1. Hosting a Monero Node Hidden Server (Qubes-Whonix)
    1. Objective
    2. Setup
      1. Create the hidden services on sys-whonix
      2. Open the firewall on monerod qube
    3. Conclusion

Hosting a Monero Node Hidden Server (Qubes-Whonix)

Bu sayfanin TURKCE cevirisi var!

Objective

In this guide I will show you how to host a Monero node server on Tor network. This guide will build up on the previous guide, so make sure you have set this up first: Monero Node (Qubes-Whonix)

At the end of you following this guide, you will have:

  • a monero node onion hidden server that you can connect your monero wallets to, over tor network

For more information about hosting your own onion hidden services inside Qubes-Whonix refer to the following guide: https://www.whonix.org/wiki/Onion_Services#Hidden_Webserver

In this guide QubesOS 4.2 (which runs Whonix 17) is used for demonstration.

Note: throughout the guide I use the terms "hidden server" and "hidden service" interchangeably. I also sometimes use "monerod qube" as a shorthand for "anon-monerod-who17 qube".

Setup

Create the hidden services on sys-whonix

Open your monerod qube terminal, and type:

$ qubesdb-read /qubes-ip

and replace the ${INTERNAL-IP-OF-MONEROD-QUBE} in the following code snippet, with the output of the above command.

In QubesOS click on the Qubes App Launcher (blue/grey "Q") -> Service Tab -> sys-whonix -> Tor user config. You will see a new window with a text file open in front of you. Append the following lines to this file:

HiddenServiceDir /var/lib/tor/hidden_service_monerod_anon_monerod_who17/
HiddenServicePort 18083 ${INTERNAL-IP-OF-MONEROD-QUBE}:18083
HiddenServicePort 18089 ${INTERNAL-IP-OF-MONEROD-QUBE}:18089

Make sure to replace the ${INTERNAL-IP-OF-MONEROD-QUBE} above. After that, press Ctrl+s to save your changes. And press Ctrl+q to exit the text editor.

Naming convention:

  1. hidden_service: identifying that this will be a hidden service in Tor network.
  2. monerod: identifying that this hidden service will be running monerod.
  3. anon_monerod_who17: identifying that this hidden service will forward the incoming connections to the qube named anon-monerod-who17 (see the previous guide on this)

Reload the tor daemon of sys-whonix. Qubes App Launcher (blue/grey "Q") -> Service Tab -> sys-whonix -> Reload Tor.

Now, get the onion address for your hidden service. Open sys-whonix terminal and type:

$ sudo cat /var/lib/tor/hidden_service_monerod_anon_monerod_who17/hostname

The terminal will output your ${ONION-ADDRESS}

Then, insert the onion address to the monerod.conf file in the monerod qube. On your monerod qube open the file /home/user/.config/monerod/monerod.conf and add the following line to the bottom:

anonymous-inbound=${ONION-ADDRESS}:18083,127.0.0.1:18083,16

Make sure to replace ${ONION-ADDRESS} with your actual hidden server onion address.

After changing the monerod.conf file, you should restart the monerod:

$ systemctl --user restart monerod.service
$ systemctl --user status monerod.service

In the terminal output you should see the green Active (running) status message.

Open the firewall on monerod qube

In order for the monerod qube to catch the incoming connection requests from your wallet, you need to open the specific port on its firewall. In this guide, we are using the port 18083 for peer-to-peer node connections between onion hidden servers of monero nodes. Next, we are using the port 18089 for our wallet connections to find their way into our own monero node hidden server. Therefore, we open these two ports in the monerod qube's firewall.

Open a terminal in your anon-monerod-who17 qube. Enter the following commands:

$ sudo mkdir -p /usr/local/etc/whonix_firewall.d
$ sudoedit /usr/local/etc/whonix_firewall.d/50_user.conf

In the opened file, enter the following two lines:

EXTERNAL_OPEN_PORTS+=" 18083 "
EXTERNAL_OPEN_PORTS+=" 18089 "

Save the file and exit the editor. Now reload the monerod qube's firewall. Open a terminal in your anon-monerod-who17 qube. Enter the following command:

$ sudo whonix_firewall

A new window will pop up and will let you know that everything went well, and that you can close the window. You have completed opening the ports in the firewall.

Conclusion

In this guide I showed you how to run a monero node hidden server in Qubes-Whonix. For this, we first edited the Tor User Config in sys-whonix. Then we reloaded the tor daemon inside sys-whonix and created our hidden server's onion address. We inserted that onion address into the monerod.conf file in anon-monerod-who17 qube. Lastly, we opened the two ports 18083 and 18089 in the anon-monerod-who17 qube and completed the setup process.

From now on, you should be able to connect your monero wallets to your own monero node's hidden server. Since the connections over the tor network are always anonymous and end-to-end encrypted, you can be sure that nobody is watching you syncing your monero wallets.

A quick note: since this setup is inside a Qubes-Whonix, which is presumably in a laptop hardware, of course you will only be able to connect your monero wallets to this node only during the intervals your laptop (and specifically the anon-monerod-who17 qube) is up and running.

Yet another quick note: if the abovementioned steps do not result in a tor onion node you can connect your monero wallets to, simply restart the whole QubesOS. Also waiting 15 minutes can be helpful; tor network also needs some time to recognize the new hidden servers that joins its network.

If you find this guide useful you can send some Monero (XMR) to this address:

8ByBcxywCn6VqYG2Wtwz24SS2QYZPexuYKYz7fdyu2Wh1n9JnXn98st1KH8Q8scpbyeL4oCUrWHMaZ7C1T86pc9CEouu7C4
Donate XMR!
Donate XMR!