iCryptoNode is an open source software project to manage blockchain daemons, specifically for single-board computers like Raspberry Pi. It aims to be blockchain agnostic by standardizing interfaces.
For now, we are only supporting Bitcoin and Monero.
Anyone can use or build this software. Development is sponsored by iCryptoNode.com which sells hardware pre-installed and configured with iCryptoNode and blockchain software.
- Blockchains:
- Bitcoin
- Monero
- More coming soon
- Privacy & Security
- Built-in support for VPN (Private Internet Access)
- Use the blockchain without exposing your IP
- Stop relying on untrusted third-party remote nodes
- Nothing is tracked by us or any service provider
- All updates cryptographically signed to prevent tampering
- Simplify Management
- Easily update blockchain daemon
- Easily update iCryptoNode software
- GUI shows stats and enables quick configuration changes
- Everything is automatically running on device boot
- Optimized for Raspberry Pi
- Minimal resource overhead
- Swap with minimal use to preserve SD Card lifespan
- All decisions made to squeeze performance from low-end devices
- Fault Tolerant
- Services are restarted automatically
Our web server is lighttpd as it is optimized for low resource environments. It is similar to apache.
The front-end is written in VueJS and delivered as a single-page app.
The backend is written in PHP, as it doesn't require a constantly running process (like NodeJS) so we save system resources.
We do not use a mysql, sqlite, etc. in order to minimize system resources. We use UCI standalone from the OpenWRT project which is key-value config system written in C. OpenWRT devs built it from scratch to be used on tiny wireless routers, so it's perfect for our use case.
Updates are in configuration files hosted by iCryptoNode and signed by our PGP key. Please read iCryptoNode Security for more information.
Installation is a combination of automated and manual steps. You must be able to SSH into your Raspberry Pi. Follow the steps below in order!
Using disk of at least 128 GB, flash Raspbian Stretch Lite. We want Lite because it doesn't waste system resources on running a full desktop GUI environment. We want those resources for our blockchain node.
Full instructions for how to download and install can be found here. Make sure you do the SSH step and add the ssh
file to the root directory! Otherwise, you won't be able to SSH in.
Once you have your local IP, SSH in (user: pi
, password: raspberry
) and do some updates.
sudo apt-get update
sudo apt-get upgrade
Update raspberry pi and install kernel drivers:
sudo rpi-update
Run raspi-config to enable Wifi. You need to do this once to set a Wifi country, and later it can be changed from within iCryptoNode software:
sudo raspi-config
You must now reboot, which will close the SSH tunnel, and you'll have to SSH back in:
sudo reboot
Open port 22 for SSH:
sudo ufw allow 22
Enable UFW firewall:
sudo ufw enable
Before doing anything else, we must install UCI.
Install necessary packages:
sudo apt-get install dh-autoreconf git lua5.1 liblua5.1-0-dev cmake
You can build from scratch using these instructions. Be aware you must build and install json-c
and libubox
per instructions as UCI requires them.
It is best to build statically to ensure no errors finding shared libs. When you clone UCI, edit CMakeLists.txt
and change:
OPTION(BUILD_STATIC "statically linking uci" OFF)
To:
OPTION(BUILD_STATIC "statically linking uci" ON)
Then cmake .
, make
, sudo make install
.
If you are trying to use a cryptocurrency with a large blockchain, (Bitcoin) and need an external hard drive, you must set it up at /mnt/[coin name]
such as /mnt/bitcoin
. You can follow instructions here.
In your home folder on the raspberry pi:
git clone [email protected]:seibelj/iCryptoNode.git
This automatically configures as many things as possible. Unfortunately some things can't (easily) be automated, which is why there are more manual steps after this.
cd iCryptoNode/setup
sudo ./icn_configure [bitcoin|monero]
Let it run.
We use GPG for our PGP encryption implementation. It must be enabled in php.ini
.
Edit php.ini
:
sudo nano /etc/php/7.3/cgi/php.ini
Navigate to the Dynamic Extensions
section and add this line:
extension=gnupg.so
Do the same for the PHP command-line interface if you'd like:
sudo nano /etc/php/7.3/cli/php.ini
Make sure there are no semi-colons (;
) before it! That comments out the line.
We enable executing specific commands as sudo
user for www-data
(web server) to allow system management from the GUI.
The security model of iCryptoNode assumes that it only runs on a network safe from attack, meaning your primary security is keeping the router safe from physical attack and using a strong Wifi password.
However, we still try to make iCryptoNode as secure as possible, in case the first layer of security fails.
Therefore, we restrict the commands accessible to www-data
running sudo
to only what is needed. We also do argument sanitization (escapeshellarg()
) to stop injection of shell commands.
Start visudo:
sudo visudo
Add to the bottom:
Cmnd_Alias WWW_COMMANDS = /usr/local/bin/uci, /var/www/html/icryptonode/system_commands/*, /var/www/html/icryptonode/vpn/commands/*, /var/www/html/icryptonode/node_commands/*
www-data ALL = (ALL) NOPASSWD: WWW_COMMANDS
This restricts sudo
access for user www-data
to specific commands.
The current top-of-the-line Raspberry Pi has only 1 GB of ram. We add swap in order to allow ram to be extended by disk in cases where memory is exhausted. However, given that random write to SD cards can wear them out, we want to make the system prefer ram to disk whenever possible.
Remove old swap and make new, bigger swap (2GB). Some of these commands take a while to run, just be patient.
sudo /etc/init.d/dphys-swapfile stop
sudo rm /var/swap
sudo dd if=/dev/zero of=/var/swap count=2K bs=1M
sudo mkswap /var/swap
sudo chmod 600 /var/swap
sudo swapon /var/swap
Set swappiness value to 0 to make system use swap only when absolutely necessary:
sudo sysctl vm.swappiness=0
Make it permanent. Edit:
sudo nano /etc/sysctl.conf
Add to bottom:
vm.swappiness = 0
Save the file.
You also need to do this. Edit:
sudo nano /etc/dphys-swapfile
Replace existing CONF_SWAPSIZE
with:
CONF_SWAPSIZE=2048
Save the file.
Restart system service:
sudo /etc/init.d/dphys-swapfile stop
sudo /etc/init.d/dphys-swapfile start
Whether you use VPN or not, it is recommended to set your DNS servers to Private Internet Access' DNS servers to prevent DNS leaks and enhance privacy.
Edit network interfaces:
sudo nano /etc/network/interfaces
Add to the bottom of the file:
dns-nameservers 209.222.18.222 209.222.18.218
Edit dhcpcd conf:
sudo nano /etc/dhcpcd.conf
Add to the bottom of the file:
static domain_name_servers=209.222.18.222 209.222.18.218
Reboot machine and SSH back in:
sudo reboot
Sometimes you need to do a hard shutoff with a powercycle, if the reboot fails.
After reboot, you can verify PIA DNS servers are used (it should look similar to this):
$ nslookup google.com
Server: 209.222.18.222
Address: 209.222.18.222#53
Non-authoritative answer:
Name: google.com
Address: 172.217.12.174
Disabling IPv6 ensures all traffic goes over IPv4 and is protected by the VPN.
Edit sysctl conf file:
sudo nano /etc/sysctl.d/99-sysctl.conf
Add these 3 lines to the bottom:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
Save the file.
Now enable it:
sudo sysctl -p
This will be preserved across reboots.
Verify IPv6 is disabled:
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
Output should be 1
You should now be able to access iCryptoNode. Instructions on use are hosted here at iCryptoNode.com.
When you build your own iCryptoNode rather than pre-purchase one, you need to install the blockchain software and sync it.
Go to the Updates tab and download and install the latest version of the blockchain software. Once installed, go to the Node tab and enable the daemon. Syncing will take about a week unless you pre-install the blockchain.
Congratulations! You have successfully built your own iCryptoNode.
If you find a bug, please file a ticket on this Github project. You can also post on the iCryptoNode subreddit.
GPLv3. Essentially if you modify this code, you must release your modifications open source with the same GPLv3 license.