Simple Monero Droplet

Monero cryptocurrency

Monero is a cryptocurrency that distinguishes itself using a CryptoNote-derived algorithm to secure the blockchain such that transactions don't divulge the transaction amount, source, or destination. This clever combination means decentralized "public" miners mathematically validate "private" transactions while preserving the privacy of parties to the transaction. Fortunately, the standard Monero package provides monero-wallet-rpc which our existing servers can use to easily leverage Monero off a dedicated droplet.

Monero droplet selection

We're primarily reading the Monero blockchain, as opposed to mining it, which means the droplet can skimp on CPU/RAM for disk space (the current blockchain is ~56GB). I used the lowest-tier ($5/mo) option running 64-bit Ubuntu 18.04.2 with 25GB disk, then added Block Storage Volume for 100GB for the blockchain; this also makes expanding it in the future pretty simple (note that added volumes appear in /mnt with a region identifier such as "/mnt/volume_nyc3_01").

Monero setup

Although the droplet is currently dedicated to Monero, we'll minimize future headaches by getting off root and using a dedicated user. I also highly recommend using iptables (or equivalent) to restrict network (P2P/RPC) access to only designated remote addresses.

adduser monero
mkdir -p /mnt/volume_nyc3_01/monero
ln -s /mnt/volume_nyc3_01/monero /var/monero
chown monero:monero /mnt/volume_nyc3_01/monero

Now switching over to that user...

su monero
cd /var/monero
mkdir -p data logs service

# download the latest command-line interface release
tar -xjvf linux64
mv monero-v* bin
rm linux64

# basic network-accessible Monero configuration
cat <<EOF >/var/monero/monero.conf

# P2P full node
p2p-bind-ip=            # Bind to all interfaces (the default)
p2p-bind-port=18080            # Bind to default port

# RPC open node
rpc-login=username:$(openssl rand -base64 42) # RPC authentication (no encryption)
rpc-bind-ip=            # Bind to all interfaces
rpc-bind-port=18081            # Bind on default port
confirm-external-bind=1        # Open node (confirm)
restricted-rpc=1               # Prevent unsafe RPC calls
no-igd=1                       # Disable UPnP port mapping

# Slow but reliable db writes

# Emergency checkpoints set by MoneroPulse operators will be enforced to workaround potential consensus bugs
# Check for explanation and trade-offs

out-peers=64              # This will enable much faster sync and tx awareness; the default 8 is suboptimal nowadays
in-peers=1024             # The default is unlimited; we prefer to put a cap on this

limit-rate-up=1048576     # 1048576 kB/s == 1GB/s; a raise from default 2048 kB/s; contribute more to p2p network
limit-rate-down=1048576   # 1048576 kB/s == 1GB/s; a raise from default 8192 kB/s; allow for faster initial sync

# systemd service configuration
cat <<EOF > /var/monero/service/monero.service
Description=Monero node


ExecStartPre=/bin/mkdir -p /var/monero/data
ExecStartPre=/bin/chown monero:monero /var/monero/data
ExecStart=/var/monero/bin/monerod --config-file /var/monero/monero.conf --data-dir /var/monero/data --non-interactive


Back to root to install and start the service

exit # get back to root; alternatively give monero sudo (`adduser monero --group sudo`)
cp /var/monero/service/monero.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable monero
service monero start

Finally, check the logs to ensure it works

tail --follow /var/monero/logs/monerod.log

Congratulations! Your droplet should now be downloading and parsing the blockchain.