⚠️ Why You Need Your Own Node

Using someone else's Monero node means:

  • They see your IP address (links transactions to you)
  • They know your transaction times and amounts
  • They could lie about your balance
  • They could refuse your transactions
  • They might log everything for chain analysis companies

Running your own node: Zero trust required.

Hardware Requirements

Full Node (Best Privacy)

  • Storage: 150GB+ (growing ~30GB/year)
  • RAM: 4GB minimum, 8GB recommended
  • CPU: Any modern processor
  • Internet: Unlimited bandwidth ideal
  • Sync time: 1-3 days initial

Pruned Node (Good Compromise)

  • Storage: ~50GB (1/3 of full)
  • RAM: 4GB works fine
  • Limitations: Can't share full blocks
  • Privacy: Same as full node
  • Perfect for: Personal use

Remote Node (Emergency Only)

  • Storage: None
  • Privacy: Severely compromised
  • Trust: Complete trust in operator
  • Use case: Temporary/emergency only

Installing Monero Node

1

Download and Verify

Download Official Binaries

# Download from official site
wget https://downloads.getmonero.org/cli/linux64

# Download signatures
wget https://www.getmonero.org/downloads/hashes.txt
wget https://www.getmonero.org/downloads/hashes.txt.sig

Verify GPG Signature (CRITICAL)

# Import Fluffypony's GPG key
gpg --keyserver keyserver.ubuntu.com --recv-keys BDA6BD7042B721C467A9759D7455C5E3C0CDCEB9

# Import binaryfate's key
gpg --keyserver keyserver.ubuntu.com --recv-keys 81AC591FE9C4B65C5806AFC3F0AF4D462A0BDF92

# Verify signature
gpg --verify hashes.txt.sig hashes.txt

# Check SHA256
sha256sum -c hashes.txt 2>/dev/null | grep linux64

If verification fails, DO NOT PROCEED. You have a compromised download.

2

Basic Setup

Extract and Configure

# Extract
tar -xvf monero-linux-x64-*.tar.bz2
cd monero-x86_64-linux-gnu-*/

# Create data directory
mkdir ~/.bitmonero

# Create config file
nano ~/.bitmonero/bitmonero.conf

Essential Configuration

# ~/.bitmonero/bitmonero.conf

# Performance
db-sync-mode=safe
max-concurrency=4
prep-blocks-threads=4

# Network
out-peers=64
in-peers=32
limit-rate-up=1024
limit-rate-down=1024

# Privacy
restricted-rpc=1
confirm-external-bind=1

# Pruning (optional, saves space)
prune-blockchain=1

# Logging
log-level=0
max-log-file-size=104857600
3

Initial Sync

Start the Daemon

# Basic start
./monerod

# With custom data directory
./monerod --data-dir /path/to/blockchain

# With pruning (saves 100GB+)
./monerod --prune-blockchain

# Fast sync (less secure, faster)
./monerod --sync-pruned-blocks

⏱️ Sync Times

  • SSD: 12-24 hours
  • HDD: 2-4 days
  • Fast sync: 6-12 hours
  • Pruned: Similar time, less space

Don't interrupt initial sync. Let it complete.

Tor Integration (Maximum Privacy)

1

Configure Tor

Install Tor

# Debian/Ubuntu
sudo apt install tor

# Start Tor
sudo systemctl start tor
sudo systemctl enable tor

Configure Tor for Monero

# Edit Tor config
sudo nano /etc/tor/torrc

# Add these lines:
HiddenServiceDir /var/lib/tor/monero-service/
HiddenServicePort 18081 127.0.0.1:18081
HiddenServicePort 18089 127.0.0.1:18089

# Restart Tor
sudo systemctl restart tor

# Get your onion address
sudo cat /var/lib/tor/monero-service/hostname
2

Configure Monerod for Tor

# ~/.bitmonero/bitmonero.conf

# Tor settings
proxy=127.0.0.1:9050
proxy-allow-dns-leaks=0
no-igd=1

# Anonymous inbound connections
anonymous-inbound=YOUR_ONION_ADDRESS.onion:18081,127.0.0.1:18081,64

# Peer connections via Tor
tx-proxy=tor,127.0.0.1:9050,10

Start with Tor

# Route all traffic through Tor
./monerod --proxy=127.0.0.1:9050 --disable-dns-checkpointing

# Allow clearnet and Tor (more peers)
./monerod --proxy=127.0.0.1:9050 --pad-transactions

Secure Remote Access

🚨 Security Warning

Exposing RPC = exposing your privacy. Only do this over Tor or VPN. Never expose to public internet.

RPC Configuration

Enable RPC Access

# ~/.bitmonero/bitmonero.conf

# RPC settings
rpc-bind-ip=0.0.0.0
rpc-bind-port=18081
restricted-rpc=1
confirm-external-bind=1

# Authentication (REQUIRED)
rpc-login=username:password

# SSL (HIGHLY RECOMMENDED)
rpc-ssl=enabled
rpc-ssl-private-key=/path/to/key.pem
rpc-ssl-certificate=/path/to/cert.pem

Generate SSL Certificates

# Self-signed cert (better than nothing)
openssl req -new -x509 -days 365 -nodes \
  -keyout monero-key.pem \
  -out monero-cert.pem \
  -subj "/C=XX/ST=XX/L=XX/O=XX/CN=monero"

Connect Your Wallet

# GUI Wallet: Settings > Node
Remote node address: YOUR_IP:18081
Username: your_username
Password: your_password

# CLI Wallet
./monero-wallet-cli --daemon-address YOUR_IP:18081 \
  --daemon-login username:password \
  --trusted-daemon

Performance Optimization

Database Optimization

# Optimize LMDB database (monthly)
./monerod --db-salvage

# Faster sync settings
./monerod --db-sync-mode=fast:async:250000000bytes

# SSD optimization
./monerod --db-sync-mode=fastest:async:250000000bytes

# After sync completes, switch to safe
./monerod --db-sync-mode=safe

System Optimization

# Increase file limits
ulimit -n 8192

# Add to /etc/security/limits.conf
* soft nofile 8192
* hard nofile 8192

# Swappiness for servers
echo "vm.swappiness=10" >> /etc/sysctl.conf

Bandwidth Management

# Limit bandwidth (KB/s)
--limit-rate-up 512      # 512 KB/s upload
--limit-rate-down 2048   # 2 MB/s download

# Limit connections
--out-peers 8    # Reduce if bandwidth limited
--in-peers 8     # Reduce for privacy

# Disable mining (saves CPU)
--start-mining never

Docker Deployment (Easy Mode)

Quick Docker Setup

# Pull official image
docker pull sethsimmons/simple-monerod:latest

# Run full node
docker run -d \
  --name monerod \
  -p 18080:18080 \
  -p 18081:18081 \
  -v monero-data:/home/monero \
  sethsimmons/simple-monerod:latest

# Run pruned node
docker run -d \
  --name monerod-pruned \
  -p 18080:18080 \
  -p 18081:18081 \
  -v monero-data:/home/monero \
  sethsimmons/simple-monerod:latest \
  --prune-blockchain

# With Tor
docker run -d \
  --name monerod-tor \
  -p 18080:18080 \
  -v monero-data:/home/monero \
  --network container:tor \
  sethsimmons/simple-monerod:latest \
  --proxy 127.0.0.1:9050

Docker Compose

# docker-compose.yml
version: '3'
services:
  monerod:
    image: sethsimmons/simple-monerod:latest
    container_name: monerod
    ports:
      - "18080:18080"
      - "18081:18081"
    volumes:
      - ./monero-data:/home/monero
    command: --prune-blockchain --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089
    restart: unless-stopped

Monitoring Your Node

Health Checks

Essential Commands

# Check sync status
./monerod status

# View connections
./monerod print_cn

# Check blockchain info
./monerod print_bc

# View peer list
./monerod print_pl

# Check bandwidth usage
./monerod print_net_stats

Monitoring Script

#!/bin/bash
# monero-monitor.sh

while true; do
  clear
  echo "=== Monero Node Status ==="
  ./monerod status
  echo ""
  echo "=== Network Stats ==="
  ./monerod print_net_stats
  echo ""
  echo "=== Peer Count ==="
  ./monerod print_pl_stats
  sleep 30
done

Log Analysis

# Watch logs real-time
tail -f ~/.bitmonero/bitmonero.log

# Check for errors
grep ERROR ~/.bitmonero/bitmonero.log

# Monitor sync progress
grep "Synced" ~/.bitmonero/bitmonero.log | tail

# Connection issues
grep "Failed to connect" ~/.bitmonero/bitmonero.log

Security Hardening

Firewall Rules

# UFW (Ubuntu)
sudo ufw allow 18080/tcp  # P2P port
sudo ufw allow 18081/tcp  # RPC port (only if needed)
sudo ufw enable

# iptables
sudo iptables -A INPUT -p tcp --dport 18080 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 18081 -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 18081 -j DROP

Systemd Service

# /etc/systemd/system/monerod.service
[Unit]
Description=Monero Daemon
After=network.target

[Service]
Type=simple
User=monero
Group=monero
WorkingDirectory=/home/monero
ExecStart=/home/monero/monerod --config-file=/home/monero/.bitmonero/bitmonero.conf --non-interactive
Restart=always
RestartSec=30
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target
# Enable service
sudo systemctl daemon-reload
sudo systemctl enable monerod
sudo systemctl start monerod
sudo systemctl status monerod

Common Problems and Solutions

Sync Stuck

# Delete p2pstate.bin
rm ~/.bitmonero/p2pstate.bin

# Clear peer list
./monerod --ban-list

# Restart with bootstrap
./monerod --bootstrap-daemon-address=node.xmr.to:18081

High Memory Usage

# Reduce cache size
--db-sync-mode=safe:sync

# Limit connections
--out-peers=8 --in-peers=8

# Enable swap
sudo fallocate -l 8G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

Corrupted Database

# Try salvage first
./monerod --db-salvage

# If fails, resync
rm -rf ~/.bitmonero/lmdb
./monerod  # Start fresh sync

Can't Connect Wallet

# Check firewall
sudo ufw status

# Verify RPC binding
netstat -tlnp | grep 18081

# Test locally first
./monero-wallet-cli --daemon-address 127.0.0.1:18081

Operational Security

🔐 Critical OpSec Rules

  1. Never expose RPC to internet - Use Tor/VPN only
  2. Always verify downloads - GPG signatures mandatory
  3. Separate wallet and node machines - Don't run both on same system
  4. Regular backups - Blockchain is replaceable, keys aren't
  5. Monitor logs - Watch for unusual connections
  6. Update regularly - Security fixes are critical
  7. Use dedicated hardware - Don't mix with other services

Privacy Maximization

  • Run node 24/7 (hides when you transact)
  • Use Tor for all connections
  • Don't share node with others (unless trust completely)
  • Randomize transaction broadcast times
  • Use --restricted-rpc always
  • Consider running decoy nodes

You're Now Sovereign

Running your own Monero node means:

  • No one sees your transactions
  • No one can censor you
  • No one can lie about your balance
  • You verify everything yourself
  • You contribute to network decentralization

Yes, it takes effort. Yes, it uses resources. But financial privacy isn't free. The alternative is trusting strangers with your financial data.

Next Steps

  1. Start syncing today (takes days)
  2. Configure Tor integration
  3. Set up monitoring
  4. Connect your wallets
  5. Never use remote nodes again

Your node. Your rules. Your privacy.

📚 Additional Resources