Running full Bitcoin node over Tor on Ubuntu

Running full Bitcoin node over Tor on Ubuntu 1

00. Why run Bitcoin node? Why Tor?

Why Bitcoin full node?

A full node allows you to participate in the verification of all the transactions and blocks in the Bitcoin network and blockchain. Almost all of the full nodes participate in this validation process and relay the transactions and blocks to other nodes they “know” (are connected to).

Running a full node helps Bitcoin’s peer-to-peer network grow and be more decentralized, so clients won’t have to rely on centralized services for querying the network or transmitting transactions.

Many people and organizations volunteer to run full nodes using spare computing and bandwidth resources—but more volunteers are needed to allow Bitcoin to continue to grow. This document describes how you can help and what helping will cost you.

Following few steps you will be able to setup a bitcoin full node running on the Tor network (privacy matters).

Why run on Tor?

Bitcoin is said to be many things, amongst them anonymity is one of the features to stand out. It is not entirely true the transactions in the network are anonymous, rather pseudonymous, and while it is true that a transaction does not identify a user or wallet, there is a potential for privacy to be partially undermined, by methods that could identify the IP address of a transaction originator.

So if you care about your digital privacy – keep reading. 🥷

Tor is free and open-source software for enabling anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays[6] in order to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace the Internet activity to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”.[7] Tor’s intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities unmonitored.

01. Setup SSH

If you are using a VPS or other cloud machine which you can access via SSH, or your machine already has SSH enabled you can skip this step.

Both Ubuntu 20.04 LTS Desktop and Server come without SSH service enabled by default, which we need to be able to access remotely our machine, but you can easily enable it by just one command. 

sudo apt-get install openssh-server

This command will install OpenSSH, which provides free SSH connectivity tools and supports all SSH protocol versions. OpenSSH encrypts all the traffic to eliminate possible eavesdropping, connection hijacking, and other attacks.

Note: The default port for SSH is 22, but you can configure it to run on a port of your choice by editing the config file at /etc/ssh/sshd_config, and apply the changes by restarting the service sudo /etc/init.d/ssh restart.

If you have UFW firewall running on your machine, you will need to allow incoming SSH connections. Type the following command:

sudo ufw allow ssh

After running it you should see the output below.

Rules updated
Rules updated (v6)

Note: If you changed the default SSH port (22) to a custom port, you will need to open that port instead.

For example, if your ssh daemon listens on port 4242, then you can use the following command to allow connections on that port:

sudo ufw allow 4242/tcp

Once we are setup with the SSH configuration we can proceed to the real deal.

02. Install packages

We need to install some packages needed for compilation of bitcoin’s source code.

sudo apt-get update
sudo apt-get upgrade
sudo add-apt-repository universe

It’s possible this is already added, so you might see something like 'universe' distribution component is already enabled for all sources. If so – just ignore it and proceed further.

sudo apt-get install build-essential autoconf libtool pkg-config libboost-all-dev libssl-dev libevent-dev doxygen libzmqpp-dev libdb++-dev

03. Install BerkelyDB

Bitcoin Core is still using BerkleyDB 4.8.30 because of backward compatibility. Using a newer versions makes the wallet incompatible with older versions, making downgrade impossible (or at least difficult).

We can do this manually by downloading it via `wget`.


Then verifying the hash of the file:

echo '12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef db-4.8.30.NC.tar.gz' | sha256sum -c

Extracting the archive:

tar -xvf db-4.8.30.NC.tar.gz

Configure and build the BerkleyDB for unix

cd db-4.8.30.NC/build_unix
mkdir -p buildBDB_PREFIX=$(pwd)/build../dist/configure --disable-shared --enable-cxx --with-pic --prefix=$BDB_PREFIX
make install

The above may fail with an error similar to this one.

In file included from ../dist/../dbinc/mutex_int.h:12, from ../dist/../dbinc/mutex.h:15, from ./db_int.h:884, from ../dist/../cxx/cxx_db.cpp:11: ../dist/../dbinc/atomic.h:179:19: error: definition of ‘int __atomic_compare_exchange(db_atomic_t*, atomic_value_t, atomic_value_t)’ ambiguates built-in declaration ‘bool __atomic_compare_exchange(long unsigned int, volatile void*, void*, void*, int, int)’ 179 | static inline int __atomic_compare_exchange(

If so you will need to apply some patches for C++11 which are required for the build. The developers at bitcoin have provided a nice shell script which does the downloading, verification and installation of those automatically here

So you can fetch and run it like so:

chmod +x
./ .

After few minutes you should see a message including db4 build complete.

You should also see some more info about flags which you should use for compiling bitcoind (don’t worry if you did not copy those – you will find them below).

04. Compile Bitcoin

In order to compile bitcoin, we first need to clone the source code repository from Github.

git clone

We want to checkout a version tag so we don’t run into problems, building from the master branch, as there the developers are constantly pushing new code.

cd bitcoin
git checkout v0.21.0
git status

After checking out the release tag and running the status check you should see this message:

HEAD detached at v0.21.0
nothing to commit, working tree clean

Now it’s time for us to build the code.

./configure BDB_LIBS="-L${BDB_PREFIX}/lib -ldb_cxx-4.8" BDB_CFLAGS="-I${BDB_PREFIX}/include"
make check
sudo make install

We now have successfully compiled bitcoin! 🚀🔥🎉

05. Configure Bitcoin to use Tor

Before staring syncing the blockchain history we need to configure some settings for our bitcoin node.

cd ~
mkdir .bitcoin
touch .bitcoin/bitcoin.conf
echo "txindex=1" >> .bitcoin/bitcoin.conf

Setting up txindex=1 will make Bitcoin rescan the whole blockchain and rebuild the whole database. This can take several days depending on your hardware and internet connection.

If Tor is properly setup in our system bitcoind will be able to communicate to other nodes over Tor network, otherwise it will default for communication over TCP. As we care about our privacy we want to explicitly forbid communication over TCP and allow it to only use Tor.

echo "onlynet=onion" >> .bitcoin/bitcoin.conf

Setup a maximum number of inbound + outbound connections the node can use, so it does not drain your bandwidth.

echo "maxconnections=20" >> .bitcoin/bitcoin.conf

As already mentioned the initial bitcoin blockchain download takes few days to weeks and using Tor will make this time longer as the Tor network is a bottleneck. One reason for that is due to low-bandwidth volunteer-operated Tor routers, but with wider adoption and volunteers running nodes this will change.

Installing Tor on Ubuntu is pretty straightforward and easy:

sudo apt install tor

After the installation is complete we need to check the configuration and ensure we have all of these configurations in /usr/share/tor/tor-service-defaults-torrc

ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1

To view the file we can use less:

less /usr/share/tor/tor-service-defaults-torrc

In case any of those configuration settings is missing, use `echo` to add it to the file:

sudo sh -c "echo 'ControlPort 9051' >> /usr/share/tor/tor-service-defaults-torrc"
If you did edit the file, make sure to restart the Tor service:
sudo /etc/init.d/tor restart

Next step is to allow bitcoind to access to Tor, by adding it to that user group. Replace username with the Ubuntu account username you are operating under.

sudo usermod -a -G debian-tor username

Finally we can launch Bitcoin over Tor: 🙌🥳

bitcoind -daemon

We can follow the logs and monitor progress of the node syncing using tail:

tail -f ~/.bitcoin/debug.log

Fetching getnetworkinfo should result in IPv4 and IPv6 flags set to false and Tor to `true`. This will ensure us that we are operating our node privately.

bitcoin-cli getnetworkinfo

Furthermore, after the sync, we can use bitcoin-cli for querying information for the network status, connections and transaction and blocks information. Get peer info:

bitcoin-cli getpeerinfo | grep true

Inspect a raw transaction:

bitcoin-cli getrawtransaction 0e3e2357e806b6cdb1f70b54c3a3a17b6714ee1f0e68bebb44a74b1efd512098

And inspect the raw output:


References and resources

Also published on Medium.

About the author

Founder & CEO

Milen Radkov has experience building and delivering successful complex software systems and projects for both big enterprises and small startups. Being actively developing across different blockchain protocols, platforms and projects for the past 5 years, he has gained extensive experience in blockchain development, architectures, consensus algorithms and token economics. Milen is a well-known figure in the blockchain space.


Let's build the decentralized future together!

Subscribe for updates from the blog

Leave a Reply

Your email address will not be published.