This is a condensed tutorial for setting up a Bitcoin Lightning Network Node. At the time you are reading this, please check that you are using the latest versions of the software. Since the LN is in fast development, software versions change quickly.
- lnd v0.16.4-beta
- go 1.20.3
1. THE SERVER
You can either use a VPS server or use a physical computer. This guide will not cover the part of setting up the server.
A few things to note:
A static IPv4 address is almost a must if you plan on being a public Lightning Network routing node.
With VPS servers you will usually get a static IP automatically. If you plan on hosting your node at home, it depends on your arrangement with your ISP.
A Lightning Network Node is a “hot wallet”. All the keys for the operation of the node, for the funding of the channels is located on the Server. I would advise against hosting at the cheapest VPS you find out there. Use trusted VPS providers.
If using a physical server consider using a RAID1 setup for the storage to avoid downtime in the event of a HDD failure. Not just downtime, its a painful process of setting up the node from scratch and restoring all the configuration from backups. Also consider using a UPS (Uninterruptible Power Supply) to protect your server from short power outages and voltage fluctuations from the grid.
The specs of the server (especially the storage speed) will affect the initial blockchain sync time. But once the node is up to date the resource usage is low. A dual core CPU with 4GB ram is enough from my experience. The storage capacity should be upwards of 1 TB (1000 GB). If you want some peace of mind for a few years go for at least 2TB drives (NAS or Survailance drives made for 24/7 operation, or SSDs if your budget allows it.)
Ubuntu 20.04 LTS Server Edition will be used in this tutorial. Other linux distributions also work.
1.1 ADD NEW USER
Once the server is up and running, login and create a new user named bitcoin, pick a password for the new user when prompted.
sudo adduser bitcoin [sudo] password for user: Adding user `bitcoin' ... Adding new group `bitcoin' (1001) ... Adding new user `bitcoin' (1001) with group `bitcoin' ... Creating home directory `/home/bitcoin' ... Copying files from `/etc/skel' ... New password: Retype new password: passwd: password updated successfully Changing the user information for bitcoin Enter the new value, or press ENTER for the default Full Name : Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n] y
Add the new user bitcoin to the suduers group:
sudo usermod -aG sudo bitcoin
The new user is created. Now logout of the server and log back in using the username bitcoin.
1.2 CONFIGURE SSH
Have a SSH key ready. Check other tutorials on how to generate an SSH key. This can be for Windows users via Putty or from the Terminal using ssh-keygen for Linux and Mac users.
Make a new directory named .ssh. Then create the authorized_keys file where you will paste in your ssh pubkey.
mkdir ~/.ssh nano ~/.ssh/authorized_keys
Paste the key (it has to be a long string in one line) and then close ( CTRL +X) and confirm with yes (y) to save the file.
Fix the permissions:
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
Now test if the server login works. Log out and log back in, this time it should let you in without a password prompt. If it does not then you have to troubleshoot this until it works without a password prompt
Now we will disable SSH password login.
sudo nano /etc/ssh/sshd_config
In this file find the option:
# PasswordAuthentication yes
and change it to:
Save the file by pressing CTRL + X and then answering yes (y) to overwrite the existing file.
Now restart the SSH service:
sudo systemctl restart sshd.service
Test this by trying to login to the server now using a random username, for example:
ssh ffff@serverIP ffff@serverIP: Permission denied (publickey).
You should get this reply from the server. If you get a password prompt you did something wrong.
1.3 CONFIGURE UFW
To further protect the server we will configure UFW (Uncomplicated Firewall).
Add a rule for SSH:
sudo ufw limit 22
This will allow traffic to port 22 (ssh) to the server. But will limit the connections, so many unsuccesful attempts to connect to the server will be blocked.
Enable the firewall:
sudo ufw enable
Ideally you would whitelist the connection from your static public IP. But this is beyond this guide. Network configurations can differ so much it is difficult to capture all possible situations in this guide. Still some quick tips regarding the network:
If this is a home server that is connected via your router (the server has a local IP (for example 192.168.1.2) then it is already protected behind your router. I would in this case skip enabling UFW, but if you plan on forwarding port 22 (ssh) through your router (to access the server while you are away from home) then I would still enable UFW to have the LIMIT in place.
If this is a VPS and you have a static public IP at home then I would recommend to whitelist your home IP only. This is done with: sudo ufw allow from YOUR.HOME.PUBLIC.IP to any port 22 This way only you can connect to SSH, everyone else on the internet will see a closed port. Make sure you really have a static public IP at home, if it is dynamic you will lose access to the server once it changes.
One more security measure is to change the default SSH port (22) to something else (for example 22453). This is done in the file /etc/ssh/sshd_config by removing the comment (#) in front of Port 22 and change the port number. Also change the UFW command accordingly to the correct port.
sudo apt install wget git
2. INSTALL BITCOIND
We are now ready to install bitcoin and sync the blockchain. This guide uses bitcoin-24.0.1
We will make the src directory where we will keep downloaded software.
cd && mkdir src && cd src wget https://bitcoincore.org/bin/bitcoin-core-24.0.1/bitcoin-24.0.1-x86_64-linux-gnu.tar.gz
After it downloads you can extract it and copy bitcoind and bitcoin-cli to /usr/local/bin.
tar zxvf bitcoin-24.0.1-x86_64-linux-gnu.tar.gz cd bitcoin-24.0.1/bin/ sudo cp bitcoind bitcoin-cli /usr/local/bin
Bitcoin is now installed, next step is to generate a config. Follow these steps:
cd mkdir .bitcoin nano .bitcoin/bitcoin.conf
Paste the following config changing the USER and PASSWORD values to a strong random string. This will be later needed in the lnd config.
listen=1 server=1 daemon=1 port=8333 rpcport=8332 rpcbind=127.0.0.1 rpcallowip=127.0.0.1 rpcuser=USER #<-- CHANGE THIS rpcpassword=PASSWORD #<-- CHANGE THIS zmqpubrawblock=tcp://0.0.0.0:28332 zmqpubrawtx=tcp://0.0.0.0:28333 zmqpubhashblock=tcp://0.0.0.0:28334 txindex=1 blockfilterindex=1 peerbloomfilters=1 peerblockfilters=1
Press CTRL + X to save. And (y) to confirm.
Now start bitcoind and wait for it to sync. This might take a few days.
You can follow the log output to see the status of the sync:
tail -f .bitcoin/debug.log
Create a systemd script for automatic startup.
sudo nano /etc/systemd/system/bitcoin.service
Paste in the following:
[Unit] Description=Bitcoin's distributed currency daemon After=network.target [Service] User=bitcoin Group=bitcoin Type=forking ExecStart=/usr/local/bin/bitcoind -daemon -pid=/home/bitcoin/.bitcoin/bitcoind.pid -conf=/home/bitcoin/.bitcoin/bitcoin.conf -datadir=/home/bitcoin/.bitcoin PIDFile=/home/bitcoin/.bitcoin/bitcoind.pid Restart=always PrivateTmp=true TimeoutStopSec=60s TimeoutStartSec=2s StartLimitInterval=120s StartLimitBurst=5 [Install] WantedBy=multi-user.target
Press CTRL + X to save. And (y) to confirm.
Stop bitcoind if its already running and then enable and start the bitcoin.service:
bitcoin-cli stop sudo systemctl daemon-reload sudo systemctl enable bitcoin.service sudo systemctl start bitcoin.service
Verify if it is running.
sudo systemctl status bitcoin.service ● bitcoin.service - Bitcoin's distributed currency daemon Loaded: loaded (/etc/systemd/system/bitcoin.service; enabled; vendor prese> Active: active (running) since Mon 2023-05-01 08:32:02 UTC; 1 day 5h ago Process: 1280043 ExecStart=/usr/local/bin/bitcoind -daemon -pid=/home/user/> Main PID: 1280059 (bitcoind)
Also like before you can tail the log to see if it is running
tail -f .bitcoin/debug.log
You should wait for bitcoind to sync before starting lnd. But you can prepare the required software and create the lnd wallet while it is syncing.
3.1 Install golang
wget https://go.dev/dl/go1.20.3.linux-amd64.tar.gz sudo tar -C /usr/local -xzf go1.20.3.linux-amd64.tar.gz echo "export PATH=$PATH:~/go/bin:/usr/local/go/bin" >> ~/.bashrc
Log out of your ssh session and log back in, then verify go is installed. go version should return:
go version go.1.20.3 linux/amd64
3.2 INSTALL LND
git clone https://github.com/lightningnetwork/lnd.git
git checkout tags/v0.16.4-beta make install
This will install lnd to ~/go/bin/
3.3 CREATE CONFIG FILE
Create the .lnd directory and the config file in it.
mkdir ~/.lnd nano ~/.lnd/lnd.conf
Paste in the bellow config but modifying:
- BITCOIN_RPC_USERNAME – enter the rpc username from bitcoin.conf
- BITCOIN_RPC_PASSWORD – enter the rpc password from bitcoin.conf
#Alias #alias=YOURALIAS #externalip= ## LND Settings # Lets LND know to run on top of Bitcoin (as opposed to Litecoin) bitcoin.active=true bitcoin.mainnet=true # Lets LND know you are running Bitcoin Core (not btcd or Neutrino) bitcoin.node=bitcoind ## Bitcoind Settings # Tells LND what User/Pass to use to RPC to the Bitcoin node bitcoind.rpcuser=BITCOIN_RPC_USERNAME bitcoind.rpcpass=BITCOIN_RPC_PASSWORD # Allows LND & Bitcoin Core to communicate via ZeroMQ bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 ## Zap Settings # Tells LND to listen on all of your computer's interfaces # This could alternatively be set to your router's subnet IP tlsextraip=0.0.0.0 # Tells LND where to listen for RPC messages # This could also be set to your router's subnet IP rpclisten=0.0.0.0:10009
3.4 Create system service
sudo nano /etc/systemd/system/lnd.service
Paste in the following and save:
[Unit] Description=LND Lightning Daemon Requires=bitcoin.service After=bitcoin.service [Service] ExecStart=/home/bitcoin/go/bin/lnd PIDFile=/home/bitcoin/.lnd/lnd.pid User=bitcoin Group=bitcoin Type=simple KillMode=process TimeoutSec=180 Restart=always RestartSec=60 [Install] WantedBy=multi-user.target
sudo systemctl daemon reload sudo systemctl enable lnd.service
Before we start the service open another ssh session to the server and enter:
sudo journalctl -f -u lnd.service
Here we will see the log output of lnd to check for any issues.
Then in the previous console window start the lnd service:
sudo systemctl start lnd.service
If all goes well the log output should show no errors and stop at:
LTND: Waiting for wallet encryption password. Use `lncli create` to create a wallet, `lncli unlock` to unlock an existing wallet, or `lncli changepassword` to change the password of an existing wallet and unlock it.
3.5 CREATE WALLET
lncli create Input wallet password: Confirm password: Do you have an existing cipher seed mnemonic or extended master root key you want to use? Enter 'y' to use an existing cipher seed mnemonic, 'x' to use an extended master root key or 'n' to create a new seed (Enter y/x/n): n Your cipher seed can optionally be encrypted. Input your passphrase if you wish to encrypt it (or press enter to proceed without a cipher seed passphrase): Generating fresh cipher seed... !!!YOU MUST WRITE DOWN THIS SEED TO BE ABLE TO RESTORE THE WALLET!!! ---------------BEGIN LND CIPHER SEED--------------- 1. xxxx 2. xxxxx 3. xxxxx 4. xxxxx 5. xxxx 6. xxxxx 7. xxxxx 8. xxxxx 9. xxxx 10. xxxxx 11. xxxxx 12. xxxxx 13. xxxx 14. xxxxx 15. xxxxx 16. xxxxx 17. xxxx 18. xxxxx 19. xxxxx 20. xxxxx 21. xxxx 22. xxxxx 23. xxxxx 24. xxxxx ---------------END LND CIPHER SEED----------------- !!!YOU MUST WRITE DOWN THIS SEED TO BE ABLE TO RESTORE THE WALLET!!! lnd successfully initialized!
note: The seed is hidden in this example. You should see the seed words and write them down!
If bitcoin is still syncing you will have to wait before proceeding further. The log will show: Waiting for chain backend to finish sync.
If it is synced, you will see lnd will start syncing the graph. After a few minutes it should be ready. At this point you have a woriking Bitcoin Lightning Node.
4.1 BITBANANA ANDROID APP (ZAP)
The BitBanana app (previously known as Zap wallet) makes it easy to manage your node from your Android device. It includes opening channels, sending and receiving payments, statistics of your nodes routing activity and more.
To connect with the app you will need to install lndconnect.
To install it run:
cd ~/src git clone https://github.com/LN-Zap/lndconnect.git cd lndconnect make