⚠️ Why You Need Your Own Node
Using someone else's Monero node means:
- They see your IP address (links transactions to you)
- They know your transaction times and amounts
- They could lie about your balance
- They could refuse your transactions
- They might log everything for chain analysis companies
Running your own node: Zero trust required.
Hardware Requirements
Full Node (Best Privacy)
- Storage: 150GB+ (growing ~30GB/year)
- RAM: 4GB minimum, 8GB recommended
- CPU: Any modern processor
- Internet: Unlimited bandwidth ideal
- Sync time: 1-3 days initial
Pruned Node (Good Compromise)
- Storage: ~50GB (1/3 of full)
- RAM: 4GB works fine
- Limitations: Can't share full blocks
- Privacy: Same as full node
- Perfect for: Personal use
Remote Node (Emergency Only)
- Storage: None
- Privacy: Severely compromised
- Trust: Complete trust in operator
- Use case: Temporary/emergency only
Installing Monero Node
Download and Verify
Download Official Binaries
# Download from official site
wget https://downloads.getmonero.org/cli/linux64
# Download signatures
wget https://www.getmonero.org/downloads/hashes.txt
wget https://www.getmonero.org/downloads/hashes.txt.sig Verify GPG Signature (CRITICAL)
# Import Fluffypony's GPG key
gpg --keyserver keyserver.ubuntu.com --recv-keys BDA6BD7042B721C467A9759D7455C5E3C0CDCEB9
# Import binaryfate's key
gpg --keyserver keyserver.ubuntu.com --recv-keys 81AC591FE9C4B65C5806AFC3F0AF4D462A0BDF92
# Verify signature
gpg --verify hashes.txt.sig hashes.txt
# Check SHA256
sha256sum -c hashes.txt 2>/dev/null | grep linux64 If verification fails, DO NOT PROCEED. You have a compromised download.
Basic Setup
Extract and Configure
# Extract
tar -xvf monero-linux-x64-*.tar.bz2
cd monero-x86_64-linux-gnu-*/
# Create data directory
mkdir ~/.bitmonero
# Create config file
nano ~/.bitmonero/bitmonero.conf Essential Configuration
# ~/.bitmonero/bitmonero.conf
# Performance
db-sync-mode=safe
max-concurrency=4
prep-blocks-threads=4
# Network
out-peers=64
in-peers=32
limit-rate-up=1024
limit-rate-down=1024
# Privacy
restricted-rpc=1
confirm-external-bind=1
# Pruning (optional, saves space)
prune-blockchain=1
# Logging
log-level=0
max-log-file-size=104857600 Initial Sync
Start the Daemon
# Basic start
./monerod
# With custom data directory
./monerod --data-dir /path/to/blockchain
# With pruning (saves 100GB+)
./monerod --prune-blockchain
# Fast sync (less secure, faster)
./monerod --sync-pruned-blocks ⏱️ Sync Times
- SSD: 12-24 hours
- HDD: 2-4 days
- Fast sync: 6-12 hours
- Pruned: Similar time, less space
Don't interrupt initial sync. Let it complete.
Tor Integration (Maximum Privacy)
Configure Tor
Install Tor
# Debian/Ubuntu
sudo apt install tor
# Start Tor
sudo systemctl start tor
sudo systemctl enable tor Configure Tor for Monero
# Edit Tor config
sudo nano /etc/tor/torrc
# Add these lines:
HiddenServiceDir /var/lib/tor/monero-service/
HiddenServicePort 18081 127.0.0.1:18081
HiddenServicePort 18089 127.0.0.1:18089
# Restart Tor
sudo systemctl restart tor
# Get your onion address
sudo cat /var/lib/tor/monero-service/hostname Configure Monerod for Tor
# ~/.bitmonero/bitmonero.conf
# Tor settings
proxy=127.0.0.1:9050
proxy-allow-dns-leaks=0
no-igd=1
# Anonymous inbound connections
anonymous-inbound=YOUR_ONION_ADDRESS.onion:18081,127.0.0.1:18081,64
# Peer connections via Tor
tx-proxy=tor,127.0.0.1:9050,10 Start with Tor
# Route all traffic through Tor
./monerod --proxy=127.0.0.1:9050 --disable-dns-checkpointing
# Allow clearnet and Tor (more peers)
./monerod --proxy=127.0.0.1:9050 --pad-transactions Secure Remote Access
🚨 Security Warning
Exposing RPC = exposing your privacy. Only do this over Tor or VPN. Never expose to public internet.
RPC Configuration
Enable RPC Access
# ~/.bitmonero/bitmonero.conf
# RPC settings
rpc-bind-ip=0.0.0.0
rpc-bind-port=18081
restricted-rpc=1
confirm-external-bind=1
# Authentication (REQUIRED)
rpc-login=username:password
# SSL (HIGHLY RECOMMENDED)
rpc-ssl=enabled
rpc-ssl-private-key=/path/to/key.pem
rpc-ssl-certificate=/path/to/cert.pem Generate SSL Certificates
# Self-signed cert (better than nothing)
openssl req -new -x509 -days 365 -nodes \
-keyout monero-key.pem \
-out monero-cert.pem \
-subj "/C=XX/ST=XX/L=XX/O=XX/CN=monero" Connect Your Wallet
# GUI Wallet: Settings > Node
Remote node address: YOUR_IP:18081
Username: your_username
Password: your_password
# CLI Wallet
./monero-wallet-cli --daemon-address YOUR_IP:18081 \
--daemon-login username:password \
--trusted-daemon Performance Optimization
Database Optimization
# Optimize LMDB database (monthly)
./monerod --db-salvage
# Faster sync settings
./monerod --db-sync-mode=fast:async:250000000bytes
# SSD optimization
./monerod --db-sync-mode=fastest:async:250000000bytes
# After sync completes, switch to safe
./monerod --db-sync-mode=safe System Optimization
# Increase file limits
ulimit -n 8192
# Add to /etc/security/limits.conf
* soft nofile 8192
* hard nofile 8192
# Swappiness for servers
echo "vm.swappiness=10" >> /etc/sysctl.conf Bandwidth Management
# Limit bandwidth (KB/s)
--limit-rate-up 512 # 512 KB/s upload
--limit-rate-down 2048 # 2 MB/s download
# Limit connections
--out-peers 8 # Reduce if bandwidth limited
--in-peers 8 # Reduce for privacy
# Disable mining (saves CPU)
--start-mining never Docker Deployment (Easy Mode)
Quick Docker Setup
# Pull official image
docker pull sethsimmons/simple-monerod:latest
# Run full node
docker run -d \
--name monerod \
-p 18080:18080 \
-p 18081:18081 \
-v monero-data:/home/monero \
sethsimmons/simple-monerod:latest
# Run pruned node
docker run -d \
--name monerod-pruned \
-p 18080:18080 \
-p 18081:18081 \
-v monero-data:/home/monero \
sethsimmons/simple-monerod:latest \
--prune-blockchain
# With Tor
docker run -d \
--name monerod-tor \
-p 18080:18080 \
-v monero-data:/home/monero \
--network container:tor \
sethsimmons/simple-monerod:latest \
--proxy 127.0.0.1:9050 Docker Compose
# docker-compose.yml
version: '3'
services:
monerod:
image: sethsimmons/simple-monerod:latest
container_name: monerod
ports:
- "18080:18080"
- "18081:18081"
volumes:
- ./monero-data:/home/monero
command: --prune-blockchain --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089
restart: unless-stopped Monitoring Your Node
Health Checks
Essential Commands
# Check sync status
./monerod status
# View connections
./monerod print_cn
# Check blockchain info
./monerod print_bc
# View peer list
./monerod print_pl
# Check bandwidth usage
./monerod print_net_stats Monitoring Script
#!/bin/bash
# monero-monitor.sh
while true; do
clear
echo "=== Monero Node Status ==="
./monerod status
echo ""
echo "=== Network Stats ==="
./monerod print_net_stats
echo ""
echo "=== Peer Count ==="
./monerod print_pl_stats
sleep 30
done Log Analysis
# Watch logs real-time
tail -f ~/.bitmonero/bitmonero.log
# Check for errors
grep ERROR ~/.bitmonero/bitmonero.log
# Monitor sync progress
grep "Synced" ~/.bitmonero/bitmonero.log | tail
# Connection issues
grep "Failed to connect" ~/.bitmonero/bitmonero.log Security Hardening
Firewall Rules
# UFW (Ubuntu)
sudo ufw allow 18080/tcp # P2P port
sudo ufw allow 18081/tcp # RPC port (only if needed)
sudo ufw enable
# iptables
sudo iptables -A INPUT -p tcp --dport 18080 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 18081 -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 18081 -j DROP Systemd Service
# /etc/systemd/system/monerod.service
[Unit]
Description=Monero Daemon
After=network.target
[Service]
Type=simple
User=monero
Group=monero
WorkingDirectory=/home/monero
ExecStart=/home/monero/monerod --config-file=/home/monero/.bitmonero/bitmonero.conf --non-interactive
Restart=always
RestartSec=30
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target # Enable service
sudo systemctl daemon-reload
sudo systemctl enable monerod
sudo systemctl start monerod
sudo systemctl status monerod Common Problems and Solutions
Sync Stuck
# Delete p2pstate.bin
rm ~/.bitmonero/p2pstate.bin
# Clear peer list
./monerod --ban-list
# Restart with bootstrap
./monerod --bootstrap-daemon-address=node.xmr.to:18081 High Memory Usage
# Reduce cache size
--db-sync-mode=safe:sync
# Limit connections
--out-peers=8 --in-peers=8
# Enable swap
sudo fallocate -l 8G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile Corrupted Database
# Try salvage first
./monerod --db-salvage
# If fails, resync
rm -rf ~/.bitmonero/lmdb
./monerod # Start fresh sync Can't Connect Wallet
# Check firewall
sudo ufw status
# Verify RPC binding
netstat -tlnp | grep 18081
# Test locally first
./monero-wallet-cli --daemon-address 127.0.0.1:18081 Operational Security
🔐 Critical OpSec Rules
- Never expose RPC to internet - Use Tor/VPN only
- Always verify downloads - GPG signatures mandatory
- Separate wallet and node machines - Don't run both on same system
- Regular backups - Blockchain is replaceable, keys aren't
- Monitor logs - Watch for unusual connections
- Update regularly - Security fixes are critical
- Use dedicated hardware - Don't mix with other services
Privacy Maximization
- Run node 24/7 (hides when you transact)
- Use Tor for all connections
- Don't share node with others (unless trust completely)
- Randomize transaction broadcast times
- Use --restricted-rpc always
- Consider running decoy nodes
You're Now Sovereign
Running your own Monero node means:
- No one sees your transactions
- No one can censor you
- No one can lie about your balance
- You verify everything yourself
- You contribute to network decentralization
Yes, it takes effort. Yes, it uses resources. But financial privacy isn't free. The alternative is trusting strangers with your financial data.
Next Steps
- Start syncing today (takes days)
- Configure Tor integration
- Set up monitoring
- Connect your wallets
- Never use remote nodes again
Your node. Your rules. Your privacy.
📚 Additional Resources
- Mining Monero Anonymously
- BTC↔XMR Atomic Swaps
- Monero vs Zcash: Technical Comparison
- Basic Monero Wallet Setup