Configuration

Fichier de configuration Monero

sudo nano /monero/monerod.conf

Contenu

# /monero/monerod.conf
#
# Configuration file for monerod. For all available options see the MoneroDocs:
# https://docs.getmonero.org/interacting/monerod-reference/

# Data directory (blockchain db and indices)
data-dir=/monero/fullnode   # Blockchain storage location

# Optional pruning
#prune-blockchain=1           # Pruning saves 2/3 of disk space w/o degrading functionality but contributes less to the network
#sync-pruned-blocks=1         # Allow downloading pruned blocks instead of prunning them yourself

# Centralized services
check-updates=disabled         # Do not check DNS TXT records for a new version
enable-dns-blocklist=1         # Block known malicious nodes

# Banlist
#ban-list=/path/to/ban.txt      # Local list of peers to ban

# Log file
log-file=/var/log/monero/monero.log
log-level=0                    # Minimal logs, WILL NOT log peers or wallets connecting
max-log-file-size=2147483648   # Set to 2GB to mitigate log trimming by monerod; configure logrotate instead

# P2P full node
p2p-bind-ip=0.0.0.0            # Bind to all interfaces (the default)
p2p-bind-port=18080            # Bind to default port
#no-igd=1                       # Disable UPnP port mapping

# RPC open node
public-node=1                  # Advertise to other users they can use this node for connecting their wallets
rpc-restricted-bind-ip=0.0.0.0 # Bind to all interfaces (the Open Node)
rpc-restricted-bind-port=18089 # Bind to a new RESTRICTED port (the Open Node)
rpc-bind-ip=127.0.0.1          # IP to listen on for admin API
rpc-bind-port=18081            # TCP port to listen on for admin API

# RPC TLS
rpc-ssl=autodetect             # Use TLS if client wallet supports it; [enabled|disabled|(default)autodetect]

# ZMQ
#zmq-rpc-bind-ip=127.0.0.1      # Default 127.0.0.1
#zmq-rpc-bind-port=18082        # Default 18082
zmq-pub=tcp://127.0.0.1:18083  # ZMQ pub
#no-zmq=1                       # Disable ZMQ RPC server

# Mempool size
max-txpool-weight=2684354560   # Maximum unconfirmed transactions pool size in bytes (here ~2.5GB, default ~618MB)

# Database sync mode
#db-sync-mode=safe:sync        # Slow but reliable db writes

# Network limits
out-peers=12              # Default 12
in-peers=48               # The default is unlimited; we prefer to put a cap on this
limit-rate-up=2800         # 2800 kB/s (~ 2.8 MB/s ~ 22 Mbps)
limit-rate-down=800        # 800 kB/s (~ 0.8 MB/s ~ 6.4 Mbps)

# Tor/I2P: broadcast transactions originating from connected wallets over Tor/I2P (does not concern relayed transactions)
#tx-proxy=i2p,127.0.0.1:4447,12,disable_noise  # I2P
#tx-proxy=tor,127.0.0.1:9050,12,disable_noise  # Tor

# Tor/I2P: tell monerod your onion address so it can be advertised on P2P network
#anonymous-inbound=PASTE_YOUR_I2P_HOSTNAME,127.0.0.1:18085,24         # I2P
#anonymous-inbound=PASTE_YOUR_ONION_HOSTNAME:18084,127.0.0.1:18084,24 # Tor

# Tor: be forgiving to connecting wallets
disable-rpc-ban=1

Fichier de service Monero

sudo nano /etc/systemd/system/monerod.service

Contenu

# /etc/systemd/system/monerod.service

[Unit]
Description=Monero Daemon
After=network-online.target
Requires=network-online.target

[Service]
Type=simple
ExecStart=/usr/local/bin/monero-aarch64-linux-gnu-v0.18.4.6/monerod --config-file /monero/monerod.conf --non-interactive

Restart=on-failure
RestartSec=30

User=moneronode
Group=moneronode

StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target

Modifier les droits

sudo chown -R moneronode:moneronode /monero

Sur le pare-feu / passerelle

Connecté temporairement sur baggins en tant que mountdoom, mettre à jour UFW

sudo ufw route allow proto tcp from any to 192.168.10.50 port 18080 comment 'Monero full node'

sudo ufw route allow proto tcp from any to 192.168.10.50 port 18089 comment 'Monero full node'

Mettre à jour les règles de port-forwarding NAT

sudo nano /etc/ufw/before.rules

Ajouter ces lignes avant Masquerade de la section *nat

# Monero P2P port forwarding
-A PREROUTING -i eth1 -p tcp --dport 18080 -j DNAT --to-destination 192.168.10.50:18080
# Monero restricted RPC port forwarding
-A PREROUTING -i eth1 -p tcp --dport 18089 -j DNAT --to-destination 192.168.10.50:18089

Et recharger UFW

sudo ufw reload

Fin de la configuration pare-feu / passerelle

Activer le service

De retour sur gamgee en tant que mountdoom, exécuter

sudo systemctl daemon-reload

sudo systemctl enable --now monerod

Vérifier le fonctionnement

sudo systemctl status monerod

tail -n40 /var/log/monero/monero.log