Configure Bitcoin Core

Configure Bitcoin Core before starting your node.

Configure Bitcoin Core

Base Configuration

Let's create the needed files:

cd ~
mkdir ~/.bitcoin
touch ~/.bitcoin/bitcoin.conf

Add the following configuration to the bitcoin.conf file we just created:

With the configuration below the node will be accessible only on localhost and on the Tor network. Refer to the configuration file on this page if you wish to also expose your node via IPv4/IPv6.

# Enable JSON-RPC API on port 8332
server=1
# Restrict JSON-RPC API to localhost only
rpcbind=127.0.0.1
rpcallowip=127.0.0.1
# Run Bitcoin Core as a background daemon
daemon=1
# Accept incoming P2P traffic (port 8333) to be a full participant in the network 
# If set to 0, other nodes can't sync from us, but we can still sync from them
listen=1
# Keep full index of all transactions, not just those of the node's wallet.
# Uses more space but allows querying any transaction by its txid
# We need it if we want to run an Electrum Server or a blockchain explorer
txindex=1
# Cache size in MBs. Lower it to 500 after the first blockchain sync is complete. 
dbcache=3000
# Run the node **only** on the Tor network
onlynet=onion
proxy=127.0.0.1:9050
bind=127.0.0.1
# Use native segwit addresses by default
addresstype=bech32
changetype=bech32

JSON-RPC API

Bitcoin provides a control interface via a JSON-RPC API on port 8332. We enabled with server=1 in the bitcoin.conf file.

Other locally running applications that need to interact with Bitcoin's JSON-RPC API will use the cookie located at ~/.bitcoin/.cookie.

If you ever want to connect remotely running applications to the JSON-RPC API, you can create a set of credentials with the command below:

python3 ~/bitcoin/share/rpcauth/rpcauth.py <username-of-your-choice>

Verify the output and append the mentioned line to the bottom of the bitcoin.conf file.

Save the plain text password securely because the line added to bitcoin.conf contains only the hash.

Configure Tor

Bitcoin Core and other applications you install will heavily rely on Tor to connect with peers and ensure our wallets remain accessible. Proper configuration is critical.

Base Configuration

Edit the configuration file:

sudo vim /etc/tor/torrc

Add the following lines:

SocksPort 9050
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1

  • SocksPort ⇒ SOCKS proxy, routes traffic through the Tor network

  • ControlPort ⇒ Allows other programs to interact with the Tor daemon

  • CookieAuthentication ⇒ Requires local cookie authentication to access the control port (/run/tor/control.authcookie)

  • CookieAuthFileGroupReadable ⇒ Only users in the debian-tor group can authenticate with the cookie

This configuration restricts Tor's control port to only local programs launched by our user.

Hidden Onion Service for the JSON-RPC API

Exposing the RPC API is not recommended unless you fully understand the risks. It is a prime target for brute-force attacks and zero-day exploits. If compromised, an attacker could steal your Bitcoin.

As configured, the JSON-RPC API is accessible only from localhost. To expose this port externally, you can create a Tor service for it, but as mentioned above it's not recommended.

Configure systemd service

Bitcoin Core's main program is bitcoind (short for Bitcoin Daemon). We will configure it as a systemd service to simplify management:

sudo vim /etc/systemd/system/bitcoind.service

Add the following:

[Unit]
Description=Bitcoin Daemon
After=network.target

[Service]
User=your_user
PIDFile=/home/your_user/.bitcoin/bitcoind.pid
ExecStart=/usr/local/bin/bitcoind
Restart=always
TimeoutSec=120
RestartSec=30

[Install]
WantedBy=multi-user.target

  • In User=, replace your_user with your own user

  • Do the same in the path of PIDFile=

  • Verify the path of ExecStart= by running the command which bitcoind

Finally, reload systemd:

sudo systemctl daemon-reload
PreviousInstall Bitcoin CoreNextStart Bitcoin Core

Last updated

Was this helpful?