⭐ Merited by Welsh (4)
Core Lightning
[1] Install dependencies
[2] Create another Tor hidden service for C-Lightning. Similar procedure as before.
[3] Below the other hidden service, add this info for Lightning.
[4] Then restart Tor and retrieve the new v3 Tor hostname for your Lightning installation. Copy it somewhere so you have it handy in step 7.
[5] Log into bitcoin user and download + build Lightning. v0.11.1 is the currently latest version.
[6] Create Lightning config.
[7] Enter the following. Alias can be chosen at will!
Replace onion_address_you_got with the hidden service hostname you got in step 4!
[8] Log back out of the unprivileged bitcoin account to install Lightning and create the service.
[9] In the service file, we need the following contents.
[10] Start the Lightning service
[11] To check if it's running, we can use the lightning-cli command as bitcoin user with any of its parameters.
[1] Install dependencies
Code:
sudo apt install autoconf automake build-essential git libtool libgmp-dev libsqlite3-dev python3 python3-pip python3-mako net-tools zlib1g-dev libsodium-dev gettext
pip3 install --upgrade pip
pip3 install --user poetry
echo -e '#!/bin/sh\ntouch $2\nexit 0' | sudo tee /usr/local/bin/mrkd
sudo chmod 755 /usr/local/bin/mrkd
pip3 install --upgrade pip
pip3 install --user poetry
echo -e '#!/bin/sh\ntouch $2\nexit 0' | sudo tee /usr/local/bin/mrkd
sudo chmod 755 /usr/local/bin/mrkd
[2] Create another Tor hidden service for C-Lightning. Similar procedure as before.
Code:
sudo nano /etc/tor/torrc
[3] Below the other hidden service, add this info for Lightning.
Code:
HiddenServiceDir /var/lib/tor/lightningd_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 9735 127.0.0.1:9735
HiddenServiceVersion 3
HiddenServicePort 9735 127.0.0.1:9735
[4] Then restart Tor and retrieve the new v3 Tor hostname for your Lightning installation. Copy it somewhere so you have it handy in step 7.
Code:
sudo service tor restart
sudo cat /var/lib/tor/lightningd_hidden_service/hostname
sudo cat /var/lib/tor/lightningd_hidden_service/hostname
[5] Log into bitcoin user and download + build Lightning. v0.11.1 is the currently latest version.
Code:
su - bitcoin
git clone https://github.com/ElementsProject/lightning.git
cd lightning
git checkout v0.11.1
./configure
make -j $(nproc)
git clone https://github.com/ElementsProject/lightning.git
cd lightning
git checkout v0.11.1
./configure
make -j $(nproc)
[6] Create Lightning config.
Code:
mkdir -p /home/bitcoin/.lightning/bitcoin
nano /home/bitcoin/.lightning/bitcoin/lightningd.conf
nano /home/bitcoin/.lightning/bitcoin/lightningd.conf
[7] Enter the following. Alias can be chosen at will!
Replace onion_address_you_got with the hidden service hostname you got in step 4!Code:
daemon
alias=alias_for_your_node
network=bitcoin
log-level=debug
log-file=/home/bitcoin/.lightning/debug.log
# incoming via tor
bind-addr=127.0.0.1:9735
announce-addr=onion_address_you_got.onion
# outgoing via tor
proxy=127.0.0.1:9050
always-use-proxy=true
alias=alias_for_your_node
network=bitcoin
log-level=debug
log-file=/home/bitcoin/.lightning/debug.log
# incoming via tor
bind-addr=127.0.0.1:9735
announce-addr=onion_address_you_got.onion
# outgoing via tor
proxy=127.0.0.1:9050
always-use-proxy=true
[8] Log back out of the unprivileged bitcoin account to install Lightning and create the service.
Code:
exit
cd /home/bitcoin/lightning
sudo make install
sudo nano /usr/lib/systemd/system/lightningd.service
cd /home/bitcoin/lightning
sudo make install
sudo nano /usr/lib/systemd/system/lightningd.service
[9] In the service file, we need the following contents.
Code:
[Unit]
Description=C-Lightning daemon
Requires=bitcoind.service
After=bitcoind.service
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/local/bin/lightningd --daemon --conf /home/bitcoin/.lightning/bitcoin/lightningd.conf
User=bitcoin
Group=bitcoin
Type=forking
Restart=on-failure
# Hardening measures
####################
# Provide a private /tmp and /var/tmp.
PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full
# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
Description=C-Lightning daemon
Requires=bitcoind.service
After=bitcoind.service
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/local/bin/lightningd --daemon --conf /home/bitcoin/.lightning/bitcoin/lightningd.conf
User=bitcoin
Group=bitcoin
Type=forking
Restart=on-failure
# Hardening measures
####################
# Provide a private /tmp and /var/tmp.
PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full
# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
[10] Start the Lightning service
Code:
sudo systemctl enable lightningd.service
sudo service lightningd start
sudo service lightningd start
[11] To check if it's running, we can use the lightning-cli command as bitcoin user with any of its parameters.
Code:
su - bitcoin
lightning-cli getinfo
lightning-cli getinfo