UPDATE: As for now I cannot recommend self-hosting a MN with a SBC since the performance with zPIV is way too low in any setup to my knowledge. For more Info, see Simple attack on Masternodes and Stakers
By setting up my masternode I had to learn a lot since I did not know linux before. While doing so, I learned so much and I want to share what I experienced with other users. This tutorial merges several other tutorials I found on the internet (e.g. on youtube and here on pivx.org). I think there are many other people who face the same issue and therefore I decided to make a very detailed tutorial. I hope that it provides additional benefits to the already existing ones. If you are already running a masternode, maybe the section about the automated backups to USB or the notification service in case of a crash might interest you.
Please provide feedback!
What will we achieve by following this guide?
I will show you in detail how to set up a rock64 (or Pi3 but basically any Single Board Computer (SBC)) which will run as 24/7 masternode and staking wallet. All interactions are done via ssh in a headless setup from a linux laptop (but windows cmd also supports ssh recently). What we will achieve:
- We will set up our SBC completely from scratch.
- The collateral will be stored on a Nano Ledger S which operates through the new SPMT tool.
- We will implement the auto-backup function to a usb device on your masternode.
- We will also stake from the Masternode.
- We will add a security layer which contacts you by e-mail in case that the daemon on the masternode crashes.
Before we start a disclaimer: I do not guarantee that it works for you too. In addition, I think that many things can be achieved more efficient. Most of the things I present here are taken from various sources which I link at the very end. Thanks to everybody who took the time to make those guides.
What hardware do we need?
- 1x Computer with SD-Card-Reader which runs a PIVX wallet
- 1x Rock64 or Pi3 (or any other SBC)
- 1x Micro-SD-Card (32GB)
- 1x Nano Ledger S
So let us begin. At the beginning I separate the setup of a pi3 and rock64 since they differ a little bit. Just take the one which is suited to you.
Setting up your Rock64
- Download https ://github.com/pine64dev/PINE64-Installer/blob/master/README.md
- Mount the SD-Card on your computer.
- Extract and run the pine64 installer and flash your SD card with the Ubuntu version offered by pine64.
- Open the SD-Card which now holds your Ubuntu OS and right click and create a new document. Name the file “ssh” without any extension.
- (On a Windows): Delete the “.txt” extension from the new file. Now the icon should be a plain white file. If it is still a text-file go in the explorer on “view” and set a checkmark on “File name extensions”. Now the “.txt” should appear which you can now delete.
- Insert the SD Card to your Rock64 and connect it to your router via LAN. Look for the IP address in your router menu.
- On your computer, access your Rock64 from the terminal (linux) or “cmd” (windows) via
ssh root@IP-ADDRESSwhere IP-ADDRESS is what you found out in the last step.
- Login with password “1234”
- It will ask you to make a new user. Choose for example Masternode01
Setting up your pi3
Note that I cannot recommend using a pi3. Especially since the last update it might be too slow. However, my masternode ran fine for a couple of months (until eventually crashing).
- Download etcher .io and Raspbian Stretch lite (https ://www.raspberrypi.org/downloads/raspbian/)
- Mount the SD-Card on your Computer.
- Open Etcher and flash the SD-Card with your Raspbian Stretch.
- Open the SD-Card which now holds your Raspbian OS and right click and create a new textfile. Name the file “ssh” and delete the .txt extension. Now the icon should be a plain white file. If it is still a text-file go in the explorer on “view” and set a checkmark on “File name extensions”. Now the “.txt” should appear which you can now delete.
- Insert the SD Card to your pi3 and connect it to your router via LAN. Look for the IP address of your pi.
- On your computer, access your raspberry from the terminal (linux) or “cmd” (windows) via
ssh pi@IP-ADDRESSwhere IP-ADDRESS is what you found out in the last step.
- Login with password “raspberry”
- Set a root password with
$sudo passwd. Make it something long and secure.
Now as proposed by a tutorial I saw here in the forum we want to override the user “pi” with our new user. However, when I run the code myself it always told me that the process is already in use. Therefore, we need to log in as root. However, the raspbian OS does not permit a direct root access. We can change that:
$sudo nano /etc/ssh/sshd_config
Look for the line “PermitRootLogin without-password” and change it to “PermitRootLogin yes”. CTRL+o to save and CTRL+x to exit the nano editor.
Open a new terminal and connect with
root@IP-ADDRESS. Now we can override the pi user. Note that NAME is your new user.
1. $sudo usermod -l NAME -d /home/NAME -m pi 2. $sudo chown NAME /home/NAME 3. $sudo passwd NAME
Make sure to change back the PermitRootLogin. It is probably there for a reason
Now connect to your Rock64 or Pi3 with your new user
Let us first make some updates:
$sudo apt-get update
$sudo apt-get upgrade
$sudo apt-get dist-upgrade
Let us set up the firewall:
1. $sudo apt-get install ufw 2. $sudo ufw allow ssh/tcp 3. $sudo ufw limit ssh/tcp 4. $sudo ufw allow 51472/tcp 5. $sudo ufw logging on 6. $sudo ufw enable 7. $sudo reboot
Let us set up a swap file:
- $sudo apt-get install dphys-swapfile
- $sudo su -c ‘echo “CONF_SWAPSIZE=4048” > /etc/dphys-swapfile’
- $sudo su -c ‘echo “CONF_MAXSWAP=4048” > /etc/dphys-swapfile’
- $sudo dphys-swapfile setup
- $sudo dphys-swapfile swapon
So, we need a static IP for our masternode. The cheapest way is to run it as a hidden service and obtain a static .onion address:
1. $sudo -i 2. $sudo apt-get install tor 3. $sudo nano /etc/tor/torrc
Add the following to the file:
- HiddenServiceDir /var/lib/tor/sshd/
- HiddenServicePort 22 127.0.0.1:22
Save and Exit. Do some more commands:
1. export SERVICE_DIR=/var/lib/tor/sshd/ 2. mkdir $SERVICE_DIR 3. chmod 700 $SERVICE_DIR 4. chown debian-tor.debian-tor $SERVICE_DIR 5. systemctl enable tor 6. systemctl start tor
Now you can find out your .onion address with
nano /var/lib/tor/sshd/hostname. Note the address somewhere.
In my case I want to run the masternode over WLAN. In headless mode this proved to be complicated (I am a noob, yes). So let me guide through it. If you want to run it over LAN, you can skip this part.
Here you find out the name of your wlan interface. If you are fortunate it is wlan0. In my case with an external wlan dongle for the Rock64 it was something long and wierd. I assume from now on it is wlan0.
$wpa_passphrase "SSID" "password"
$sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
Paste the output of
$wpa_passphrase. Also add “country=CH” with your ISO-Code. Save and exit.
$wpa_supplicant -B -D nl80211 -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
And add “auto wlan0” “allow-hotplug wlan0” “iface wlan0 inet dhcp” “wpa-ssid “SSID”” ""wpa-psk “password”
This checks if you are connected. Log in to your router and devote this IP address as static address to your masternode.I know step 5 is kind of a overkill but with my Rock64 I had so much trouble connecting to my WIFI.
Let us connect a USB-Stick to the SBC where we will later configure automatic backups of the wallets.
- Insert the USB stick (which is FAT32 formatted)
$sudo mkdir /media/usb
$sudo fdisk -lThis will give you the device name (e.g. sda1)
$sudo mount /dev/sda1 /media/usb -o dmask=000,fmask=111
Now let us install the pivx wallet and set everything up here.
$wget(take the link of the newest version 32bit arm for raspberry or aarch64 for rock64)
$tar xvzf pivx-184.108.40.206-x86_64-linux-gnu.tar.gz
$chmod 777 ./pivxd
$chmod 777 ./pivx-cli
$chmod 777 ./pivx-qt
- $wget “link of the snapshot” which can be found here: htt p ://220.127.116.11/~pub/PIVX/Daily-Snapshots-Html/PIVX-Daily-Snapshots.html
- $unzip XY.zip
Do not run the daemon yet.
Funding and starting the Masternode
- Open your Nano Ledger S and get a new address for your piv.
- Send exactly 10k PIV to this address (remember to press “zero fee”)
- Note the address you sent the PIV to.
- Start the wallet on your computer and open the SPMT tool.
- Make sure the connect the SPMT tool to your local pivx wallet by inserting the RPC username and RPC password from your local wallet into the “Setup” tab of SPMT.
- Click on “New Masternode”
- Give it a name you want.
- Insert the .onion address which you found out after setting up the hidden service.
- Generate a new MN Priv Key and note that.
Now ssh to your masternode and go into .pivx folder.
$nano pivx.conf Add all the following:
- rpcuser= (something long)
- rpcpassword= (something long)
- maxconnections=8 (this is important so that it doesn’t take up too much ressources)
- externalip=your onion address you noted from before
- bind= The local IP from your Masternode. Also add 51472 (e.g. 192.168.1.2:51472)
- masternodeaddr= your onion address
- masternodeprivkey= the priv key you obtained by SPMT
Okay, now your masternode should be ready to be fired up.
Wait until it is fully synchronized and
$~/pivx-3.1.0/bin/pivx-cli mnsync status gives you a true. Lock the wallet with a passphrase by
$~/pivx-3.1.0/bin/pivx-cli passphrase XY and unlock it again. Make sure it is fully unlocked with
$~/pivx-3.1.0/bin/pivx-cli walletpassphrase XY 0 false.
Now head back into your SMPT tool and connect your Nano Ledger S. Make sure the chrome app is closed. But navigate into the pivx app on your nano ledger s. Press connect in your SMPT tool. Now fill in the public address. and click on the “>>” button. Leave Account to “0” if you only have “My Account” in your Nano Ledger Device. For every additional account add 1 to the 0. It should say that it worked. Press save. Then click on the Rocket on your Masternode. Sign the messages with your nano s. It should say that it is successfully started. A
$~/pivx-3.1.0/bin/pivx-cli masternode status on your masternode should give you a “successfully started”.
Nicely done! Your masternode is up and running. But we are not quite done yet.
Notification System for your Masternode
Unfortunately, the pivxd server crashes from time to time on my Rock64 or especially on a Pi3. In order to avoid losses in payments due to unrecognized downtimes, we want to write a script which restarts the client in case of a crash and also send us a notification email. By doing so, we hopefully can restart the MN before we get into the restriction-time. For that, we will set up a job in the crontab. Before doing so, we have to configure a SSMPT client in order to send e-mails.
we will have two gmail-addresses. Here I follow a tutorial from the dash forum. However, it had to be heavily adjusted since it does not really work.
yourMN@gmail = sends the mail about the crash (which is a disposable address).
yourMAIN@gmail = your main address which you have permanent access to and enables you to react fast.
Let us first configure the SSMPT client
1. $sudo apt-get install ssmtp 2. $sudo nano /etc/ssmtp/ssmtp.conf
Add the following:
- mails.root=yourMN@ gmail.com
- mailhub=smtp.gmail. com:465
- AuthUser=yourMN@ gmail.com
- rewriteDomain=gmail. com
I had to put in some spaces because I am not allowed to post more than 4 links. You’ll figure it out . Head into your gmail account from where you will send the mail and click “My Account”. Go into Device activity & security events, scroll down and make sure that “Allow less secure Apps” is on.
Now try to send a mail with
$echo "Testing...1...2...3" | ssmtp yourMAIN@gmail.com.
Now let us make a cron job to check periodically whether your masternode is up. At the first time it asks you which editor to use to edit the crontab. Make sure to use nano.
$sudo crontab -e
Add the following:
- @reboot ~/pivx-3.1.0/bin/pivxd -daemon
- */10 * * * * /home/USER/mn_watch.sh >/dev/null 2>&1
This will start the pivxd client at reboot. And also it checks every 10 minutes the script mn_watch.sh. We now need to make the script.
$sudo nano /home/USER/mn_watch.sh
Add the following:
#!/bin/bash #!/bin/bash if ! pgrep -fu USER pivxd >/dev/null; then /usr/sbin/ssmtp yourMAIN @gmail.com < /home/USER/MN_CRASH.txt ~/pivx-3.1.0/bin/pivxd -daemon 2>&1 >/dev/null fi
Save and exit the file.
$sudo chmod +x mn_watch.sh
Add the following (or anything you like):
to: yourMAIN@gmail.com From: yourMN@gmail.com Subject: MASTERNODE CRASHED Masternode was restarted. However, it needs immediate attention.
NOTE: Obviously you need to make sure to comment out the cron job if you want to shut down the server manually, e.g. for an update. You can test the script by typing ./mn_watch.sh . If your wallet is running you should not receive an e-mail and there should also not be a notification that the daemon is already running (which you get when the if condition falsy triggers). If you shut down the wallet and run the script you should see pivxd coming up in your “top” and also via e-mail.
I also implemented an Alarm specifically to the crash of my Masternode: To do this, log in to your gmail account (which you use on your mobile) via a computer:
- In the upper searchbar click on the little down arrow.
- Insert at “From” your masternode-email-account
- press “Create filter with this search”.
- Click on “Apply the label”
- Make a new label like “MASTERNODE”
- Create filter
At your mobile go into Gmail and go into your account settings. There:
- Manage labels
- Click on the label “MASTERNODE”
- Sync all messages
- Select “Label notifications” and “Notify for every message”
- Deselect all notifications for all other labels.
- “Manage Notifications” and use a sound which certainly make you awake when you sleep
Now your smartphone goes crazy once it will receive a message from your masternode-mail.
Two additional notification layers:
To be as sure as possible, I will add here two additional layers of notification. The first is a third-party service. The benefit of this is, that it watches your MN from the outside your home network, which avoids the problem that you are not alerted if your network goes completely offline. The second layer is checking for the output of the “masternode status” command in order to avoid that your wallet is up and running but stuck on blocks or something else.
First: Watch your MN from outside your home network
Register your Masternode at masternodeonline .com. They will send you an e-mail if your Masternode changes it status as viewed from the network.
Second: Add another Script
The script will checks the output of your “masternode status” command.
- In your home folder
Add the following:
#!/bin/bash file=/home/USER/output word=successfully if grep -q $word $file; then echo "Masternode is running" echo "$(date) Masternode is running" >> /home/USER/mn_log.txt exit else sleep 20 ~/pivx-3.1.1/bin/pivx-cli masternode status > output sleep 20 exit 0 fi if grep -q $word $file; then echo "Masternode is running" echo "$(date) Masternode is running" >> /home/USER/mn_log.txt else echo "Masternode is offline!" echo "$(date) Masternode has crashed" >> /home/USER/mn_log.txt /usr/sbin/ssmtp yourMAIN@ gmail.com < /home/USER/MN_CRASH.txt exit 0 fi rm output
- After that
Add the following:
*/6 * * * * ~/pivx-3.1.1/bin/pivx-cli masternode status > output
*/7 * * * * /home/USER/mn_check.sh
What this does is that the cronjob will call the commad “masternode status” and write the output into “output”. Then the mn_check.sh checks whether it finds the word “successfully” in there. If not, you get the same waking-up-mail as in the first script.
EDIT: The three “security layers” work pretty good for me, so I exclude my concerns for now.
I hope this guide was of some use for you.
Thanks for comments to: