Setup c-lightning on Digital Ocean

setup_clightning.md

E-Commerce c-lightning node on Digital Ocean

Prerequisites

• based on small Digital Ocean VPS (1CPU / 1GB RAM) with Ubuntu 16.04
• SSH keys are recommended, but not described here
• (sub) domain name necessary for SSL certificate

UFW & basic stuff

Login as "root"

$ apt update
$ apt upgrade
$ apt install ufw fail2ban

$ ufw app list
$ ufw default deny incoming
$ ufw default allow outgoing
$ ufw allow OpenSSH
$ ufw allow 9735 comment 'allow Lightning'
$ ufw allow 9000 comment 'allow Lightning Charge HTTP'
$ ufw allow 9001 comment 'allow Lightning Charge HTTPS'
$ ufw enable
$ systemctl enable ufw
$ ufw status

### create sudo user
$ adduser stadicus
$ adduser stadicus sudo

### create service user
$ adduser bitcoin
$ exit

sPRUNED

https://github.com/gdassori/spruned

### with sudo user
$ sudo apt install libleveldb-dev python3-dev git virtualenv gcc g++
$ sudo su - bitcoin

### with bitcoin user
$ git clone https://github.com/gdassori/spruned.git
$ cd spruned
$ virtualenv -p python3.5 venv
$ . venv/bin/activate
$ pip install -r requirements.txt
$ python setup.py install
$ exit

### systemd startup
$ sudo nano /etc/systemd/system/spruned.service

# sPRUNED: systemd unit
# /etc/systemd/system/spruned.service

[Unit]
Description=sPRUNED Bitcoin node
After=network.target

[Service]
ExecStart=/home/bitcoin/spruned/venv/bin/spruned --network bitcoin.mainnet --rpcuser xxx --rpcpassword xxx 
Type=simple
User=bitcoin
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

### start and enable the new service
$ sudo systemctl start spruned
$ sudo systemctl status spruned
$ sudo systemctl enable spruned
$ sudo tail -f /home/bitcoin/.spruned/spruned.log

bitcoin-cli

https://bitcoin.org/en/download

### with sudo user
$ mkdir download && cd download
$ wget https://bitcoin.org/bin/bitcoin-core-0.16.1/bitcoin-0.16.1-x86_64-linux-gnu.tar.gz
$ tar -xvf bitcoin-0.16.1-x86_64-linux-gnu.tar.gz
$ sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-0.16.1/bin/bitcoin-cli
$ cd
$ rm -rf download

### bitcoin-cli configuration
$ sudo mkdir /home/bitcoin/.bitcoin
$ sudo nano /home/bitcoin/.bitcoin/bitcoin.conf

# Connection settings
rpcuser=xxx
rpcpassword=xxx

c-lightning

https://github.com/ElementsProject/lightning

### with admin user
$ sudo apt-get install -y autoconf automake build-essential git libtool libgmp-dev libsqlite3-dev python python3 net-tools zlib1g-dev
$ cd 
$ git clone https://github.com/ElementsProject/lightning.git
$ cd lightning
$ git tag -l
$ git checkout tags/v0.6
$ ./configure
$ make
$ sudo make install

### systemd startup
$ sudo nano /etc/systemd/system/lightning.service

# c-Lightning: systemd unit
# /etc/systemd/system/lightning.service

[Unit]
Description=c-Lightning daemon
Requires=spruned.service
After=spruned.service

[Service]
ExecStart=/usr/local/bin/lightningd --pid-file=/home/bitcoin/.lightning/lightning.pid --daemon
PIDFile=/home/bitcoin/.lightning/lightning.pid
User=bitcoin
Type=forking
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

### c-lightning configuration
sudo mkdir /home/bitcoin/.lightning
sudo nano /home/bitcoin/.lightning/config

alias=Your_Node_Alias
log-level=debug
network=bitcoin
bitcoin-rpcuser=xxx
bitcoin-rpcpassword=xxx
bitcoin-rpcconnect=localhost
bitcoin-rpcport=8332
log-file=/home/bitcoin/.lightning/lightning.log

### set bitcoin as owner, start and enable 
$ sudo chown -R bitcoin:bitcoin /home/bitcoin/.lightning/
$ sudo systemctl start lightning
$ sudo systemctl status lightning
$ sudo systemctl enable lightning
$ sudo tail -f /home/bitcoin/.lightning/lightning.log

### Check setup
$ sudo su - bitcoin
$ bitcoin-cli getblockchaininfo
{
  "blocks": 533666,
  "pruned": false,
  "chainwork": null,
  "headers": 533666,
  "bestblockhash": "0000000000000000001b65cc396bfdd8cff3a712f2f31b5ee7feb963314a5acd",
  "difficulty": null,
  "mediantime": 1532556068,
  "chain": "main",
  "warning": "spruned 0.0.2a3, emulating bitcoind v0.16",
  "verificationprogress": 100
}
$ lightning-cli -h
$ lightning-cli connect [email protected]:9735              ## get a random node from 1ml.com
$ lightning-cli listpeers
$ lightning-cli newaddr

Nginx

https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-16-04

### as sudo user
$ sudo apt-get install nginx
$ sudo ufw allow "Nginx Full"
$ systemctl status nginx

### point domain name to this server and check Nginx website with your browser

### configure Nginx
$ sudo nano /etc/nginx/sites-available/charged

server {
    listen 9000;
    server_name your.domainname.com;

    location / {
        proxy_pass http://127.0.0.1:9112;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

### enable Nginx block
$ sudo rm /etc/nginx/sites-enabled/default
$ sudo ln /etc/nginx/sites-available/charged /etc/nginx/sites-enabled/charged
$ sudo nginx -t
$ sudo systemctl reload nginx

Node.js

### as sudo user
$ curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
$ sudo apt-get install -y nodejs build-essential

Lightning Charge

### sometimes, this step caused some errors. Not sure why
$ npm install -g lightning-charge

### if you get an error, try this
$ sudo npm install --unsafe-perm -g lightning-charge

See this issue if installation hangs on installing a certain package (maybe due to git:// url) npm/npm#18448 (comment)

### check operations (optional)
### in "bitcoin" user session
$ charged --api-token REPLACE_WITH_YOUR_SECRET_TOKEN defaults: --ln-path /home/bitcoin/.lightning --db-path /home/bitcoin/.lightning/charge.db --port 9112
### different user session on the same machine:
$ curl localhost:9112

### as sudo user
$ sudo nano /etc/systemd/system/charged.service`

# Lightning Charge: systemd unit
# /etc/systemd/system/charged.service

[Unit]
Description=Lightning Charge
After=lightning.service
Requires=lightning.service

[Service]
WorkingDirectory=/home/bitcoin/.lightning
ExecStartPre=/bin/sh -c 'sleep 30'
ExecStart=/usr/bin/charged --api-token REPLACE_WITH_YOUR_SECRET_TOKEN --ln-path /home/bitcoin/.lightning --db-path /home/bitcoin/.lightning/charge.db --port 9112
User=bitcoin
Type=simple
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

### start & enable
$ sudo systemctl start lightning
$ sudo systemctl status lightning
$ sudo systemctl enable lightning
$ sudo tail -f 

Enable SSL

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt update
$ sudo apt install python-certbot-nginx
$ sudo certbot --nginx -d your.domainname.com

### when asked, do not redirect HTTPS traffic at the moment

### check website again, using https://....

### open nginx block and change "443" to "9001"
$ sudo nano /etc/nginx/sites-available/charged
$ sudo systemctl reload nginx

### check https://your.domainname.com:9001 in your browser

Hey there, great gist. I'm new to system services and I'm getting a bug when I try to start the lightning service.

Job for lightning.service failed because a timeout was exceeded.
See "systemctl status lightning.service" and "journalctl -xe" for details.

What do you suppose is the issue? Thanks!

It's usually best to start the program in question directly from the command line (without systemd) first and work out potential errors that way. Otherwise check the logs using journalctl - u lightning

Awesome, thanks for the tip! Got it worked out :)

Another question if you're around. I'm new to nginx, and the "### enable Nginx block" section seems to have broken my nginx server... before it was giving me the landing page, but now when I try to access my server on port 9000 it gives me a "502 bad gateway". Is this normal? Thanks!

Also let me know if there's a better way to contact you than just here on the gist. I'm really enjoying this gist so far!