Configure Bitcoin Core

Configure Bitcoin Core before starting your node.

Configure Bitcoin Core

Base Configuration

Let's create the needed files:

cd ~

mkdir ~/.bitcoin

touch ~/.bitcoin/bitcoin.conf

Add the following configuration to the bitcoin.conf file we just created:

With the configuration below the node will be accessible only on localhost and on the Tor network. Refer to the configuration file on this page if you wish to also expose your node via IPv4/IPv6.

# Enable JSON-RPC API on port 8332
server=1
# Restrict JSON-RPC API to localhost only
rpcbind=127.0.0.1
rpcallowip=127.0.0.1
# Run Bitcoin Core as a background daemon
daemon=1
# Accept incoming P2P traffic (port 8333) to be a full participant in the network 
# If set to 0, other nodes can't sync from us, but we can still sync from them
listen=1
# Keep full index of all transactions, not just those of the node's wallet.
# Uses more space but allows querying any transaction by its txid
# We need it if we want to run an Electrum Server or a blockchain explorer
txindex=1
# Cache size in MBs. Lower it to 500 after the first blockchain sync is complete. 
dbcache=3000
# Run the node **only** on the Tor network
onlynet=onion
proxy=127.0.0.1:9050
bind=127.0.0.1
# Use native segwit addresses by default
addresstype=bech32
changetype=bech32

JSON-RPC API

Bitcoin provides a control interface via a JSON-RPC API on port 8332. We enabled with server=1 in the bitcoin.conf file.

Other locally running applications that need to interact with Bitcoin's JSON-RPC API will use the cookie located at ~/.bitcoin/.cookie.

If you ever want to connect remotely running applications to the JSON-RPC API, you can create a set of credentials with the command below:

python3 ~/bitcoin/share/rpcauth/rpcauth.py <username-of-your-choice>

Verify the output and append the mentioned line to the bottom of the bitcoin.conf file.

Save the plain text password securely because the line added to bitcoin.conf contains only the hash.

Configure Tor

Bitcoin Core and other applications you install will heavily rely on Tor to connect with peers and ensure our wallets remain accessible. Proper configuration is critical.

Tor-default Configuration

Edit the default tor configuration file:

sudo vim /etc/tor/torrc

Add the following lines:

SocksPort 9050
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1

SocksPort ⇒ SOCKS proxy, routes traffic through the Tor network
ControlPort ⇒ Allows other programs to interact with the Tor daemon
CookieAuthentication ⇒ Requires local cookie authentication to access the control port (/run/tor/control.authcookie)
CookieAuthFileGroupReadable ⇒ Only users in the debian-tor group can authenticate with the cookie

This configuration restricts Tor's control port to only local programs launched by our user.

Now restart tor:

sudo systemctl restart tor@default

Tor-Instance Configuration

If you're using a different tor instance,the config above won't work because bitcoin won't be able to find the cookie auth file for the instance. So instead we will use password authentication to access the control port.

Choose a strong password, then generate a hash with tor:

tor --hash-password "YourStrongPasswordHere"

This will output a hash for the password specified, example:

16:DCC57869A5B8899B60F099CCF421641762DDD9DEFBB385F28A2031CE3C

Now edit your tor instance config like /etc/tor/instances/tor4bitcoin/torrc to add the following:

SocksPort 9060
ControlPort 9061
HashedControlPassword
16:DCC57869A5B8899B60F099CCF421641762DDD9DEFBB385F28A2031CE3C

Replace ports 9060/9061 by whatever free port you want.

Now enable and start the tor instance:

sudo systemctl enable --now tor@tor4bitcoin

Next edit ~/.bitcoin/bitcoin.conf and edit this line with the right tor socks port:

proxy=127.0.0.1:9060

Next add these lines. Make sure to add the right tor control port and the password you chose before.

torcontrol=127.0.0.1:9061
torpassword=YourStrongPasswordHere

Hidden Onion Service for the JSON-RPC API

Exposing the RPC API is not recommended unless you fully understand the risks. It is a prime target for brute-force attacks and zero-day exploits. If compromised, an attacker could steal your Bitcoin IF you enabled the node's wallet and had funds in it.

As configured, the JSON-RPC API is accessible only from localhost. To expose this port externally, you can create a Tor service for it.

Configure systemd service

Bitcoin Core's main program is bitcoind (short for Bitcoin Daemon). We will configure it as a systemd service to simplify management:

sudo vim /etc/systemd/system/bitcoind.service

Add the following:

[Unit]
Description=Bitcoin Daemon
After=network.target

[Service]
User=your_user
PIDFile=/home/your_user/.bitcoin/bitcoind.pid
ExecStart=/usr/local/bin/bitcoind
Restart=always
TimeoutSec=120
RestartSec=30

[Install]
WantedBy=multi-user.target

In User=, replace your_user with your own user
Do the same in the path of PIDFile=
Verify the path of ExecStart= by running the command which bitcoind

Finally, reload systemd:

sudo systemctl daemon-reload

PreviousInstall Bitcoin Core NextStart Bitcoin Core

Last updated 4 months ago

Was this helpful?

hashtagConfigure Bitcoin Core

hashtagBase Configuration

hashtagJSON-RPC API

hashtagConfigure Tor

hashtagTor-default Configuration

hashtagTor-Instance Configuration

hashtagHidden Onion Service for the JSON-RPC API

hashtagConfigure systemd service