• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

How to set up ec2 t1.micro Ubuntu for Masternode part 2/3

chaeplin

Well-known member
* Use this guide only for EC2 instance with Security-Group
* Using this guide on non-EC2 instances is very dangerous ( Especially iptables )


* This guide is valid for RC3(local/remote setup)
* local is home linux cold wallet holding 1K DRK
* remote is server with empty wallet


I. Part 1/3 EC2 Setup
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-1-3.240/

II. Part 2/3 AMI Setup
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-2-3.241/
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-2-3-2.1754/

III. Part 3/3 Masternode update
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-3-3.262/


* cat >> blabla << EOF blablabla EOF things are removed.
* This guide is valid for RC3(local/remote setup)
* local is home linux cold wallet holding 1K DRK(With private ip address)
* remote is server with empty wallet
* You can use darkcoind or darkcoind-qt

* if public ip of remote is changed, change masternodeprivkey
* if you see log like "(ip_yours) dropped (banned)", restart darkcoind


* brief steps
- setup ami to compile normal darkcoind
- compile darkcoind and run, sync
- make an encrypted wallet holding 1000 DRK using home pc
- download RC darksend
- replace darkcoind


PART 1
This part use github src to compile to setup basic environment.
#########################
1. login to ec2 ami
Code:
ssh -i downloaded_pemfile ubuntu@ami_public_ip

2. disable root login and sudo to root
http://aws.amazon.com/articles/1233
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/building-shared-amis.html
Code:
sudo passwd -l root
sudo su -

3. update system
Code:
apt-get update
apt-get dist-upgrade

4. add swap
Code:
dd if=/dev/zero of=/swapfile bs=1M count=1024
Code:
mkswap /swapfile
swapon /swapfile

* add line to /etc/fstab
Code:
/swapfile  swap      swap    defaults        0 0


5. install files
Code:
apt-get install build-essential libssl-dev libboost-all-dev libdb5.1 libdb5.1-dev libdb5.1++-dev
read binary wallet compatibility : https://github.com/darkcoinproject/...#dependency-build-instructions-ubuntu--debian
Ubuntu precise has packages for libdb5.1-dev and libdb5.1++-dev, but using these will break binary wallet compatibility, and is not recommended.

Code:
apt-get install git ntp make g++ gcc autoconf cpp ngrep iftop sysstat

6. change system setting
Code:
update-rc.d ntp enable

* enable sysstat
* you can skip this system monitoring part.
* sysstat utilities are a collection of performance monitoring tools.
change line in /etc/default/sysstat
* /etc/default/sysstat : "ENABLED="true"
change line in /etc/cron.d/sysstat
* /etc/cron.d/sysstat : sar 10 min to 1 min :
5-55/10 * * * *
to
*/1 * * * *

* add iptables rule
* add a line to /etc/rc.local between # and 'exit 0'
Code:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
/sbin/iptables-restore < /etc/iptables
exit 0

* do not use this rule for other vm.
* rule for ec2 ami + ec2 security group.
* /etc/iptables
Code:
#-----
*filter
:INPUT ACCEPT [1038:145425]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [434:87191]
-A INPUT -i eth0 -p tcp -m tcp --dport 9998 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j DROP
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT
-A INPUT -i eth0 -p tcp -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
COMMIT
#-----

* test iptables
Code:
/sbin/iptables-restore < /etc/iptables
iptables -L -v -n

7. reboot system
Code:
reboot

8. do step 1 and 2(login and switched to root)




*** if you don't want compile, you can skip step 9, 10, 11.
9. install darkcoin(git, compile, strip, copy)
Code:
cd /usr/local/src/
git clone https://github.com/darkcoinproject/darkcoin.git
cd darkcoin/src/

Code:
time make -f makefile.unix "USE_UPNP:=-" "USE_IPV6:=0"
strip darkcoind
cp darkcoind /usr/bin

10. logout root
Code:
exit

11. as ubuntu user
Code:
mkdir ~/.darkcoin

If you want more powerpool password do this, and use the result to darkcoin.conf.
You do not need to remember this password. It's used to connect rpc.
Anytime you can change it(after darkcoind is stopped)
Code:
darkcoind

This is output of darkcoind.
Code:
> darkcoind
Error: To use darkcoind, you must set a rpcpassword in the configuration file:
/home/ubuntu/.darkcoin/darkcoin.conf
It is recommended you use the following random password:
rpcuser=darkcoinrpc
rpcpassword=Z9u831PBcGvuQdassadasVQFZb5381EoadnjAebc
(you do not need to remember this password)
The username and password MUST NOT be the same.
If the file does not exist, create it with owner-readable-only file permissions.
It is also recommended to set alertnotify so you are notified of problems;
for example: alertnotify=echo %s | mail -s "DarkCoin Alert" [email protected]


* make and edit ~/.darkcoin/darkcoin.conf
Code:
#----
## change this
rpcuser=any_user_name_you_want_you_should_change_this_do_not_forget_
## change this
rpcpassword=any_password_you_like_name_you_want_you_should_change_this_do_not_forget
rpcallowip=127.0.0.1
listen=1
server=1
daemon=1
logtimestamps=1
maxconnections=256
#--------------------
# change change_this_to_your_ec2_public_ip_ami_public_ip to public ip address which you connected by ssh
externalip=change_this_to_your_ec2_public_ip_ami_public_ip
#---------------------

run darkcoind
check sync status
compare block height(no) with http://explorer.darkcoin.io/chain/DarkCoin or http://drk.poolhash.org/graph.html
use 'tail -f ~/.darkcoin/debug.log' to see log.
Code:
darkcoind
darkcoind getinfo
darkcoind getmininginfo
tail -f ~/.darkcoin/debug.log

Continued.. in PART II
 
Last edited:
I would recommend a few additional steps.
1.) fail2ban - slightly unnecessary if you are locking down ssh to your local IP, but it couldn't hurt
2.) Setup a root password - this is a big one.
3.) Create a dedicated darkcoin user and only let that user access the wallet file
4.) UFW makes managing the firewall so much easier
5.) Setup 2FA on your AWS account
6.) I would also say it is nearly imperative that you setup some sort of remote monitoring and get notifications if CPU usage gets too high, because on a micro instance if your CPU goes above like 50% for more than 1 minute, they throttle your CPU max usage to < 1000 mhz.
 
I would recommend a few additional steps.
1.) fail2ban - slightly unnecessary if you are locking down ssh to your local IP, but it couldn't hurt
2.) Setup a root password - this is a big one.
3.) Create a dedicated darkcoin user and only let that user access the wallet file
4.) UFW makes managing the firewall so much easier
5.) Setup 2FA on your AWS account
6.) I would also say it is nearly imperative that you setup some sort of remote monitoring and get notifications if CPU usage gets too high, because on a micro instance if your CPU goes above like 50% for more than 1 minute, they throttle your CPU max usage to < 1000 mhz.


I have learned how to use IAM and CloudWatch.
Thank you.
 
Last edited by a moderator:
Ah, I see. Since this is a downloaded pre compiled binary, I didn't notice a problem with memory, LOL.

Another question please, I've been searching for an answer all night but can't figure it out, what do the numbers inside the brackets represent?:

:INPUT ACCEPT [1038:145425]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [434:87191]

Thank you :)
 
I can't believe it, hours and hours I've been searching, and I tried just now one more time, and I got the question right, LOL. I never once just asked "what are the numbers inside the brackets, I asked all kinds of other things, but that one hit the nail on the head!

Counters, I guess start counting on the lower end to the top end, eh?
 
Ah, I see. Since this is a downloaded pre compiled binary, I didn't notice a problem with memory, LOL.

Another question please, I've been searching for an answer all night but can't figure it out, what do the numbers inside the brackets represent?:

:INPUT ACCEPT [1038:145425]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [434:87191]

Thank you :)


That's packets and bytes of chain.

This is sample.

root@ip:~# iptables -L -v -n
Chain INPUT (policy ACCEPT 1034 packets, 119K bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9998 reject-with tcp-reset
0 0 REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999flags: 0x17/0x02 #conn src/24 > 8 reject-with tcp-reset
0 0 REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999flags: 0x17/0x02 #conn src/32 > 2 reject-with tcp-reset
524 31650 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:9999
832K 374M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 340 packets, 42833 bytes)
pkts bytes target prot opt in out source destination
3 3131 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:9999 ctstate NEW
369K 834M ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:9999
153K 19M ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999
61302 3931K ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0


root@ip:~# iptables-save
# Generated by iptables-save v1.4.12 on Sat Apr 12 07:52:14 2014
*filter
:INPUT ACCEPT [1034:119457]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [340:42833]
-A INPUT -i eth0 -p tcp -m tcp --dport 9998 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT
-A INPUT -i eth0 -p tcp -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9999 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9999 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9999 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
COMMIT
# Completed on Sat Apr 12 07:52:14 2014
 
Hi @chaeplin , on #6, I get the following error on entering chkconfig --add ntp
Code:
/sbin/insserv: No such file or directory

ntp     0:off 1:off 2:on 3:on 4:on 5:on 6:0ff

Did I do this in the wrong dir or something?

Cheers!
 
Last edited by a moderator:
Hi @chaeplin , on #6, I get the following error on entering chkconfig --add ntp
/sbin/insserv: No such file or directory
ntp 0:eek:ff 1:eek:ff 2:eek:n 3:eek:n 4:eek:n 5:eek:n 6:eek:ff

Did I do this in the wrong dir or something?

Cheers!

Might want to edit that and use the Code button. So it doesn't show the smiles.
Code:
/sbin/insserv:No such file or directory
ntp0:ff
 
Cheers @chaeplin .

Sorry to say, I'm stuck on #9.

I'm not sure what "* change USE_UPNP:=- and USE_IPV6:=0" means.

After entering "time make -f makefile.unix"

Code:
g++ -c -O2 -pthread -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter -g -DBOOST_SPIRIT_THREADSAFE -D_FILE_OFFSET_BITS=64 -I/usr/local/src/darkcoin/src -I/usr/local/src/darkcoin/src/obj -DUSE_UPNP=0 -DUSE_IPV6=1 -I/usr/local/src/darkcoin/src/leveldb/include -I/usr/local/src/darkcoin/src/leveldb/helpers -DHAVE_BUILD_INFO -fno-stack-protector -fstack-protector-all -Wstack-protector -D_FORTIFY_SOURCE=2  -MMD -MF obj/net.d -o obj/net.o net.cpp
net.cpp:18:32: fatal error: miniupnpc/miniwget.h: No such file or directory
compilation terminated.
make: *** [obj/net.o] Error 1

real    2m22.786s
user    2m3.992s
sys     0m10.645s
root@ip-172-31-11-22:/usr/local/src/darkcoin/src# strip darkcoind
strip: 'darkcoind': No such file
 
My fault, I have edited it.

Use
Many thanks Chaeplin. I gave that a shot, got this:


Code:
update-rc.d ntp defaults
update-rc.d: warning: ntp stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1)
System start/stop links for /etc/init.d/ntp already exist.
 
Many thanks Chaeplin. I gave that a shot, got this:


Code:
update-rc.d ntp defaults
update-rc.d: warning: ntp stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1)
System start/stop links for /etc/init.d/ntp already exist.

file alredy created by chkcoinfig, so ignore it.
 
Back
Top