Introduction
Monero, known for its superior privacy features, empowers users with untraceable and anonymous peer-to-peer cash. This guide focuses on setting up Monero's CLI daemon, a command-line tool that facilitates interaction with the network and ensures your participation in the secure and private Monero ecosystem.
Whether you are a seasoned enthusiast or new to Monero, this guide will walk you through the process of configuring your own Monero node using official binaries, which will function as a personal backend server for XMR wallets and eliminate the need to trust a pre-packaged image or public node instance.
Prerequisites
- Intel/AMD 64-bit computer with Ubuntu Server LTS installed.
- Minimum 256 GigaByte NVMe/SSD storage.
- Minimum 4 Gigabytes RAM.
- Reliable internet connection & power supply.
It's worthwhile checking your system's BIOS power settings and enabling any automatic power-on modes if one is available. This reduces downtime after a power loss by automatically booting the device once power returns.
Install Guide
User Creation
Create a secondary, unprivileged user called "monero."
sudo addgroup --system monero
sudo adduser --system --home /var/lib/monero --ingroup monero --disabled-login monero
Preparation
Create the following new directories.
sudo mkdir /var/run/monero
sudo mkdir /var/log/monero
sudo mkdir /etc/monero
Set the correct folder permissions for the unprivileged user "monero."
sudo chown monero:monero /var/run/monero
sudo chown monero:monero /var/log/monero
sudo chown -R monero:monero /etc/monero
Run a complete system upgrade.
sudo apt update && sudo apt upgrade -y
Install required dependencies.
sudo apt install ufw perl gpg bzip2 curl -y
Local IP
Run the following command if you don't know your node's local IP. Please note it for future reference.
hostname -I
Firewall Configuration
To ensure the system is hardened, UFW locks down the firewall, allowing access only to the ports required for SSH and restricted RPC access.
Deny all non-explicitly allowed ports.
sudo ufw default deny incoming
sudo ufw default allow outgoing
Allow SSH access.
sudo ufw allow ssh
Allow restricted RPC access.
sudo ufw allow 18089/tcp
Enable UFW.
sudo ufw enable
Configure Tor
Create a new sources file for Tor.
sudo nano /etc/apt/sources.list.d/tor.list
Paste the following lines, then save and exit the file with "control+x," confirm with "y," then "enter."
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org jammy main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org jammy main
Import the Tor project's gpg key.
sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | sudo tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Install Tor and Tor Debian keyring.
sudo apt update && sudo apt install tor deb.torproject.org-keyring -y
Create a directory for the Tor hidden service files.
sudo mkdir /var/lib/tor/hidden_service
Set the correct folder permissions.
sudo chown debian-tor:debian-tor /var/lib/tor/hidden_service
Open the "torrc" file.
sudo nano /etc/tor/torrc
Paste the following at the top of the file, then save and exit.
# Hidden Service Monerod
HiddenServiceDir /var/lib/tor/hidden_service/monero-rpc
HiddenServicePort 18089 127.0.0.1:18089
Reload the Tor service.
sudo systemctl restart tor
Configure Monero Daemon
Download & Verify Monerod
Create a downloads directory.
mkdir ~/downloads
Enter the directory.
cd ~/downloads
Download Monerod.
torsocks wget -O monero-linux-x64.tar.bz2 https://downloads.getmonero.org/cli/linux64
Download Monerod hashes.
torsocks wget -O hashes.txt https://www.getmonero.org/downloads/hashes.txt
Import Monero developer's keys.
torsocks curl -s https://api.github.com/repos/monero-project/monero/contents/utils/gpg_keys | \
grep download_url | cut -d '"' -f 4 | \
xargs -n 1 curl -O && \
ls *.asc | xargs -n 1 gpg --import && \
rm *.asc
Verify the authenticity of the downloaded "hashes.txt" file.
gpg --verify hashes.txt
This will perform signature checks for the public keys that signed the hashes file.
Obtain the SHA256 hash of the downloaded Monerod binary.
shasum -a 256 monero-linux-x64.tar.bz2
Confirm that the outputted hash matches the "monero-linux-x64" hash in the verified "hashes.txt" file.
grep -e $(sha256sum monero-linux-x64.tar.bz2) hashes.txt
Once the hashes are a confirmed match, remove the hashes file.
rm hashes.txt
Installing Monero
Unpackage Monerod.
tar xvf monero-linux-*.tar.bz2
Remove the archive.
rm monero-linux-*.tar.bz2
Copy the files to the correct directory.
sudo cp -r monero-x86_64-linux-gnu-*/* /usr/local/bin/
Remove the remaining folder.
rm -rf monero-x86_64-linux-gnu-*
Configuration
Create a Monerod configuration file.
sudo nano /etc/monero/monerod.conf
Paste in the following lines.
data-dir=/var/lib/monero/.bitmonero
log-file=/var/log/monero/monerod.log
rpc-restricted-bind-ip=0.0.0.0
rpc-restricted-bind-port=18089
no-igd=1
no-zmq=1
enable-dns-blocklist=1
#rpc-login=USERNAME:PASSWORD
Once completed, save and exit the file with "control+x," "y," and then "enter."
Service File
Create a service file.
sudo nano /etc/systemd/system/monerod.service
Paste in the following lines.
[Unit]
Description=Monerod RRPC Node
After=network.target
[Service]
Type=simple
PIDFile=/var/run/monero/monerod.pid
ExecStart=/usr/local/bin/monerod --config-file=/etc/monero/monerod.conf --pidfile /var/run/monero/monerod.pid --detach
Restart=on-failure
RestartSec=30
User=monero
Group=monero
RuntimeDirectory=monero
RuntimeDirectoryMode=0710
StateDirectory=monero
StateDirectoryMode=0710
LogsDirectory=monero
LogsDirectoryMode=0710
ConfigurationDirectory=monero
ConfigurationDirectoryMode=0710
PrivateTmp=true
ProtectSystem=full
ProtectHome=true
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
Save and exit the file and then reload systemd.
sudo systemctl daemon-reload
Starting Monerod
Enable the newly created systemd file.
sudo systemctl enable monerod
Start Monerod via the systemd service file.
sudo systemctl start monerod
To monitor block download progress, run the following command. The logs can be exited at any time with "control+c."
sudo tail -f /var/log/monero/monerod.log
Wallet Connections
Run the following command to obtain the onion address required for remote wallet connections over Tor.
sudo cat /var/lib/tor/hidden_service/monero-rpc/hostname
You can now enter the onion address into the node settings section of your chosen wallet. In the port section, be sure to use port 18089.
If your Monero wallet does not have integrated Tor capabilities, check out the Orbot Tor VPN/proxy application.
If you previously chose to configure an RPC username and password, also be sure to include these to pair the wallet successfully.
Congratulations, you are now hosting a private Monerod node and have configured remote wallet connections via Tor.
