and <a href=/interacting/verify-monero-binaries/ >verify</a> the file.</p> <p>Extract <code>tar -xf monero-linux-x64-v0.17.1.9.tar.bz2</code> (adjust filename).</p> <p>Move binaries to <code>/opt/monero/</code> with <code>mv monero-x86_64-linux-gnu-v0.17.1.9/* /opt/monero/</code> then <code>chown -R monero:monero /opt/monero</code></p> <p>Create <code>/etc/monero.conf</code> as shown below and <strong>paste your values in placeholders</strong>.</p> <p>Create <code>/etc/systemd/system/monero.service</code> as shown below.</p> <p>Enable monero service with <code>systemctl enable monero</code> and restart it with <code>systemctl restart monero</code></p> <p>Verify it is up <code>systemctl status monero</code></p> <p>Verify it is working as intended <code>tail -n100 /var/log/monero/monero.log</code></p> <h3 id=etcmoneroconf>/etc/monero.conf<a class=headerlink href=#etcmoneroconf title="Permanent link">&para;</a></h3> <p>This is just an example configuration and it is by no means authoritative. Feel free to modify, see <a href=/interacting/monerod-reference>monerod reference</a>.</p> <p>Modify paths if you changed them.</p> <p>Print your onion address with <code>cat /var/lib/tor/monero/hostname</code> and paste it to <code>anonymous-inbound</code> option.</p> <div class=highlight><pre><span></span><code><span class=c1># /etc/monero.conf</span>
<span class=c1># </span>
<span class=c1># Configuration file for monerod. For all available options see the MoneroDocs:</span>
<span class=c1># https://monerodocs.org/interacting/monerod-reference/</span>
<span class=c1># Data directory (blockchain db and indices)</span>
<span class="l l-Scalar l-Scalar-Plain">data-dir=/srv/monero</span>
<span class="l l-Scalar l-Scalar-Plain"># Optional prunning</span>
<span class="l l-Scalar l-Scalar-Plain"># prune-blockchain=1</span> <span class=c1># Pruning saves 2/3 of disk space w/o degrading functionality but contributes less to the network</span>
<span class=c1># sync-pruned-blocks=1 # Allow downloading pruned blocks instead of prunning them yourself</span>
<span class="l l-Scalar l-Scalar-Plain">check-updates=disabled</span> <span class=c1># Do not check DNS TXT records for a new version</span>
<span class=c1># Log file</span>
<span class="l l-Scalar l-Scalar-Plain">log-file=/var/log/monero/monero.log</span>
<span class="l l-Scalar l-Scalar-Plain">log-level=0</span> <span class=c1># Minimal logs, WILL NOT log peers or wallets connecting</span>
<span class="l l-Scalar l-Scalar-Plain">max-log-file-size=2147483648</span> <span class=c1># Set to 2GB to mitigate log trimming by monerod; configure logrotate instead</span>
<span class=c1># P2P full node</span>
<span class="l l-Scalar l-Scalar-Plain">p2p-bind-ip=0.0.0.0</span> <span class=c1># Bind to all interfaces (the default)</span>
<span class="l l-Scalar l-Scalar-Plain">p2p-bind-port=18080</span> <span class=c1># Bind to default port</span>
<span class=c1># RPC open node</span>
<span class="l l-Scalar l-Scalar-Plain">public-node=1</span> <span class=c1># Advertise to other users they can use this node as a remote one for connecting their wallets</span>
<span class="l l-Scalar l-Scalar-Plain">confirm-external-bind=1</span> <span class=c1># Open Node (confirm)</span>
<span class="l l-Scalar l-Scalar-Plain">rpc-bind-ip=0.0.0.0</span> <span class=c1># Bind to all interfaces (the Open Node)</span>
<span class="l l-Scalar l-Scalar-Plain">rpc-bind-port=18081</span> <span class=c1># Bind to default port (the Open Node)</span>
<span class="l l-Scalar l-Scalar-Plain">restricted-rpc=1</span> <span class=c1># Obligatory for Open Node interface</span>
<span class="l l-Scalar l-Scalar-Plain">no-igd=1</span> <span class=c1># Disable UPnP port mapping</span>
<span class="l l-Scalar l-Scalar-Plain">no-zmq=1</span> <span class=c1># Disable ZMQ RPC server to decrease attack surface (it&#39;s not used)</span>
<span class=c1># RPC TLS</span>
<span class="l l-Scalar l-Scalar-Plain">rpc-ssl=autodetect</span> <span class=c1># Use TLS if client wallet supports it (the default behavior); the certificate will be generated on the fly on every restart</span>
<span class=c1># Mempool size</span>
<span class="l l-Scalar l-Scalar-Plain">max-txpool-weight=268435456</span> <span class=c1># Maximum unconfirmed transactions pool size in bytes (here 256MB, default ~618MB)</span>
<span class=c1># Slow but reliable db writes</span>
<span class="l l-Scalar l-Scalar-Plain">db-sync-mode=safe</span>
<span class="l l-Scalar l-Scalar-Plain">out-peers=64</span> <span class=c1># This will enable much faster sync and tx awareness; the default 8 is suboptimal nowadays</span>
<span class="l l-Scalar l-Scalar-Plain">in-peers=64</span> <span class=c1># The default is unlimited; we prefer to put a cap on this</span>
<span class="l l-Scalar l-Scalar-Plain">limit-rate-up=1048576</span> <span class=c1># 1048576 kB/s == 1GB/s; a raise from default 2048 kB/s; contribute more to p2p network</span>
<span class="l l-Scalar l-Scalar-Plain">limit-rate-down=1048576</span> <span class=c1># 1048576 kB/s == 1GB/s; a raise from default 8192 kB/s; allow for faster initial sync</span>
<span class=c1># Tor: broadcast transactions originating from connected wallets over Tor (does not concern relayed transactions)</span>
<span class="l l-Scalar l-Scalar-Plain">tx-proxy=tor,127.0.0.1:9050,16</span>
<span class="l l-Scalar l-Scalar-Plain"># Tor</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">add P2P seed nodes for the Tor network</span>
<span class="l l-Scalar l-Scalar-Plain">add-peer=moneroxmrxw44lku6qniyarpwgznpcwml4drq7vb24ppatlcg4kmxpqd.onion:18080</span>
<span class="l l-Scalar l-Scalar-Plain">add-peer=monerozf6koypqrt.onion:18080</span>
<span class="l l-Scalar l-Scalar-Plain">add-peer=zbjkbsxc5munw3qusl7j2hpcmikhqocdf4pqhnhtpzw5nt5jrmofptid.onion:18083</span> <span class=c1># https://github.com/monero-project/monero/blob/master/src/p2p/net_node.inl</span>
<span class="l l-Scalar l-Scalar-Plain">add-peer=rno75kjcw3ein6i446sqby2xkyqjarb75oq36ah6c2mribyklzhurpyd.onion:28083</span> <span class=c1># it&#39;s mainnet despite the weird port, according to reddit</span>
<span class="l l-Scalar l-Scalar-Plain">add-peer=sqzrokz36lgkng2i2nlzgzns2ugcxqosflygsxbkybb4xn6gq3ouugqd.onion:18083</span> <span class=c1># very flaky, works 1 in 3 times</span>
<span class=c1># Tor: tell monerod your onion address so it can be advertised on P2P network</span>
<span class="l l-Scalar l-Scalar-Plain">anonymous-inbound=PASTE_YOUR_ONION_HOSTNAME:18083,127.0.0.1:18083,64</span>
<span class=c1># Tor: be forgiving to connecting wallets; suggested by http://xmrguide42y34onq.onion/remote_nodes</span>
<span class="l l-Scalar l-Scalar-Plain">disable-rpc-ban=1</span>
</code></pre></div> <h3 id=etcmoneroservice>/etc/.../monero.service<a class=headerlink href=#etcmoneroservice title="Permanent link">&para;</a></h3> <div class=highlight><pre><span></span><code><span class=c1># /etc/systemd/system/monero.service</span>
<span class=k>[Unit]</span>
<span class=na>Description</span><span class=o>=</span><span class=s>Monero Daemon</span>
<span class=na>After</span><span class=o>=</span><span class=s>network.target</span>
<span class=na>Wants</span><span class=o>=</span><span class=s>network.target</span>
<span class=k>[Service]</span>
<span class=na>ExecStart</span><span class=o>=</span><span class=s>/opt/monero/monerod --detach --config-file /etc/monero.conf --pidfile /run/monero/monerod.pid</span>
<span class=na>ExecStartPost</span><span class=o>=</span><span class=s>/bin/sleep 0.1</span>
<span class=na>Type</span><span class=o>=</span><span class=s>forking</span>
<span class=na>PIDFile</span><span class=o>=</span><span class=s>/run/monero/monerod.pid</span>
<span class=na>Restart</span><span class=o>=</span><span class=s>always</span>
<span class=na>RestartSec</span><span class=o>=</span><span class=s>16</span>
<span class=na>User</span><span class=o>=</span><span class=s>monero</span>
<span class=na>Group</span><span class=o>=</span><span class=s>monero</span>
<span class=na>RuntimeDirectory</span><span class=o>=</span><span class=s>monero</span>
<span class=na>StandardOutput</span><span class=o>=</span><span class=s>journal</span>
<span class=na>StandardError</span><span class=o>=</span><span class=s>journal</span>
<span class=k>[Install]</span>
<span class=na>WantedBy</span><span class=o>=</span><span class=s>multi-user.target</span>
</code></pre></div> <h2 id=open-firewall-ports>Open firewall ports<a class=headerlink href=#open-firewall-ports title="Permanent link">&para;</a></h2> <p>If you use a firewall (and you should), open <code>18080</code> and <code>18081</code> ports for incoming TCP connections. These are for the incoming <strong>clearnet</strong> connections, P2P and RPC respectively.</p> <p>You <strong>do not</strong> need to open any ports for Tor. The onion services work with virtual ports. The <code>tor</code> daemon does not directly accept incoming connections and so it needs no open ports.</p> <p>For example, for popular ufw firewall, that would be:</p> <div class=highlight><pre><span></span><code>ufw allow <span class=m>18080</span>/tcp
ufw allow <span class=m>18081</span>/tcp
</code></pre></div> <p>To verify, use <code>ufw status</code>. The output should be similar to the following (the <code>22</code> being default SSH port, unrelated to Monero):</p> <div class=highlight><pre><span></span><code>To Action From
-- ------ ----
22/tcp LIMIT Anywhere
18080/tcp ALLOW Anywhere
18081/tcp ALLOW Anywhere
22/tcp (v6) LIMIT Anywhere (v6)
18080/tcp (v6) ALLOW Anywhere (v6)
18081/tcp (v6) ALLOW Anywhere (v6)
</code></pre></div> <h2 id=testing>Testing<a class=headerlink href=#testing title="Permanent link">&para;</a></h2> <h3 id=on-server>On server<a class=headerlink href=#on-server title="Permanent link">&para;</a></h3> <p>List all services listening on ports and make sure it is what you expect:</p> <p><code>sudo netstat -lntpu</code></p> <p>The output should include these (in any order); obviously the PID values will differ.</p> <div class=highlight><pre><span></span><code>Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
...
tcp 0 0 0.0.0.0:18080 0.0.0.0:* LISTEN 259255/monerod
tcp 0 0 0.0.0.0:18081 0.0.0.0:* LISTEN 259255/monerod
tcp 0 0 127.0.0.1:18083 0.0.0.0:* LISTEN 259255/monerod
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 258786/tor
</code></pre></div> <h3 id=on-client-machine>On client machine<a class=headerlink href=#on-client-machine title="Permanent link">&para;</a></h3> <p>Finally, we want to test connections from your client machine.</p> <p>Install <code>tor</code> and <code>torsocks</code> on your laptop, you will want them anyway for Monero wallet.</p> <p>Just for testing, you will also need <code>nmap</code> and <code>proxychains</code>.</p> <p>Test <strong>clearnet P2P</strong> connection:</p> <p><code>nmap -Pn -p 18080 YOUR_IP_ADDRESS_HERE</code></p> <p>Test <strong>clearnet RPC</strong> connection:</p> <p><code>curl --digest -X POST http://YOUR_IP_ADDRESS_HERE:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json'</code></p> <p>Test <strong>onion P2P</strong> connection (skip if you don't have proxychains):</p> <p><code>proxychains nmap -Pn -p 18083 YOUR_ONION_ADDRESS_HERE.onion</code></p> <p>Test <strong>onion RPC</strong> connection:</p> <p><code>torsocks curl --digest -X POST http://YOUR_ONION_ADDRESS_HERE.onion:18081/json_rpc -d '{"jsonrpc":"2.0","id":"0","method":"get_info"}' -H 'Content-Type: application/json'</code></p> <h2 id=debugging>Debugging<a class=headerlink href=#debugging title="Permanent link">&para;</a></h2> <p>Tor:</p> <ul> <li>Status: <code>systemctl status tor@default</code></li> <li>Logs: <code>journalctl -xe --unit tor@default</code></li> </ul> <p>Monero:</p> <ul> <li>Status: <code>systemctl status monero</code></li> <li>Logs: <code>tail -n100 /var/log/monero/monero.log</code></li> <li>Logs more info: change <code>log-level=0</code> to <code>log-level=1</code> in <code>monero.conf</code> (remember to revert once solved)</li> </ul> <h2 id=further-improvements>Further improvements<a class=headerlink href=#further-improvements title="Permanent link">&para;</a></h2> <h3 id=periodic-restarts>Periodic restarts<a class=headerlink href=#periodic-restarts title="Permanent link">&para;</a></h3> <p>It's likely worthwhile to add peridic auto-restarting to both <code>tor</code> and <code>monerod</code> every couple hours. Neither daemon is perfect; they can get stuck or leak memory in edge case situations, like the recent attacks on Tor v3 or DDoS attacks on the Monero network. One possible way would be to use systemd timers.</p> </article> </div> </div> </main> <footer class=md-footer> <div class=md-footer-nav> <nav class="md-footer-nav__inner md-grid" aria-label=Footer> <a href=../../infrastructure/monero-pulse/ class="md-footer-nav__link md-footer-nav__link--prev" rel=prev> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </div> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Previous </span> MoneroPulse </div> </div> </a> <a href=../../accepting-monero/overview/ class="md-footer-nav__link md-footer-nav__link--next" rel=next> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Next </span> Overview </div> </div> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg> </div> </a> </nav> </div> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-footer-copyright style="margin: auto;"> <a href=http://bumz4sduzxzlobbgzy5fiufdflg3mo2jyecdwdx5rphrqldms7wlmiid.onion/ >Tor onion version</a> &nbsp; | &nbsp; <a href=https://qertoip.com/ >contact</a> &nbsp; | &nbsp; © 2021 MoneroDocs under <a href=https://opensource.org/licenses/MIT>MIT</a> &nbsp; | &nbsp; built w/ <a href=https://www.mkdocs.org/ >mkdocs</a> and <a href=https://squidfunk.github.io/mkdocs-material/ >squidfunk/material</a> </div> </div> </div> </footer> </div> <script src=../../assets/javascripts/vendor.93c04032.min.js></script> <script src=../../assets/javascripts/bundle.83e5331e.min.js></script><script id=__lang type=application/json>{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script> <script>
app = initialize({
base: "../..",
features: [],
search: Object.assign({
worker: "../../assets/javascripts/worker/search.8c7e0a7e.min.js"
}, typeof search !== "undefined" && search)
})
</script> <script data-goatcounter=https://gc.monerodocs.org/count async src=https://gc.monerodocs.org/count.js></script> </body> </html>