Tor is a great service to promote privacy and censorship resistance. These goals align directly with the Bitcoin network.
By running Bitcoin over Tor, you get the following benefits:
- It hides your IP address from the world
- You don't need to worry about setting up firewall port forwarding
- Promotes privacy for others to connect into your node anonymously
This guide is going to show how to set up an existing Bitcoin node to run over Tor. It is using a Bitcoin node that was set up on a Raspberry Pi (see the other article for details about how to get to this point).
See the video for a detailed walkthrough, but the instructions below will get you there quicker.
The first thing that you will need to do is to install Tor. On the Raspberry Pi this is as simple as...
$ sudo apt-get install tor
Once this has been installed, you should be able to query the tor service and see that it is enabled and running.
$ sudo systemctl status tor ● tor.service - Anonymizing overlay network for TCP (multi-instance-master) Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled) Active: active (exited) since Sat 2020-08-15 21:12:45 PDT; 13min ago Process: 427 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 427 (code=exited, status=0/SUCCESS)
Also you should see that port 9050 is listening for incoming connections to proxy for the local loopback address:
$ netstat -an | grep 9050 tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN
We will be setting up Bitcoin to run as a hidden service to allow incoming connections. To do this, we need to enable the Tor control port in the Tor config file.
$ sudo vi /etc/tor/torrc
Uncomment the following 2 lines to enable the control port and cookie authentication.
## The port on which Tor will listen for local connections from Tor ## controller applications, as documented in control-spec.txt. ControlPort 9051 ## If you enable the controlport, be sure to enable one of these ## authentication methods, to prevent attackers from accessing it. #HashedControlPassword ... CookieAuthentication 1
Next, restart the tor service and verify that port 9051 is listening.
$ sudo systemctl restart [email protected] $ netstat -an | grep 9051 tcp 0 0 127.0.0.1:9051 0.0.0.0:* LISTEN
Lastly, you need to add the user account running bitcoin to the Tor group so it can access the cookie file. You can see the cookie here:
$ ls -al /run/tor/ total 8 drwxr-sr-x 2 debian-tor debian-tor 120 Aug 15 21:12 . drwxr-xr-x 29 root root 860 Aug 15 21:25 .. srw-rw---- 1 debian-tor debian-tor 0 Aug 15 21:12 control -rw-r----- 1 debian-tor debian-tor 32 Aug 15 21:12 control.authcookie srw-rw-rw- 1 debian-tor debian-tor 0 Aug 15 21:12 socks -rw-r--r-- 1 debian-tor debian-tor 4 Aug 15 21:12 tor.pid
It is owned by the debian-tor group. The account I am running my node as is the "pi" user, but usually this may be the "bitcoin" user. Whichever one it is, add it to the debian-tor group.
$ sudo usermod -a -G debian-tor pi
You may need to reboot to pick this up. You can verify by running the "groups" command.
$ groups pi adm dialout cdrom sudo audio video plugdev games users input netdev debian-tor gpio i2c spi
You can see my user is in the debian-tor group now.
Finally, you need to configure bitcoind to use the proxy and also listen over Tor for incoming connections. This can be done one of 2 ways.
First, you can just add it to the command line:
$ bitcoind -proxy=127.0.0.1:9050 -listen -debug=tor
Or you can add it to your bitcoin.conf file:
proxy=127.0.0.1:9050 listen=1 debug=tor
The debug param tells it to print info about tor when the service comes up so you can see if anything is not working.
When you bring up the service, you should see a statement like
tor: Got service ID XXXXXXXXXX, advertising service XXXXXXXX.onion:8333
This means that the service was able to be configured and is up and running.
For any other debugging hints, see the Bitcoin readme about Tor.