oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

make the monero node go through tor

Browse source
This commit is contained in:
nihilist 2024-12-22 17:27:27 +01:00
parent b3f3ab7a00
commit 19f0e96a1c
1 changed files with 17 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

38
opsec/monero2024/node.html
View file

@ -76,15 +76,17 @@
<div class="row"> <div class="row">
<div class="col-lg-8 col-lg-offset-2"> <div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial Setup </b></h2> <h2><b>Initial Setup </b></h2>
<p>First install monero from the repositories:</p> <p>First install monero and tor from the repositories:</p>
<pre><code class="nim"> <pre><code class="nim">
[ nowhere.moe ] [ /dev/pts/0 ] [/srv/nowhere.moe] [ nowhere.moe ] [ /dev/pts/0 ] [/srv/nowhere.moe]
→ apt install monero -y → apt install monero tor -y
</pre></code>
<p>Then, create the following systemd service if you want to have a monero node to be publicly accessible via the IP directly:</p>
<pre><code class="nim">
[ nowhere.moe ] [ /dev/pts/0 ] [/srv/nowhere.moe] [ nowhere.moe ] [ /dev/pts/0 ] [/srv/nowhere.moe]
→ vim /etc/systemd/system/moneronode.service → vim /etc/systemd/system/moneronode.service
[ nowhere.moe ] [ /dev/pts/0 ] [/srv/nowhere.moe] [ Wonderland ] [ /dev/pts/9 ] [/srv]
→ cat /etc/systemd/system/moneronode.service → cat /etc/systemd/system/moneronode.service
[Unit] [Unit]
Description=monerod Description=monerod
@ -92,18 +94,22 @@ After=network.target
Wants=network.target Wants=network.target
[Service] [Service]
# sync the monero node without going through Tor
ExecStart=/usr/bin/monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /srv/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=0.0.0.0 --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --confirm-external-bind --non-interactive ExecStart=/usr/bin/monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /srv/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=0.0.0.0 --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --confirm-external-bind --non-interactive
Restart=on-failure Restart=on-failure
RestartSec=10s RestartSec=10s
StandardOutput=journal StandardOutput=journal
StandardError=journal StandardError=journal
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
</code></pre> </code></pre>
<p>If you want to have a local-only monero node to use over tor, you can use this config instead:</p> <p>However if your users are well-educated and are aware that <a href="../chainalysisattempts/index.html">Chainalysis are running malicious tor nodes</a>, <b>then they are NOT going to connect to non-onion monero nodes (and neither should you).</b> Plus if Monero is illegal in your country, you'll also want to synchronize it via Tor instead, so you can use this config instead:</p>
<pre><code class="nim"> <pre><code class="nim">
[ Wonderland ] [ /dev/pts/9 ] [/mnt/md3] [ Wonderland ] [ /dev/pts/9 ] [/mnt/md3]
→ cat /etc/systemd/system/moneronode.service → cat /etc/systemd/system/moneronode.service
@ -113,7 +119,10 @@ After=network.target
Wants=network.target Wants=network.target
[Service] [Service]
ExecStart=/usr/bin/monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /mnt/md3/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=127.0.0.1 --p2p-bind-ip=127.0.0.1 --p2p-bind-port=18080 --non-interactive
# sync the monero node while actually going through Tor (in case if Monero is illegal in your country)
ExecStart=/usr/bin/monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /srv/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=127.0.0.1 --p2p-bind-ip=127.0.0.1 --p2p-bind-port=18080 --non-interactive --proxy 127.0.0.1:9050 --tx-proxy tor,127.0.0.1:9050
Restart=on-failure Restart=on-failure
RestartSec=10s RestartSec=10s
@ -159,20 +168,7 @@ Jul 09 15:39:07 Datura monerod[8410]: 2023-07-09 13:39:07.182 I Synced 89
Jul 09 15:39:07 Datura monerod[8410]: 2023-07-09 13:39:07.376 I Synced 89138/2925934 (3%, 2836796 left) Jul 09 15:39:07 Datura monerod[8410]: 2023-07-09 13:39:07.376 I Synced 89138/2925934 (3%, 2836796 left)
</code></pre> </code></pre>
<p>On a SSD it may take 1 day, and weigh approximately 60 gigs as of writing this tutorial. The synchronisation is a very disk-intensive process, and so it is required to do it on a nvme disk or ssd at least. If you try to do that on a HDD it will take much, much longer. If you don't have a choice, sync it on a nvme somewhere and then rsync it to a server that has only HDDs.</p> <p>On a NVMe SSD it may take 2 days, and weigh approximately 90 gigs at the time of writing this tutorial. The synchronisation is a very disk-intensive process, and so it is required to do it on a nvme disk or ssd at least. If you try to do that on a HDD it will take much, much longer. If you don't have a choice, sync it on a nvme somewhere and then rsync it to a server that has only HDDs.</p>
<img src="1.png" class="imgRz">
<p>Then allow the ports you want from ufw:</p>
<pre><code class="nim">
root@XMR:~# sudo ufw allow 18080
Rules updated
Rules updated (v6)
root@XMR:~# sudo ufw allow 18081
Rules updated
Rules updated (v6)
</code></pre>
<p>Once you've finished setting up your monero instance, make sure you have it listed on <a href="https://monero.fail">https://monero.fail</a> or on <a href="https://xmr.nowhere.moe">https://xmr.nowhere.moe</a>.</p>
</div> </div>
</div><!-- /row --> </div><!-- /row -->
</div> <!-- /container --> </div> <!-- /container -->