Notes on setting up and running LND instances.
Example commands are given from the perspective of running Ubuntu
-
EC2: T3 Micro Instance or better
-
IP: A clear-net routing node should get a fairly static IP
-
OS: Ubuntu is pretty common, any OS
-
PORT: 9735 will be the standard P2P port, 10009 the standard gRPC port
-
DISK: 25 GB+
-
Note: EC2 will only give you 5 IPs per region
If using Bitcoin Core on mainnet, setup a disk that can host the entire Blockchain and transaction index: 500 GB.
If using Neutrino lite-mode a separate disk is not necessary.
If on EC2:
# adjust privs on PEM file
sudo chmod 600 ~/PATH_TO_PEM_FILE
Add an Elastic IP and associate it with the node
Connect:
ssh -i ~/path_to_downloaded_pem_file ubuntu@IP_OF_INSTANCE
Install your favorite editor, like emacs:
sudo apt update && sudo apt upgrade -y && sudo apt install -y emacs
# change owner of emacs config
sudo chown -R ubuntu ~/.emacs.d
If running on a public instance, increase the file descriptors limit:
sudo emacs /etc/sysctl.conf
Add line:
fs.file-max=512000
# Save and reboot
sudo reboot
If using an attached disk for the full Blockchain and it has not yet been initialized set it up as
something like /blockchain
# List storage
lsblk
# You will get the volume name appearing as something like nvme1n1
# Check on the storage to make sure it is empty
sudo file -s /dev/nvme1n1
# should show "/dev/nvme1n1: data" meaning empty
# Format the storage as ext4. It may take a second
sudo mkfs -t ext4 /dev/nvme1n1
# Make a directory for the volume and mount it
sudo mkdir /blockchain
sudo mount /dev/nvme1n1 /blockchain/
cd /blockchain
# Double check you have enough space
df -h .
# should show available space in the volume
# Automatically mount the partition, but first backup the existing config
sudo cp /etc/fstab /etc/fstab.bak
sudo emacs /etc/fstab
# Create entry in the file:
/dev/nvme1n1 /blockchain ext4 defaults,nofail 0 0
# Save and exit, then test:
sudo mount -a
# Should show no errors
# Take ownership of the directory:
sudo chown `whoami` /blockchain
Setup a local firewall:
sudo ufw logging on
sudo ufw enable
# PRESS Y
sudo ufw status
sudo ufw allow OpenSSH
sudo ufw allow 9735
sudo ufw allow 10009
Setup network flood protection:
sudo iptables -N syn_flood
sudo iptables -A INPUT -p tcp --syn -j syn_flood
sudo iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
sudo iptables -A syn_flood -j DROP
sudo iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT
sudo iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix PING-DROP:
sudo iptables -A INPUT -p icmp -j DROP
sudo iptables -A OUTPUT -p icmp -j ACCEPT
On a remote instance, set it up to use hardware keys only to authenticate
You can setup your SSH keys by editing ~/.ssh/authorized_keys
.
Use a #
comment above the keys to comment on what they are
If you want to run your node behind Tor? Install Tor.
Instructions:
sudo apt-get update && sudo apt install -y apt-transport-https
# Edit package sources for installation
sudo emacs /etc/apt/sources.list.d/tor.list
deb https://deb.torproject.org/torproject.org bionic main
deb-src https://deb.torproject.org/torproject.org bionic main
# Get the GPG key for Tor and add it to GPG
sudo curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | sudo gpg --import
sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
# Install the Tor package
sudo apt update && sudo apt install -y tor deb.torproject.org-keyring
# Add a user for Tor
sudo usermod -a -G debian-tor ubuntu
Then configure Tor:
# Edit the Tor configuration
sudo emacs /etc/tor/torrc
# Add these lines at the top of the file:
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
Log notice stdout
SOCKSPort 9050
# Restart the Tor service
sudo service tor restart
Using Bitcoin Core as a chain backend? Download Bitcoin Core.
Installation:
# Add repository and install
sudo add-apt-repository ppa:bitcoin/bitcoin -y
sudo apt update && sudo apt install -y bitcoind
Setup directories on the Blockchain storage volume, and also create the Bitcoin Core data directory in order to setup the configuration file:
mkdir /blockchain/.bitcoin && mkdir /blockchain/.bitcoin/data && mkdir ~/.bitcoin
Edit the configuration file. If you have an existing Bitcoin Core, use
getbestblockhash
to get the current chain tip hash.
emacs ~/.bitcoin/bitcoin.conf
Download and use the [Bitcoin Core RPC auth script] to generate credentials:
wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py
python ./rpcauth.py bitcoinrpc
# This will output the authentication string to add to bitcoin.conf
# Save the password, this will be used for LND configuration
Add this configuration:
# Set the best block hash here:
assumevalid=
# Run as a daemon mode without an interactive shell
daemon=1
# Set the data directory to the storage directory
datadir=/blockchain/.bitcoin/data
# Set the number of megabytes of RAM to use, set to like 50% of available memory
dbcache=3000
# Add visibility into mempool and RPC calls for potential LND debugging
debug=mempool
debug=rpc
# Turn off the wallet, it won't be used
disablewallet=1
# Don't bother listening for peers
listen=0
# Constrain the mempool to the number of megabytes needed:
maxmempool=100
# Limit uploading to peers
maxuploadtarget=1000
# Turn off serving SPV nodes
nopeerbloomfilters=1
peerbloomfilters=0
# Don't accept deprecated multi-sig style
permitbaremultisig=0
# Set the RPC auth to what was set above
rpcauth=
# Turn on the RPC server
server=1
# Set testnet if needed
testnet=1
# Turn on transaction lookup index
txindex=1
# Turn on ZMQ publishing
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28333
Using Tor? Add additional lines:
# Some mainnet peers
addnode=gyn2vguc35viks2b.onion
addnode=kvd44sw7skb5folw.onion
addnode=nkf5e6b7pl4jfd4a.onion
addnode=yu7sezmixhmyljn4.onion
addnode=3ffk7iumtx3cegbi.onion
addnode=3nmbbakinewlgdln.onion
addnode=4j77gihpokxu2kj4.onion
addnode=546esc6botbjfbxb.onion
addnode=5at7sq5nm76xijkd.onion
addnode=77mx2jsxaoyesz2p.onion
addnode=7g7j54btiaxhtsiy.onion
addnode=a6obdgzn67l7exu3.onion
addnode=ab64h7olpl7qpxci.onion
addnode=am2a4rahltfuxz6l.onion
addnode=azuxls4ihrr2mep7.onion
addnode=bitcoin7bi4op7wb.onion
addnode=bitcoinostk4e4re.onion
addnode=bk7yp6epnmcllq72.onion
addnode=bmutjfrj5btseddb.onion
addnode=ceeji4qpfs3ms3zc.onion
addnode=clexmzqio7yhdao4.onion
addnode=gb5ypqt63du3wfhn.onion
addnode=h2vlpudzphzqxutd.onion
# Only use Tor
onlynet=onion
# Connect to Tor proxy
proxy=127.0.0.1:9050
Start Bitcoin Core:
bitcoind
Add Bitcoin Core to crontab:
crontab -e
Add entry:
# Start Bitcoin Core on boot
@reboot bitcoind
Create an easy link to the debug log of Bitcoin Core:
# Mainnet:
ln -s /blockchain/.bitcoin/data/debug.log ~/bitcoind-mainnet.log
# Or Testnet:
ln -s /blockchain/.bitcoin/data/testnet3/debug.log ~/bitcoind-testnet.log
Building from source? Install Go
You can check if Go is installed and what version it is, and then install or update:
go version
# Should show Go version 1.13.3 or higher
# If an out of date Go is already installed
sudo rm -rf /usr/local/go
# If installing Go for the first time
sudo apt-get update && sudo apt-get -y upgrade
# Download Go
wget https://dl.google.com/go/go1.13.3.linux-amd64.tar.gz
# Extract it
sudo tar -xvf go1.13.3.linux-amd64.tar.gz
# Install it and remove the download
sudo mv go /usr/local && rm go1.13.3.linux-amd64.tar.gz
# On a new install, make a directory for it
mkdir ~/go
# On a new install, setup the path to use the Go directory
emacs ~/.profile
# Place lines at the end of the file:
GOPATH=$HOME/go
PATH="$HOME/bin:$GOPATH/bin:$HOME/.local/bin:/usr/local/go/bin:$PATH"
# Add an alias if running on Testnet
alias lncli="lncli --network=testnet"
# Save and exit, then run profile
. ~/.profile
Install LND on the machine, then setup its configuration
# Get build tools
sudo apt-get install -y build-essential
# Clone the LND repo and install LND
cd ~/
git clone https://github.com/lightningnetwork/lnd.git
cd lnd
make && make install tags="autopilotrpc chainrpc experimental invoicesrpc routerrpc signrpc walletrpc watchtowerrpc wtclientrpc"
mkdir ~/.lnd
emacs ~/.lnd/lnd.conf
Set configuration for LND:
[Application Options]
# Public network name
alias=YOUR_ALIAS
# Public hex color
color=#000000
# Log levels
debuglevel=CNCT=debug,HSWC=debug
# Public P2P IP
externalip=INSTANCE_IP
# Set the maximum amount of commit fees in a channel
max-channel-fee-allocation=1.0
# Set the max tiemout blocks of a payment
max-cltv-expiry=5000
# Pending channel limit
maxpendingchannels=10
# Min inbound channel limit
minchansize=5000000
# gRPC socket binding
rpclisten=0.0.0.0:10009
# Avoid slow startup time
sync-freelist=1
# Avoid high startup overhead
stagger-initial-reconnect=1
# TLS certificate IP
tlsextraip=IP_ADDRESS
# Allow disconnects
unsafe-disconnect=1
[autopilot]
# Turn on autopilot
autopilot.active=1
# Allocate on-chain funds to autopilot
autopilot.allocation=1.0
# Set the channel confs to wait for channel opens
autopilot.conftarget=2
# Use external scoring mode for autopilot
autopilot.heuristic=externalscore:1.0
# Set maximum channels for autopilot
autopilot.maxchannels=15
# Set the minimum channel size for autopilot
autopilot.minchansize=10000000
# Set the confirmations required
autopilot.minconfs=2
[Bitcoin]
# Turn on Bitcoin mode
bitcoin.active=1
# Set the channel confs to wait for channels
bitcoin.defaultchanconfs=2
# Forward fee rate in parts per million
bitcoin.feerate=1000
# Set bitcoin.testnet=1 or bitcoin.mainnet=1 as appropriate
bitcoin.mainnet=1
# Set backing node, bitcoin.node=neutrino or bitcoin.node=bitcoind
bitcoin.node=bitcoind
[bitcoind]
# Set the password to what the auth script said
bitcoind.rpcpass=
# Set the username
bitcoind.rpcuser=bitcoinrpc
# Set the ZMQ listeners
bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333
[neutrino]
# Mainnet addpeers
neutrino.connect=btcd-mainnet.lightning.computer
neutrino.connect=mainnet1-btcd.zaphq.io
neutrino.connect=mainnet2-btcd.zaphq.io
# Testnet addpeers
neutrino.addpeer=btcd-testnet.lightning.computer
neutrino.addpeer=testnet1-btcd.zaphq.io
neutrino.addpeer=testnet2-btcd.zaphq.io
# Set fee data URL, change to btc-fee-estimates.json if mainnet
neutrino.feeurl=https://nodes.lightning.computer/fees/v1/btctestnet-fee-estimates.json
[routerrpc]
# Set default chance of a hop success
routerrpc.apriorihopprob=0.40
# Set minimum desired savings of trying a cheaper path
routerrpc.attemptcost=10
# Set the number of historical routing records
routerrpc.maxmchistory=10000
# Set the min confidence in a path worth trying
routerrpc.minrtprob=0.001
# Set the time to forget past routing failures
routerrpc.penaltyhalflife=24h0m0s
[routing]
# Set validation of channels off: only if using Neutrino
routing.assumechanvalid=1
[tor]
# Enable Tor if using
tor.active=1
tor.streamisolation=1
tor.v3=1
# Start LND with nohup for non-interactive operation
nohup /home/ubuntu/go/bin/lnd > /dev/null 2> /home/ubuntu/.lnd/err.log &
Setup LND
openssl rand -hex 21 > ~/.lnd/wallet_password
cat ~/.lnd/wallet_password
# Copy this password
lncli create
# Follow prompts, use the wallet password as the initial password and set no cipher seed password
Edit crontab to run on startup and setup easy link of logs:
# Link if Mainnet
ln -s ~/.lnd/logs/bitcoin/mainnet/lnd.log ~/lnd-mainnet.log
# Link if Testnet
ln -s ~/.lnd/logs/bitcoin/testnet/lnd.log ~/lnd-testnet.log
# Setup crontab to start and unlock LND on boot
crontab -e
# Start LND on boot
@reboot nohup /home/ubuntu/go/bin/lnd > /dev/null 2> /home/ubuntu/.lnd/err.log &
# Unlock wallet if locked
* * * * * /home/ubuntu/.npm-global/bin/bos unlock /home/ubuntu/.lnd/wallet_password
# Update autopilot directives (use btc.json if mainnet)
0 * * * * /home/ubuntu/.npm-global/bin/bos autopilot on --url="https://nodes.lightning.computer/availability/v1/btctestnet.json"
## Connect the new node to some existing nodes to bootstrap the graph
# Testnet, connect to htlc.me, testnet.yalls.org
lncli connect 03c856d2dbec7454c48f311031f06bb99e3ca1ab15a9b9b35de14e139aa663b463@34.201.74.232:9735
lncli connect 027455aef8453d92f4706b560b61527cc217ddf14da41770e8ed6607190a1851b8@3.13.29.161:9735
# Mainnet, connect to some nodes, like:
lncli connect 03e50492eab4107a773141bb419e107bda3de3d55652e6e1a41225f06a0bbf2d56@3.13.48.80:9735
# Open channels to an initial node to bootstrap network connectivity
# testnet
lncli openchannel 03c856d2dbec7454c48f311031f06bb99e3ca1ab15a9b9b35de14e139aa663b463 500000
# mainnet
lncli openchannel 03e50492eab4107a773141bb419e107bda3de3d55652e6e1a41225f06a0bbf2d56 5000000
This will need a Node.js installation to run:
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt-get install -y nodejs
# Avoid using sudo with NPM
mkdir ~/.npm-global
npm config set prefix '~/.npm-global'
# Update path
emacs ~/.profile
# Add line to the end
PATH="$HOME/.npm-global/bin:$PATH"
# Save and exit, update shell:
. ~/.profile
# Install balanceofsatoshis
npm i -g balanceofsatoshis
bos chain-deposit
If you're using testnet, here are some faucets: