Bitcoin Lightning Network Node Tutorial

This is a condensed tutorial for setting up a Bitcoin Lightning Network Node. At the time you are reading this, please check that you are using the latest versions of the software. Since the LN is in fast development, software versions change quickly.

Software used:

  • bitcoin-24.0.1
  • lnd v0.16.4-beta
  • go 1.20.3

1. THE SERVER

You can either use a VPS server or use a physical computer. This guide will not cover the part of setting up the server.

A few things to note:
A static IPv4 address is almost a must if you plan on being a public Lightning Network routing node.

With VPS servers you will usually get a static IP automatically. If you plan on hosting your node at home, it depends on your arrangement with your ISP.

A Lightning Network Node is a “hot wallet”. All the keys for the operation of the node, for the funding of the channels is located on the Server. I would advise against hosting at the cheapest VPS you find out there. Use trusted VPS providers.

If using a physical server consider using a RAID1 setup for the storage to avoid downtime in the event of a HDD failure. Not just downtime, its a painful process of setting up the node from scratch and restoring all the configuration from backups. Also consider using a UPS (Uninterruptible Power Supply) to protect your server from short power outages and voltage fluctuations from the grid.

The specs of the server (especially the storage speed) will affect the initial blockchain sync time. But once the node is up to date the resource usage is low. A dual core CPU with 4GB ram is enough from my experience. The storage capacity should be upwards of 1 TB (1000 GB). If you want some peace of mind for a few years go for at least 2TB drives (NAS or Survailance drives made for 24/7 operation, or SSDs if your budget allows it.)

Ubuntu 20.04 LTS Server Edition will be used in this tutorial. Other linux distributions also work.

1.1 ADD NEW USER

Once the server is up and running, login and create a new user named bitcoin, pick a password for the new user when prompted.

	sudo adduser bitcoin
[sudo] password for user: 
Adding user `bitcoin' ...
Adding new group `bitcoin' (1001) ...
Adding new user `bitcoin' (1001) with group `bitcoin' ...
Creating home directory `/home/bitcoin' ...
Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: password updated successfully
Changing the user information for bitcoin
Enter the new value, or press ENTER for the default
    Full Name []: 
    Room Number []: 
    Work Phone []: 
    Home Phone []: 
    Other []: 
Is the information correct? [Y/n] y

 

Add the new user bitcoin to the suduers group:

	sudo usermod -aG sudo bitcoin

 

The new user is created. Now logout of the server and log back in using the username bitcoin.

	ssh bitcoin@serverIP

 

1.2 CONFIGURE SSH

Have a SSH key ready. Check other tutorials on how to generate an SSH key. This can be for Windows users via Putty or from the Terminal using ssh-keygen for Linux and Mac users.

Make a new directory named .ssh. Then create the authorized_keys file where you will paste in your ssh pubkey.

	mkdir ~/.ssh
nano ~/.ssh/authorized_keys

Paste the key (it has to be a long string in one line) and then close ( CTRL +X) and confirm with yes (y) to save the file.

Fix the permissions:

	chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Now test if the server login works. Log out and log back in, this time it should let you in without a password prompt. If it does not then you have to troubleshoot this until it works without a password prompt

Now we will disable SSH password login.

	sudo nano /etc/ssh/sshd_config

In this file find the option:

# PasswordAuthentication yes

and change it to:

PasswordAuthentication no

Save the file by pressing CTRL + X and then answering yes (y) to overwrite the existing file.

Now restart the SSH service:

	sudo systemctl restart sshd.service

 

Test this by trying to login to the server now using a random username, for example:

	ssh ffff@serverIP 
ffff@serverIP: Permission denied (publickey).

 

You should get this reply from the server. If you get a password prompt you did something wrong.

1.3 CONFIGURE UFW

To further protect the server we will configure UFW (Uncomplicated Firewall).

Add a rule for SSH:

	sudo ufw limit 22

This will allow traffic to port 22 (ssh) to the server. But will limit the connections, so many unsuccesful attempts to connect to the server will be blocked.

Enable the firewall:

	sudo ufw enable

Ideally you would whitelist the connection from your static public IP. But this is beyond this guide. Network configurations can differ so much it is difficult to capture all possible situations in this guide. Still some quick tips regarding the network:

If this is a home server that is connected via your router (the server has a local IP (for example 192.168.1.2) then it is already protected behind your router. I would in this case skip enabling UFW, but if you plan on forwarding port 22 (ssh) through your router (to access the server while you are away from home) then I would still enable UFW to have the LIMIT in place.
If this is a VPS and you have a static public IP at home then I would recommend to whitelist your home IP only. This is done with: sudo ufw allow from YOUR.HOME.PUBLIC.IP to any port 22 This way only you can connect to SSH, everyone else on the internet will see a closed port. Make sure you really have a static public IP at home, if it is dynamic you will lose access to the server once it changes.
One more security measure is to change the default SSH port (22) to something else (for example 22453). This is done in the file /etc/ssh/sshd_config by removing the comment (#) in front of Port 22 and change the port number. Also change the UFW command accordingly to the correct port.

1.4 DEPENDENCIES

	sudo apt install wget git

 

2. INSTALL BITCOIND

We are now ready to install bitcoin and sync the blockchain. This guide uses bitcoin-24.0.1

We will make the src directory where we will keep downloaded software.

cd && mkdir src && cd src
wget https://bitcoincore.org/bin/bitcoin-core-24.0.1/bitcoin-24.0.1-x86_64-linux-gnu.tar.gz

 

After it downloads you can extract it and copy bitcoind and bitcoin-cli to /usr/local/bin.

tar zxvf bitcoin-24.0.1-x86_64-linux-gnu.tar.gz
cd bitcoin-24.0.1/bin/
sudo cp bitcoind bitcoin-cli /usr/local/bin

 

Bitcoin is now installed, next step is to generate a config. Follow these steps:

	cd
mkdir .bitcoin
nano .bitcoin/bitcoin.conf

 

Paste the following config changing the USER and PASSWORD values to a strong random string. This will be later needed in the lnd config.

	listen=1
server=1
daemon=1
port=8333
rpcport=8332
rpcbind=127.0.0.1
rpcallowip=127.0.0.1
rpcuser=USER #<-- CHANGE THIS
rpcpassword=PASSWORD #<-- CHANGE THIS

zmqpubrawblock=tcp://0.0.0.0:28332
zmqpubrawtx=tcp://0.0.0.0:28333
zmqpubhashblock=tcp://0.0.0.0:28334

txindex=1
blockfilterindex=1

peerbloomfilters=1
peerblockfilters=1

Press CTRL + X to save. And (y) to confirm.

Now start bitcoind and wait for it to sync. This might take a few days.

	bitcoind

 

You can follow the log output to see the status of the sync:

	tail -f .bitcoin/debug.log


Create a systemd script for automatic startup.

	sudo nano /etc/systemd/system/bitcoin.service


Paste in the following:

	[Unit]
Description=Bitcoin's distributed currency daemon
After=network.target

[Service]
User=bitcoin
Group=bitcoin

Type=forking
ExecStart=/usr/local/bin/bitcoind -daemon -pid=/home/bitcoin/.bitcoin/bitcoind.pid -conf=/home/bitcoin/.bitcoin/bitcoin.conf -datadir=/home/bitcoin/.bitcoin
PIDFile=/home/bitcoin/.bitcoin/bitcoind.pid

Restart=always
PrivateTmp=true
TimeoutStopSec=60s
TimeoutStartSec=2s
StartLimitInterval=120s
StartLimitBurst=5

[Install]
WantedBy=multi-user.target

Press CTRL + X to save. And (y) to confirm.

Stop bitcoind if its already running and then enable and start the bitcoin.service:

	bitcoin-cli stop
sudo systemctl daemon-reload
sudo systemctl enable bitcoin.service
sudo systemctl start bitcoin.service


Verify if it is running.

	sudo systemctl status bitcoin.service 
● bitcoin.service - Bitcoin's distributed currency daemon
     Loaded: loaded (/etc/systemd/system/bitcoin.service; enabled; vendor prese>
     Active: active (running) since Mon 2023-05-01 08:32:02 UTC; 1 day 5h ago
    Process: 1280043 ExecStart=/usr/local/bin/bitcoind -daemon -pid=/home/user/>
   Main PID: 1280059 (bitcoind)


Also like before you can tail the log to see if it is running

	tail -f .bitcoin/debug.log

 

3. LND

You should wait for bitcoind to sync before starting lnd. But you can prepare the required software and create the lnd wallet while it is syncing.

3.1 Install golang

cd ~/src
wget https://go.dev/dl/go1.20.3.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.20.3.linux-amd64.tar.gz
echo "export PATH=$PATH:~/go/bin:/usr/local/go/bin" >> ~/.bashrc


Log out of your ssh session and log back in, then verify go is installed. go version should return:

go version
go version go.1.20.3 linux/amd64

 

3.2 INSTALL LND

cd ~/src
git clone https://github.com/lightningnetwork/lnd.git

cd lnd
git checkout tags/v0.16.4-beta
make install

This will install lnd to ~/go/bin/

3.3 CREATE CONFIG FILE

 Create the .lnd directory and the config file in it.

	mkdir ~/.lnd
nano ~/.lnd/lnd.conf


Paste in the bellow config but modifying:

  • alias=YourCoolNodeAlias 
  • BITCOIN_RPC_USERNAME – enter the rpc username from bitcoin.conf
  • BITCOIN_RPC_PASSWORD – enter the rpc password from bitcoin.conf
	#Alias
#alias=YOURALIAS
#externalip=

## LND Settings
# Lets LND know to run on top of Bitcoin (as opposed to Litecoin)

bitcoin.active=true
bitcoin.mainnet=true

# Lets LND know you are running Bitcoin Core (not btcd or Neutrino)

bitcoin.node=bitcoind

## Bitcoind Settings
# Tells LND what User/Pass to use to RPC to the Bitcoin node

bitcoind.rpcuser=BITCOIN_RPC_USERNAME
bitcoind.rpcpass=BITCOIN_RPC_PASSWORD
# Allows LND & Bitcoin Core to communicate via ZeroMQ

bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333

## Zap Settings
# Tells LND to listen on all of your computer's interfaces
# This could alternatively be set to your router's subnet IP

tlsextraip=0.0.0.0

# Tells LND where to listen for RPC messages
# This could also be set to your router's subnet IP

rpclisten=0.0.0.0:10009

 

3.4 Create system service

 

	sudo nano /etc/systemd/system/lnd.service


Paste in the following and save:

	[Unit]
Description=LND Lightning Daemon
Requires=bitcoin.service
After=bitcoin.service

[Service]
ExecStart=/home/bitcoin/go/bin/lnd
PIDFile=/home/bitcoin/.lnd/lnd.pid
User=bitcoin
Group=bitcoin
Type=simple
KillMode=process
TimeoutSec=180
Restart=always
RestartSec=60

[Install]
WantedBy=multi-user.target


Reload:

	sudo systemctl daemon reload
sudo systemctl enable lnd.service


Before we start the service open another ssh session to the server and enter:

	sudo journalctl -f -u lnd.service


Here we will see the log output of lnd to check for any issues.

Then in the previous console window start the lnd service:

	sudo systemctl start lnd.service


If all goes well the log output should show no errors and stop at:

	LTND: Waiting for wallet encryption password. Use `lncli create` to create a wallet, `lncli unlock` to 
unlock an existing wallet, or `lncli changepassword` to change the password of an existing wallet and unlock it.


3.5 CREATE WALLET

Use the lncli command to create a new wallet. Write down the seed and keep it in a safe place!
	lncli create
Input wallet password: 
Confirm password: 

Do you have an existing cipher seed mnemonic or extended master root key you want to use?
Enter 'y' to use an existing cipher seed mnemonic, 'x' to use an extended master root key 
or 'n' to create a new seed (Enter y/x/n): n

Your cipher seed can optionally be encrypted.
Input your passphrase if you wish to encrypt it (or press enter to proceed without a cipher seed passphrase): 

Generating fresh cipher seed...

!!!YOU MUST WRITE DOWN THIS SEED TO BE ABLE TO RESTORE THE WALLET!!!

---------------BEGIN LND CIPHER SEED---------------
 1. xxxx       2. xxxxx      3. xxxxx   4. xxxxx   
 5. xxxx       6. xxxxx      7. xxxxx   8. xxxxx
 9. xxxx      10. xxxxx     11. xxxxx  12. xxxxx   
13. xxxx      14. xxxxx     15. xxxxx  16. xxxxx
17. xxxx      18. xxxxx     19. xxxxx  20. xxxxx   
21. xxxx      22. xxxxx     23. xxxxx  24. xxxxx   
---------------END LND CIPHER SEED-----------------

!!!YOU MUST WRITE DOWN THIS SEED TO BE ABLE TO RESTORE THE WALLET!!!

lnd successfully initialized!

 note: The seed is hidden in this example. You should see the seed words and write them down!

If bitcoin is still syncing you will have to wait before proceeding further. The log will show: Waiting for chain backend to finish sync.

If it is synced, you will see lnd will start syncing the graph. After a few minutes it should be ready. At this point you have a woriking Bitcoin Lightning Node.

4. EXTRAS

Consider the following extra steps to make managing your lighting node easier. 

4.1 BITBANANA ANDROID APP (ZAP)

The BitBanana app (previously known as Zap wallet) makes it easy to manage your node from your Android device. It includes opening channels, sending and receiving payments, statistics of your nodes routing activity and more.

To connect with the app you will need to install lndconnect.

To install it run:

	cd ~/src
git clone https://github.com/LN-Zap/lndconnect.git
cd lndconnect
make