See the CHANGES.md file for detailes.
The update should be quite simple - you don't need to close any channels:
- Best is to get a second 16GB or 32GB sd card - but you can also reuse your old one
- In SSH main menu of you RaspiBlitz choose
UPDATE
& follow the dialogs until shutdown - Download the new RaspiBlitz image file from the GitHub README
- Write the new image to the (new) sd card with a tool like balena etcher
- RaspiBlitz with new sd card image - it now goes through a recover/update phase - this may take some time.
- Once that's done, login once per SSH and use the password raspiblitz and set a new password A (can be your old one or a new one).
After the final reboot your RaspiBlitz should be ready running the new RaspiBlitz version.
For update you DON'T NEED to close any channels, remove funding or download the blockchain again.
Here is a YouTube video tutorial on how to update: https://www.youtube.com/watch?v=Xvn0WQfHUdI
Simply Download the new RaspiBlitz SD card image to your laptop and have an sd card writer ready. Then login into your RaspiBlitz with SSH and:
- main menu > OFF
- remove power
- remove SD card
Write the new image it to your SD card .. yes you simply overwrite the old one, it's OK, all your personal data is on the HDD. If you want to be extra safe you can make a image backup of your old sd card first - but that is optional. If you made manual changes to your RaspiBlitz with scripts on the sd card you might wanna check on this FAQ question first: Why do I need to re-burn my SD card for an update?.
- insert new sd card image
- power on the RaspiBlitz again
You should see that it switched into recover/backup mode. It's now provisioning the fresh OS on the sd card your old settings and data. This process can take some while especially if you had RTL Web UI activated. Follow the instructions on the display ... if it takes longer then an hour .. get support.
When update/recover process is ready you will see a FINAL RECOVER LOGIN NEEDED
message on the display. Login per SSH by using the password raspiblitz
and set your Password A again. It can be the same as the old one, but maybe use the occasion to make password change for security reasons. If you had auto-unlock activated you might also be asked to enter your old Password C again. Then it wil make a final reboot.
After your RaspiBlitz is done with catching up the latest blockchain data you should see your status screen displaying your funds and channels. Your backup is complete.
You can do a quick check if the sha256 hash of the file you downloaded is the same as the sha256 hash mentioned below the download link or use the torrent download which will also check the file for checksum after download. But this does not prove to you that the sd card image was actually build by the lead developer of the RaspiBlitz project.
To verify that the download was actually signed by rootzoll you need to use GPG and import the following public key:
curl https://keybase.io/rootzoll/pgp_keys.asc | gpg --import
After this download the "signature file" for the sd card image. It's the same download link as for the image file - just added a .sig
at the end. You should also find the download link for the signature file always in the README right below the image download link following the SIGNATURE
link.
If you know have all the three elements needed - the imported public key, the image signature and the image file itself - you can verify the download with:
gpg --verify [SIGNATURE-FILE] [IMAGE-FILE]
As a result you should see a "correct signature" message with a main fingerprint the same as you can find on the keybase.io/rootzoll that is ending on 1C73 060C 7C17 6461
. If that fingerprint is correct, the sd card image you downloaded is a original release RaspiBlitz.
If your old RaspiBlitz if version 0.98 or higher, just follow the update instructions in the README.
If you run a version earlier then 0.98 you basically need to setup a new RaspiBlitz to update - but you can keep the blockchain data on the HDD, so you don't need have that long waiting time again:
-
Close all open lightning channels you have (
lncli closeallchannels --force
) or use the menu option 'CLOSE ALL' if available. Wait until all closing transactions are done. -
Move all on-chain funds to a wallet outside raspiblitz (
lncli sendcoins --conf_target 3 <ADDRESS> <AMT>
) or use the menu option 'CASHOUT' if available -
Prepare the HDD for the new setup by running the script
/home/admin/XXcleanHDD.sh
(Blockchain will stay on HDD) -
then shutdown RaspiBlitz (
sudo shutdown now
), flash SD card with new image, redo a fresh setup of RaspiBlitz, move your funds back in, Re-Open your channels
I know it would be nicer to run just an update script and you are ready to go. But then the scripts would need to be written in a much more complex way to be able to work with any versions of LND and Bitcoind (they are already complex enough with all the edge cases) and testing would become even more time consuming than it is now already. That's nothing a single developer can deliver.
For some, it might be a pain point to make an update by re-burning a new sd card - especially if you added your own scripts or made changes to the system - but that's by design. It's a way to enforce a "clean state" with every update - the same state that I tested and developed the scripts with. The reason for that pain: I simply cannot write and support scripts that run on every modified system forever - that's simply too much work.
With the SD card update mechanism I reduce complexity, I deliver a "clean state" OS, LND/Bitcoind and the scripts tightly bundled together exactly in the dependency/combination like I tested them and it's much easier to reproduce bug reports and give support that way.
Of course, people should modify the system, add own scripts, etc ... but if you want to also have the benefit of the updates of the RaspiBlitz, you have two ways to do it:
-
Contribute your changes back to the main project as pull requests so that they become part of the next update - the next SD card release.
-
Make your changes so that they survive an SD card update easily - put all your scripts and extra data onto the HDD AND document for yourself how to activate them again after an update. The file
/mnt/hdd/app-data/custom-installs.sh
runs with sudo rights after an update/recovery from a fresh sd card. This is the place to put all the install commands, cronjobs or editing of system configs for your personal modifications of RaspiBlitz.
BTW there is a beneficial side effect when updating with a new SD card: You also get rid of any malware or system bloat that happened in the past. You start with a fresh system :)
Copying a already synced blockchain from another computer (for example your Laptop) can be a quick way to get the RaspiBlitz started or replacing a corrupted blockchain with a fresh one. Also that way you synced and verified the blockchain yourself and not trusting the RaspiBlitz Torrent downloads (don't trust, verify).
One requirement is that the blockchain is from another bitcoin-core client with version greater or equal to 0.17.1.
But we don't copy the data via USB to the device, because the HDD needs to be formatted in EXT4 and that is usually not read/writable by Windows or Mac computers. So I will explain a way to copy the data through your local network. This should work from Windows, Mac, Linux and even from another already synced RaspiBlitz.
Both computers (your RaspberryPi and the other computer with the full blockchain on) need to be connected to the same local network. Make sure that bitcoin is stopped on the computer containing the blockchain. If your blockchain source is another RaspiBlitz with v1.5 or higher - go to REPAIR
> COPY-SOURCE
. If your RaspiBlitz is below v1.5 then on the terminal sudo systemctl stop bitcoind
and then go to the directory where the blockchain data is with cd /mnt/hdd/bitcoin
- when copy/transfer is done later reboot a RaspiBlitz source with sudo shutdown -r now
.
If everything of the above is prepared, start the setup of the new RaspiBlitz with a fresh SD card (like explained in the README) - it's OK that there is no blockchain data on your HDD yet - just follow the setup. When you get to the setup-point Getting the Blockchain
choose the COPY option. Starting from version 1.0 of the RaspiBlitz this will give you further detailed instructions how to transfer the blockchain data onto your RaspiBlitz. In short: On your computer with the blockchain data source you will execute SCP commands, that will copy the data over your Local Network to your RaspiBlitz.
Once you finished all the transfers the Raspiblitz will make a quick-check on the data - but that will not guarantee that everything in detail was OK with the transfer. Check further FAQ answers if you get stuck or see a final sync with a value below 90%.
If your RaspiBlitz is not working right and you like to get help from the community, it's good to provide more debug information, so other can better diagnose your problem - please follow the following steps to generate a debug report:
- ssh into your raspiblitz as admin user with your password A
- If you see the menu - use CTRL+C to get to the terminal
- To generate debug report run:
./XXdebugLogs.sh
- Then copy all output beginning with
*** RASPIBLITZ LOGS ***
and share this
PLEASE NOTICE: It's possible that this logs can contain private information (like IPs, node IDs, ...) - just share publicly what you feel OK with.
Yes - take a look at the project of Chimezie Chuta
More details in his book "A-Z of Building your own Full Bitcoin Lightning Node: A hand Book for Enthusiasts"
First of all if you see a final sync over 90% and you can see from time to time small increase - you should be OK ... this can take some looong time to catch up with the network. Only in the case that you actively choose the SYNC
option in the Getting the Blockchain
a final sync under 90% is OK. If you did a torrent or a copy from another computer and seeing under 90% something went wrong and the setup process is ignoring your prepared Blockchain and doing a full sync - which can almost take forever on a raspberryPi.
So if something is wrong (like mentioned above) then try again from the beginning. You need to reset your HDD for a fresh start: SSH in as admin user. Abort the final sync info with CTRL+c to get to the terminal. There run sudo /home/admin/XXcleanHDD.sh -all
and follow the script to delete all data in HDD. When finished power down with sudo shutdown now
. Then make a fresh SD card from image and this time try another option to get the blockchain. If you run into trouble the second time, please report an issue on GitHub.
There are two ways of Backup:
This is best done by auto backing-up the 'channel.backup' file to a remote location. But it just secures the funds you have in your on-chain wallet or in your channels. On recovery the channels will get closed. For details on how to setup see the README: https://github.com/rootzoll/raspiblitz/blob/v1.2/README.md#backup-for-on-chain---channel-funds
This backups all your LND data - including all open channels. But it's just intended to use when you move your LND data between computers, during update situations or in rescue recoveries, because replaying out-dated backups can lead to the loss of all channel funds.
How to backup LND data in a rescue situation see next question "How can I recover my coins from a failing RaspiBlitz?".
On a RaspiBlitz you have coins in your on-chain wallet (bitcoin wallet) and also coins in lightning channels. First we will try to recover all of them and even trying to keep your channels open with "Recover LND data". This that is not possible you can fall back to the second option "Recover from Wallet Seed".
Best to recover all your LND data/channels is when you still can SSH into the RaspiBlitz and the HDD is still usable/reachable (mounted) - even it shows some errors. If this is not possible anymore you should skip to the second option "Recover from Wallet Seed" or try to recover the LND data from the HDD (directory lnd
) from another computer.
If you still can SSH in and HDD is readable, we can try to rescue/export your LND data (funds and channels) from a RaspiBlitz to then be able to restore it back to a fresh one. For this you can use the following procedure ...
To rescue/export your Lightning data from a RaspiBlitz (since v1.1):
- SSH into your RaspiBlitz and EXIT to terminal from the menu.
- then run:
/home/admin/config.scripts/lnd.rescue.sh backup
- follow the instructions of the script.
This will create a lnd-rescue file (ends on gz.tar) that contains all the data from the LND. The script offers you a command to transfer the lnd-rescue file to your laptop. If the transfer was successful you can now setup a fresh RaspiBlitz. Do all the setup until you have a clean new Lightning node running - just without any funding or channels.
Then to restore your old LND data and to recover your funds and channels:
- SSH into your new RaspiBlitz and EXIT to terminal from the menu.
- then run:
/home/admin/config.scripts/lnd.rescue.sh restore
- follow the instructions of the script.
This script will offer you a way to transfer the lnd-rescue file from your laptop to the new RaspiBlitz and will restore the old data. LND gets then restarted for you and after some time it should show you the status screen again with your old funds and channels.
Be aware that if backup is some hours old, channels could have been closed by the other party and it may take some time until you see funds back on-chain. If backup is somewhat older then 1 day also the channel counter parties may have used your offline time to cheat you with an old state. And if your backup was not the latest state it could also been happening that you are posting an old channel state (seen as cheating) and funds of that channel get lost as punishment. So again .. this backup method can be risky, use with caution. But it's recommended to try in recover and rescue situations - it's not for regular backups.
Remember those 24 words you were writing down during the setup? That's your "cipher seed" - now this words are important to recover your wallet. If you don't have them anymore: go back to option "Recover LND data" (see above) and check all possible ways to recover data from the HDD. If you still have the word seed: good, but read the following carefully:
With the word seed you can recover the on-chain funds that LND was managing for you - but it does not contain all the details about the channels you have open - it's mostly the key to your funding wallet. If you were able to close all channels or never opened any channels, then everything should be OK and the best results to recover on-chain funds from wallet seeds are reported to get from installing the Lightning Labs App on your laptop and use the wallet seed (and same wallet passwords): https://github.com/lightninglabs/lightning-app/releases Also people reported to be able to recover their on-chain funds with the Zap Desktop wallet (OSX, Win, Linux): https://zap.jackmallers.com/download
If you had open channels it would be best to check if you have also the channel.backup
file (Static-Channel-Backup feature) that is available since LND 0.6 (RaspiBlitz v1.2) and use that in the process below ... for more details on the channel.backup
file see README.md on backups.
- SetUp a fresh RaspiBlitz (fresh SD-Card image and clean HDD).
- During the new SetUp you get to the point of creating the LND wallet (see image below).
- Choose
OLD - I had a old Node I want to recover/restore
option and then - Choose
SEED+SCB - Seed & channel.backup file
option - and follow the instructions to upload your
channel.backup
file and enter your seed
Then give LND some time to re-scan the blockchain. In the end you will have restored your funding wallet. You maybe need to wait for your old channel counter parts to force close the old channels until you see the coins back displayed.
If you don't have the channel.backup
file and only the seed words there is another last hope to try - read this article:
https://medium.com/@guggero/did-you-lose-funds-on-the-lightning-network-because-of-a-disk-crash-8971b6a92494
Important: If you see a zero balance for on-chain funds after restoring from seed ... see details discussed here - you might try setup fresh this time with bigger look-ahead number.
With the 24 word list given you by LND on wallet creation you can recover your private key. You should write it down and store it at a save place. Bear in mind that this 24 word mnemonic seed is not based on the BIP 39 and therefore cannot be recovered using a Bitcoin wallet.
For more background on the LND mnemonic seed read this article.
Before you start - download a LND-data-rescue file from your RaspiBlitz to your laptop main menu -> UPDATE -> Update Anyway -> Start Update -> Download Backup -> FOLLOW INSTRUCTIONS and press Enter when ready with download -> START UPDATE
. Now your RaspiBlitz will power down.
Now install the LND Lightning Desktop App for your OS: https://github.com/lightninglabs/lightning-app/releases
Then start the App and create a new wallet - it's a throw away wallet (will be deleted afterwards with no funds) - so you don't need to keep seeds safe. To get easy thru the setup just make a photo of the seed with your mobile. If you get asked for funding - just click "done" until you reach the basic wallet screen. Then close the LND Desktop App.
Now find out at with path LND stores the wallet data on your computer.
Linux: [USER-DIRECTORY]/.config/lightning-app/lnd OSX: [USER-DIRECTORY]/Library/Application Support/lightning-app/lnd Windows: %USERPROFILE%\AppData\Roaming\lightning-app\lnd
Then open that directory on your local file manager and delete all data in the lnd
directory.
Now unpack the lnd-rescue you made before and copy all the data from the mnt/hdd/lnd
directory (including sub directories) into the LND-Path lnd directory. Delete the "lnd.conf" file.
Now start the Lightning App again. Your wallet password should now be your RaspIBlitz PasswordC.
If it's working and you have access to your funds/channels on the Desktop App ... don't start the RaspiBlitz anymore. Delete sd card and HDD.
Use the "Change Name/Alias of Node" option in the main menu. The RaspiBlitz will make a reboot after this.
This means, that he public ssh key of the RaspiBlitz has changed to the one you logged in the last time under that IP.
It's OK when happening during an update - when you changed the sd card image. If it's really happening out of the blue - check your local network setup for a second. Maybe the local IP of your RaspiBlitz changed? Is there a second RaspiBlitz connected? It's a security warning, so at least take some time to check if anything is strange. But also don't get to panic - when it's in your local network, normally it's some network thing - not an intruder.
To fix this and to be able to login with SSH again, you have to remove the old public key for that IP from your local client computer. Just run the following command (with the replaced IP of your RaspiBlitz): ssh-keygen -R IP-OF-YOUR-RASPIBLITZ
or remove the line for this IP manually from the known_hosts file (see the path to the file in the warning message).
After that, you should be able to login with SSH again.
The idea of the "wallet lock" in general, is that your private key / seed / wallet is stored in a encrypted way on your HDD. On every restart, you have to input the password once manually (unlock your wallet), so that the LND can read and write to the encrypted wallet again. This improves your security if your RaspiBlitz gets stolen or taken away - it loses power and then your wallet is safe - the attacker cannot access your wallet.
When you activate the "Auto-Unlock" feature of the RaspiBlitz, the password of the wallet gets stored on the RaspiBlitz. So if an attacker steals the RaspiBlitz physically, it's now possible for them to find the password and unlock the wallet.
Your HDD may have no partitions yet. SSH into the RaspiBlitz as admin (see command and password on display) and you should be offered the option to create a partition. If this is not the case:
Check/Exchange the USB cable. Connect the HDD to another computer and check if it shows up at all.
Windows: https://www.lifewire.com/how-to-open-disk-management-2626080
Linux/Ubuntu (desktop): https://askubuntu.com/questions/86724/how-do-i-open-the-disk-utility-in-unity
Linux/Raspbian (command line): https://www.addictivetips.com/ubuntu-linux-tips/manually-partition-a-hard-drive-command-line-linux/
Make the fonts smaller until the QR code fits into your (fullscreen) terminal. In OSX use CMD
+ -
key. In LINUX use CTRL
+ -
key. On WINDOWS Putty go into the settings and change the font size: https://globedrill.com/change-font-size-putty
The bitcoin IP is red, when the RaspiBlitz detects that it cannot reach the port of bitcoin node from the outside. This means the bitcoin node can peer with other bitcoin nodes, but other bitcoin nodes cannot initiate a peering with you. Don't worry, you don't need a publicly reachable bitcoin node to run a (public) lightning node. If you want to change this however, you need to forward port 8333 on your router to the the RaspiBlitz. How to do this is different on every router.
Some routers support a feature called UPnP where devices can automatically request a forwarding to be publicly reachable. By turning on BTC UPnP
in the main menu SERVICES
section, you can try if your router supports this feature.
On details how to set port forwarding manually on your router model see: https://portforward.com
The node address is red, when the RaspiBlitz detects that it cannot reach the port of the LND node from the outside - when the device is behind a NAT or firewall of the the router. Your node is not publicly reachable. This means you can peer+openChannel with other public nodes, but other nodes cannot peer+openChannel with you. To change this you need to forward port 9735 on your router to the the RaspiBlitz. How to do this is different on every router.
Some routers support a feature called UPnP where devices can automatically request a forwarding to be publicly reachable. By turning on LND UPnP
in the main menu SERVICES
section, you can try if your router supports this feature.
On details how to set port forwarding manually on your router model see: https://portforward.com
Also the selftesting of the RaspiBlitz if the port is forwarded or not might not work if your router is not supporting Hairpinning.
Yellow is OK. The RaspiBlitz can detect, that it can reach a service on the port 9735 of your public IP - this is in most cases the LND of your RaspiBlitz. But the RaspiBlitz cannot 100% for sure detect that this is its own LND service on that port - that's why it's just yellow, not green.
On details how to set port forwarding on your router model see: https://portforward.com
BTCPay Server is a solution to be your own payment processor to accept Lightning Payments for your online store: https://github.com/btcpayserver/btcpayserver
You can find setup instructions for a experimental setup here: https://goo.gl/KnTzLu
Thanks to @RobEdb (ask on twitter for more details) running his demo store with RaspiBlitz: https://store.edberg.eu - buy a picture of him and Andreas :)
You don't need a LAN port on your laptop as long as you can connect over WLAN to the same LAN router/switch the RaspiBlitz is connected to .. and you are on the same local network.
A LAN cable is recommended because it reduces a possible source of error on the network connection side. But how to setup WLAN when you don't have a LAN-Router/Switch available see here: https://stadicus.github.io/RaspiBolt/raspibolt_20_pi.html#prepare-wifi
If you have a LAN port on your laptop - or you have a USB-LAN adapter, you can connect the RaspiBlitz directly (without a router/switch) to your laptop and share the WIFI internet connection. You can follow this guide for OSX.
In short for OSX:
- make sure all VPN are off (can interfere with local LAN)
- connect with LAN directly
- Settings > Sharing/Freigaben > activate "internet sharing" from WLAN to Ethernet
- Settings > Network > Ethernet-Adapter > set to DHCP
- in terminal >
ifconfig
there you should see the IP of the bridge100 - in terminal >
arp -a
and check for an IP of a client to the bridge - in terminal > ssh admin@[clientIP]
If anyone has experience on doing this in Linux/Win, please share.
Just removing power from the RaspiBlitz can lead to data corruption if the HDD is right in the middle of a writing process. The safest way is always to SSH into the RaspiBlitz and use the "POWER OFF" option in the main menu.
But if cannot login with SSH and you need to power off at least remove the LAN cable (network connection)first for sometime (around 10-30 secs - until you can see no more blinking lights on the HDD) and then remove the power cable. This should minimize the risk if data corruption in this situations.
There might be a new not released features in development that are not yet in the master branch - but you want to try them out.
To build a sd card image from another branch than master you follow the Build the SD Card Image from the README, but execute the build script from the other branch and add the name of that branch as a parameter to the build script.
For example if you want to make a build from the 'dev' branch you execute the following command:
wget https://raw.githubusercontent.com/rootzoll/raspiblitz/dev/build_sdcard.sh && sudo bash build_sdcard.sh 'dev'
If you fork the RaspiBlitz repo (much welcome) and you want to run that code on your RaspiBlitz, there are two ways to do that:
-
The quick way: For small changes in scripts, go to
/home/admin
on your running RaspiBlitz, delete the old git withsudo rm -r raspiblitz
then replace it with your codegit clone [YOURREPO]
and/home/admin/XXsyncScripts.sh
-
The long way: If you like to install/remove/change services and system configurations you need to build a SD card from your own code. Prepare like in Build the SD Card Image from the README but in the end run the command:
`wget https://raw.githubusercontent.com/[GITHUB-USERNAME]/raspiblitz/[BRANCH]/build_sdcard.sh && sudo bash build_sdcard.sh [BRANCH] [GITHUB-USERNAME]
If you are then working in your forked repo and want to update the scripts on your RaspiBlitz with your latest repo changes, run /home/admin/XXsyncScripts.sh
- that's OK as long as you don't make changes to the sd card build script - then you would need to build a fresh sd card again from your repo.
You need to have your forked repo checked out on your laptop. There your should see your forked repo as origin
, when you run git remote -v
. If you don't see a additional upstream
remote yet, then it with the following command git remote add upstream https://github.com/rootzoll/raspiblitz.git
.
So first checkout the new branch named BRANCH
from the original RaspBlitz repo to your local computer with: git fetch upstream
and then git checkout -b BRANCH upstream/BRANCH
.
Now push the new branch to your forked GitHub repo with git push -u origin BRANCH
.
Once the branch is available and synced between the RaspiBlitz GitHub repo, your forked GitHub repo and your local computer git repo, you can start developing.
Since v1.5 of RaspiBlitz there is an easy way thru the SSH menus: Under MAIN MENU > UPDATE > PATCH
you have the option to change the GitHub Reposity and and Branch to sync with. You change the GitHub Reposity by setting the GutHub username where you forked the Repo.
So for example: If you forked the RaspiBlitz project (rootzoll/raspiblitz) on GitHub and your GitHub project page is now called: https://github.com/raumi75/raspiblitz ... then justchange the Repo to sync/patch with to your username raumi75
.
Now you can use the Patch/Sync RaspiBlitz with GitHub Repo
to easily keep your RaspiBlitz in sync with your forked repository and develop your own customizations and features.
Background info and doing it manually:
There is a git copy of the original RaspiBlitz GitHub repo on your physical RaspiBlitz in the folder /home/admin/raspiblitz
. If you change into that folder and run git remote -v
you can see the set origin repo.
You need to change that origin repo to your forked repo. You do that with:
git remote set-url origin [THE-URL-OF-YOUR-FORKED-REPO]
Now to sync your branch namend BRANCH on your forked repo with your RaspiBlitz you always just the run:
/home/admin/XXsyncScripts.sh BRANCH
So your workflow can go: You write code on your local computer. Commit to your local repo, push it to your forked repo and use the sync-script above to get the code to your RaspiBlitz.
Like the way above you can build a new feature or test a change. Once you have something ready you want to contribute back, you make sure it's pushed to your forked GitHub repo and start a pull request from the GitHub website there to the RaspiBlitz repo.
See more info: https://yangsu.github.io/pull-request-tutorial/
Make sure to have the correct base image. Then go to the command line and create a branch for the PR:
cd /home/admin/raspiblitz
git fetch origin pull/[PRNUMBER]/head:pr[PRNUMBER]
git checkout pr[PRNUMBER]
cd /home/admin
./XXsyncScripts.sh -justinstall
Now you have the code of the PR active - depending on what scripts are changes you might need to reboot.
To change back to the code:
./XXsyncScripts.sh master
Try some rubber band.
You can put the heasink-case (top-part mentioned in the shopping lists) into a customized 3D printed case for the RaspiBlitz called "Lightning Shell" - great work by @CryptoCloaks
https://www.cryptocloaks.com/product/lightningshell/ (Delivery from USA)
Also there is the ZKDS metal case available that also needs some extra hardware (SATA-USB expansion board and USB bridge).
https://diynodes.com (delivery from UK)
When your USB power adapter for the RaspiBlitz delivers too low power those messages with "Under-Voltage detected" (under-voltage) are shortly seen on the display. This can lead to data loss/corruption on the HDD. If you see those just one or two times that's not OK, but can be in a tolerant window. Nevertheless it make sure your USB power adapter can deliver at least 3A (big and stable is good). If you still see those warnings maybe get a second USB Power adapter just for the HDD and power the HDD through a Y-Cable - see https://en.wikipedia.org/wiki/Y-cable#USB or put a USB Hub with extra power between the raspberry and the HDD.
Using pre-built software almost always shifts trust to the one who made the binary. But at least you can check with the SHA checksum after download if the image downloaded is really the one offered by the GitHub Repo. To do so make a quick check if your browser is really in the correct GiutHub page and that your HTTPS of the GitHub page is signed by 'DigiCert'. Then compare the SHA-256 string (always next to the download link of the image on the README) with the result of the command shasum -a 256 [DOWNLOADED-FILE-TO-CHECK]
(Mac/Linux). Still this is not optimal and if at least some people from the community request it, I will consider signing the download as an author for the future.
The best way would be to build the sd card yourself. You use the script build_sdcard.sh
for it. Take some minutes to check if you see anything suspicious in that build script and then follow the README on this.
Work notes for the process of producing a new sd card image release:
- Start
Ubuntu LIVE
from USB stick on Build Computer (press F12 on startup) - Connect to a secure WiFi (hardware switch on) or LAN
- Download the latest Raspbian Desktop (without recommended software) from raspberrypi.org
- From the browser
Show All Downloads
and from the context menu selectCopy Download Link
- Paste the Download Link into a new browser tab and add ".sig" at the end (also download)
- From the browser
Show All Downloads
and from the context menu selectOpen Containing Folder
- On that file manager open context (right click) on the white space and select
Open in Terminal
- Compare checksum with: raspberrypi.org with
shasum -a 256 *.zip
- Install curl if needed
sudo apt-get update && sudo apt-get install -f curl net-tools
- Check signature:
curl https://www.raspberrypi.org/raspberrypi_downloads.gpg.key | gpg --import && gpg --verify *.sig
- The result should say "correct signature" and fingerprint should end with
8738 CD6B 956F 460C
- Insert an NTFS formatted USB stick and use the file manager to move all files to there
- Use in file manager context on NTFS USB stick
extract here
to unzip - Connect SD card reader with a 8GB SD card
- In the file manager open context on the .img-file, select
Open With Disk Image Writer
and write the image to the SD card - In the file manager open context on
boot
drive free spaceopen in terminal
- Run the commands:
touch ssh
andexit
- Eject the
boot
and theNTFS
volume - Connect a RaspiBlitz (without HDD) to network, insert sd card and power up
- Find the IP of the RaspiBlitz (arp -a or check router)
- In terminal
ssh pi@[IP-OF-RASPIBLITZ]
- Password is
raspberry
- Run the following command BUT REPLACE
[BRANCH]
with the branch-string of your latest version wget https://raw.githubusercontent.com/rootzoll/raspiblitz/[BRANCH]/build_sdcard.sh && sudo bash build_sdcard.sh '[BRANCH]'
- Monitor/Check outputs for warnings/errors - install LCD
- Login new with
ssh admin@[IP-OF-RASPIBLITZ]
(pw: raspiblitz) and run./XXprepareRelease.sh
- Disconnect WiFi/LAN on build laptop (hardware switch off) and shutdown
- Remove
Ubuntu LIVE
USB stick and cut power from the RaspberryPi - Connect USB stick with latest
TAILS
(make it stay offline) - Power on the Build Laptop (press F12 for boot menu)
- Connect USB stick with GPG signing keys - decrypt drive if needed
- Open Terminal and cd into directory of USB Stick under
/media/amnesia
- Run
gpg --import ./sub.key
, check andexit
- Disconnect USB stick with GPG keys
- Take the SD card from the RaspberryPi and connect with an external SD card reader to the laptop
- Click on
boot
volume once in the file manger - Connect the NTFS USB stick, open in file manager and delete old files
- Open Terminal and cd into directory of NTFS USB stick under
/media/amnesia
- Run
df
to check on the SD card device name (boot
- ignore last partition number) dd if=/dev/[sdcarddevice] | gzip > ./raspiblitz-vX.X-YEAR-MONTH-DAY.img.gz
- When finished you should see that more then 7GB were copied
- Then run
shasum -a 256 *.gz > sha256.txt
- Sign with
gpg --output raspiblitz-vX.X-YEAR-MONTH-DAY.img.gz.sig --detach-sign *.gz
- Shutdown build computer
- Connect the NTFS USB stick to MacOS (it is just read-only)
- Run tests on the new image
- Upload the new image to the Download Server - put sig-file next to it
- Copy SHA256-String into GitHub README and update the download link
Type the command raspiblitz
to return to the main menu if you exited to the command line.
There is an experimental section in this GitHub that tries to build for other SingleBoardComputers. Feel free to try it out and share your experience: alternative.platforms/README.md
There is now an option under SETTINGS
to rotate the screen.
To do it manually: For the default 3.5" LCD you need to edit the /boot/config.txt. Run sudo nano /boot/config.txt
look for the line dtoverlay=tft35a:rotate=270
towards the end. To flip the screen with 180 degrees change the line to dtoverlay=tft35a:rotate=90
and reboot with sudo reboot
. Reference: goodtft/LCD-show#34
When you put in a sd card with a new/clean RaspiBlitz image the RaspiBlitz will get into recovery mode because it detects the old data on your HDD and assumes you just want to continue to work with this data.
But there might be cases where you want to start a totally fresh/clean RaspiBlitz from the beginning. To do so you need to delete the old data from the HDD. Those the option RESET-ALL
under REPAIR
to delete all data and start fresh.
When the HDD is clean, then flash a new RaspiBlitz sd card and your setup should start fresh.
You could try to re-index, but that can take some very long time - multiple days or even weeks. But there are other options:
- Get new Blockchain
Use REPAIR
in the SSH main menu and then choose RESET-CHAIN
. Then you get offered multiple options to get new blockchain data.
- Backup LND Data, make fresh Blitz, Replay LND Data
You can backup your channel and wallet data, make a complete fresh RaspiBlitz and after that one is setup you replace the LND data with your old one. Also make sure to check again on your power supply - it needs to deliver equal or more then 3A and should deliver a stable current. If you think your HDD or SD card is degrading - maybe this is a good time to replace. See for details the FAQ question: How can I recover my coins from a failing RaspiBlitz?*
The display is one of the nice features of the RaspiBlitz but the raspberry can run without it. Maybe not all add-on feature could be used to the full extend, but you can get started without the LCD and even plug it on later.
If you want to use the HDMI output you can place a file called hdmi
on the boot
section of the RaspiBlitz sd card ... just connect the sd card to your laptop, create that file and then boot it up in the RaspberryPi.
If you are already logged in you can use on the console the commands:
hdmi
--> switch to HDMIlcd
--> switch to LCD
Enter the Console/Terminal by selecting the last option from the Raspiblitz menu Enable the VNC server using raspi-config: sudo raspi-config > Interface Options > VNC > Enable. Reboot. Set a password for the VNC Server: sudo vncpasswd -service Set the Authentication parameter: sudo echo "Authentication=VncAuth" > /etc/vnc/config.d/common.custom Restart the VNC Server for settings to take effect sudo systemctl restart vncserver-x11-serviced Open the relevant port in the firewall (ufw): sudo ufw allow vnc
Note: You may have to set the resolution through raspi-config in certain situations: sudo raspi-config > Advance Options > Resolution
Hint: From macOS, there is a built in VNC client hidden away at: /System/Library/CoreServices/Applications/Screen\ Sharing.app
Yes but you need to change at least on one RaspiBlitz the port number (for example to 9736) on one of your RaspiBlitzes - see how to change a port below. Then you can forward both ports from your home internet router to the matching RaspiBlitzes.
There is a experimental script you can call from the terminal that will make all changes for you ... see details here: raspiblitz#100 (comment)
If you get this error by LND that means that something is wrong with the macaroons being used to communicate with LND .. see: https://github.com/lightningnetwork/lnd/blob/master/docs/macaroons.md
To fix this depends on where you get this error:
- If you get it in a mobile wallet, then redo the connection with the RaspiBlitz to get fresh macaroons.
- If you get this from RTL or from the scripts of the SSH menus of the RaspiBlitz, then go to "EXPORT Macacroons and TLS.cert" in SSH main menu and choose the the "RESET Macaroons & TLS" option.
Also make sure to check again on your power supply - it needs to deliver equal or more then 3A and should deliver a stable current. If you think your HDD is degrading - maybe this is a good time to replace it. See for details the FAQ question: How can I recover my coins from a failing RaspiBlitz?
- You don't have inbound liquidity
- Low uptime
- Capital is committed to competitive destinations
- Capital committed to destinations no one wants to send to
- Fees are too high
- Your inbound liquidity doesn't have good inbound liquidity itself
Try updating before a official RaspiBlitz on your very own risk - you can find some info about that here: https://stadicus.github.io/RaspiBolt/raspibolt_faq.html#how-to-upgrade-bitcoin-core
- Check the command again with how it's on the display - do you have it typed in correctly?
- Replace
ssh
withsudo ssh
and try it (laptop admin password might be required).
If that doesn't work, try to ping the IP of the RaspiBlitz with ping [IP-of-RaspiBlitz]
. If you get no response on the ping requests and the device is not reachable, try this check list:
- Make sure that your RaspiBlitz and your laptop are really on the same local network
- Check if you have a VPN running on your laptop - some VPNs block local network
- Some Routers have
IP Isolation
switched on - not allowing two devices to connect
If that all is not working: Join the conversation on GitHub Issue #420.
To use a public server for port-forwarding thru a SSH tunnel you can use the following experimental script on the RaspiBlitz (since v1.2):
/home/admin/config.scripts/internet.sshtunnel.py
But first you need to make sure that the public server you are using is supporting SSH reverse tunneling and authentication by public authorized key. Check the /etc/ssh/sshd_config
on the public server to contain the following settings:
RSAAuthentication yes
PubkeyAuthentication yes
GatewayPorts yes
AllowTcpForwarding yes
ClientAliveInterval 60
ClientAliveCountMax 2
Last two parameters were added as used in the ssh tunnel demo at #GPN19 https://media.ccc.de/v/gpn19-76-einen-server-daheim-ohne-ffentliche-ipv4-adresse#t=911
You can add those at the end of the file, save and reboot.
On the RaspiBlitz you can then setup for example to forward the gRPC port 10009 (internal port) to the port 20009 on the public server (external port) with the user = test
and server address = raspiblitz.com
with the following command:
/home/admin/config.scripts/internet.sshtunnel.py on [email protected] "10009<20009"
You can even set multiple port forwardings like with:
/home/admin/config.scripts/internet.sshtunnel.py on [email protected] "10009<20009" "8080<9090"
Please beware that after you set such a port forwarding you need to set the domain of the public server as a DynamicDNS
name (leave update url empty) and then connect mobile wallets fresh or export again the macaroons/certs. When connecting the mobile wallets you may need to adjust ports manually after QR code scan. And if you SSH tunnel the LND node port 9735
you may also need to set the custom LND port script and maybe also a manual set of the domain in the LND service is needed. This all is very experimental at the moment ... better integration will come in the future.
To switch this SSH tunneling off again use:
/home/admin/config.scripts/internet.sshtunnel.py off
and also deactivate the DynamicDNS again.
To check if a tunnel is running on the tunneling server check: netstat -tulpn
Make sure the /etc/ssh/sshd_config
has the following lines at the end:
RSAAuthentication yes
PubkeyAuthentication yes
GatewayPorts yes
AllowTcpForwarding yes
AuthorizedKeysFile /etc/ssh/authorized_keys/%u
The last one stores all authorized_keys in one directory with a file per user. See https://serverfault.com/questions/313465/is-a-central-location-for-authorized-keys-a-good-idea#424659 To prepare this run:
mkdir /etc/ssh/authorized_keys
groupadd forwardings
To add a forwarding user run:
useradd -g forwardings -d /home [USERNAME]
echo 'command="date" [CONTENT-OF-RASPIBLITZ-ROOT-SSH-PUBKEY]' > /etc/ssh/authorized_keys/[USERNAME]
The [CONTENT-OF-RASPIBLITZ-ROOT-SSH-PUBKEY]
you get when running the internet.sshtunnel.py
script on the RaspiBlitz (see above). Now restart the RaspiBlitz. The server should not need restart after adding a additional forwarding user.
To check if a tunnel is running on on server check: netstat -tulpn
To check for any errors on RaspiBlitz after restart check logs: sudo journalctl -f -u autossh-tunnel.service
A UPS (Uninterruptible Power Supply) is used to protect the RaspiBlitz against power outages. Normally you put it just between your normal power outlet and your RaspiBlitz and you are good. But some UPS offer a way to communicate with devices. This can be very useful for example if on a longer power outage the battery of the UPS runs low the RaspiBlitz could detect this and power down in a clean way - instead of just the power goes out and risking data loss or corruption.
There is an experimental script to connect the RaspiBlitz to a UPS over USB cable build by APC - the Model tested with was APC Back-UPS BX - BX700U-GR but it should work with every APC model offering a USB port.
To turn it on run from terminal: /home/admin/config.scripts/blitz.ups.sh on apcusb
If you have other UPS models or ways to connect ... feel free to extend this script.
The file system BTRFS for your HDD/SSD provides two new features to make the datastorage more resilient:
BTRFS comes with build in RAID features - that means that data can be stored on two physical drives at the same time and if one is failing the other one can be used to heal the other one or its replacement.
For the Raspiblitz this means that you can connect an additional 32GB USB3 Thumb Drive (under 10 USD) and have it running in a RAID with your HDD/SSD - having your LND channel data and all other important data of your RaspiBlitz double safe.
BTRFS comes with a build in snapshot feature - that means that your RaspiBlitz can make every day a backup of the blockchain data and if a blockchain corruption occurs (exmaple thru a power outage) there is no need to sync the complete chain again. Just switch back to the last backup state and quickly sync up from there. On BTRFS such backups can be done as snapshots that dont need much more space on the drive and are quicly done - no need to buy a bigger SSD or wait for copying over 200GB.
Because the BTRFS is still experimental its a bit hidden to activate. There are two ways:
-
When you start a fresh setup just connect a 32GB Thumb Drive on the second USB3 port from the beginning and you should be asked during HDD setup if you want to try out BTRFS and gave the Thumb Drive as RAID1.
-
If you have a existing RaspiBlitz you want to switch to BTRFS then you need to export a Migration File (MAINMENU > REPAIR > MIGRATION) an then format your HDD/SSD clean. When you import a Migration File during a fresh Setup (see above) you will get the option to format the HDD/SSD with BTRFS.
Once the Blitz is running on BTRFS you can use the '/home/admin/config.scripts/blitz.datadrive.sh' script to add a RAID drive or make a snapshot.
This articles goes thru the usual options: https://ownyourbits.com/2019/03/03/how-to-recover-a-btrfs-partition/ https://seravo.fi/2015/using-raid-btrfs-recovering-broken-disks
When the LCD display is telling you to do config check:
- go to the RaspiBlitz terminal (X on main menu) and run './XXsyncScripts.sh'
- start reboot with command: './XXshutdown.sh reboot'
- go to the RaspiBlitz terminal run the command: 'check'
- now edit the RaspiBlitz config and get rid of the errors: 'nano /mnt/hdd/raspiblitz.conf'
- save config with: CTRL+o
- exit nano editor with: CTRL+x
- start reboot with command: './XXshutdown.sh reboot'
Some displays have a different orientation. To fix this activate/deactivate the LCD-ROTATION option in the MAINMENU > SERVICES and let it reboot. YOu might need to do this up to 3 times until your display got it right.
If you cannot login per SSH into your RaspiBlitz your SSH RaspiBlitz certs might be corrupted. To renew and reset those do the following (since version 1.5):
- shutdown the RaspiBlitz - if you dont have touchscreen activated, disconnect LAN cable, wait until HDD/SSD activity slows down (no constant blinking) and then cut the power
- take out the sd card and connect it to your laptop - it should appear as a
boot
drive - in the root directory of that
boot
drive create a file calledssh.reset
- that file can be empty or just copy another file on that drive and rename it ()
- eject the drive from your laptop safely
- put sd card back into the RaspiBlitz (also make sure LAN cable is connected again)
- power up - the RaspiBlitz should boot up & reboot again
- then try again to SSH login
If you see a "REMOTE HOST IDENTIFICATION HAS CHANGED!" warning on login thats what we wanted - the SSH cert of your RaspiBlitz changed - thats good. We just need to remove the old one from our laptop first - on OSX you can use rm ~/.ssh/known_hosts
(deletes all cached server certs) or remove the line with your RaspiBlitz IP manually from the ~/.ssh/known_hosts
file with a text editor.
The Let's Encrypt client software acme.sh is included (since v1.6) and can be used to create TLS certificates that are signed by the Certificate Authority (Root CA) Let's Encrypt and which are therefore trusted on all modern platforms.
In order to successfully get a signed certificate you need to verify ownership over a DNS domain or a full
qualified domain name (FQDN). Currently Let's Encrypt doesn't issue certificates for IP addresses. The two
most common standards for verification of control are HTTP-01
and DNS-01
.
The acme.sh client supports both modes and has a large number of DNS services (more than 50) it can interact with. More details can be found on the acme.sh wiki.
To use HTTP-01
your RaspiBlitz needs to be accessible directly from the Internet on a public IP address on port
80. If you don't have a public IPv4/IPv6 IP on either eth0
or wlan0
then it might be possible to use NAT port
forwarding or an autossh-tunnel to fulfill this requirement.
If everything (this includes creating a DNS A
or DNS CNAME
record that points to a static or dynamic IP address) is
set up so that the Let's Encrypt servers can reach your RaspiBlitz on port 80 then the following command will perform
the initial creation of a signed certificate and will also store the configuration data needed to regularly refresh it.
Just run this once and then lean back and forget about it. :-D
~/.acme.sh/acme.sh --keylength ec-256 --issue -d hostname.example.com -w /var/www/letsencrypt/
The DNS-01
standard proves ownership by creating DNS TXT
records on the domain or subdomain you want to use.
This requires interaction with and access to a dns server but comes with the benefit that wildcard certificates
can be issued.
It is beyond the scope of this FAQ entry to explain all details of this - please refer to the official documentation. Assuming you are using the DuckDNS dynamic DNS service then the following command will get a certificate (including a wildcard subject alternative name (SAN) listing). It will also take care of continuous renewals.
export DuckDNS_Token="abcdefgh-0123-56ij-78kl-abcd9012efgh"
~/.acme.sh/acme.sh --issue --keylength ec-256 --dns dns_duckdns -d hostname.duckdns.org -d *.hostname.duckdns.org
As mentioned more that 50 other services (including self-hosted options like e.g. nsupdate
or PowerDNS
) are supported.
The installation process of the acme.sh
client includes a prompt for an eMail address. The data entered there is
stored in the accounts.conf
file as ACCOUNT_EMAIL
. This address is used by Let's Encrypt to notify you about
the expiry of certificates (which is not really needed as renewals are automated) and also about changes to their
Terms of Service. For more details please check their privacy policy.
It is currently considered completely fine to leave this field empty and not provide an eMail address.
The acme.sh
script is installed in /home/admin/.acme.sh/
- the configuration and the certificates are stored on the
external hard disk in /mnt/hdd/app-data/letsencrypt
.
The RaspiBlitz is your computer to experiment with. Feel free to add your own scripts, edit the system or install further software from the command line. Just keep in mind that after an update/recovery the RaspiBlitz starts with a fresh and clean operating system again. So all your editings and installs might be gone. To prevent this you should do the following:
- place own scripts and data that should survive an update/recovery into the
/mnt/hdd/app-data
directory - put all install commands & modification of the system into the script
/mnt/hdd/app-data/custom-installs.sh
that will be started automatically on a recovery/update.