STATUS:
0.6.1 works (see changelog on bottom)
Hi there!
i read the topic about Raspberry Pi at https://109.201.133.195/index.php?topic=345619.7840 and i hear about the NXT network need many more Nodes and the cost effectiv way for all is to use a Raspberry Pi with minimal power consumption.
this is a short tutorial how to use your Raspi for NXT forging as a node (the client software starts automatic on boot and you will be able to administrate it with putty or from remote desktop from a windows pc)
Let me explain this with an example configuration for this tutorial: windows pc (192.168.1.20), raspberry (192.168.1.10), router (192.168.1.1)
1. Basic Raspbian install guide
1.1 download and install Raspbian
first download Raspbian image and diskimager for windows. install image on sdcard and boot from the sdcard with your raspberry. If you know the dhcp ip address of the raspberry (look into your router or do a ip scan) you can use the tool Putty to connect to your raspberry with a command line ssl connection. you can connect to your raspi at
your raspberry dhcp ip address on port
22 and log in as "
pi" with password "
raspberry". After log in, type
sudo raspi-config to configure the basic settings (expand filesystem and change your password, set language, keyboard layout, timezone and a hostname like "rpi"). If you dont know the dhcp ip address of your raspberry connect a monitor to the raspberry and the config menu appears too. Reboot. Now the system is running.
1.2 update the system
reconnect with putty and type the following commands (you can copy the commands from here and paste it into putty with a right click):
sudo apt-get update&&sudo apt-get dist-upgrade
1.3 edit IP configuration
standard IP comes with DHCP and check it with ifconfig command on bash. to configure a STATIC IP type the following commands:
sudo nano /etc/network/interfaces and press enter
Change the following entry from:
iface eth0 inet dhcp
Change it to:
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
network 192.168.1.0
broadcast 192.168.1.255
Press CTRL and O at the same time and than ENTER to save, Press CTRL and X together to exit.
2. router/firewall port forwarding
make sure you forward the port 7874 tcp on the router to the ip your raspberry has (192.168.1.10)
3. Install NXT Client (step by step installation from developer mirror and the client use build in raspbian java)
Alternatively to my step by step guide, you can use davethetrousers RaspNXT standalone bundle from his mirror with nxt nodes auto update script. Possibly you can enhance that with some steps from this guide
3.1 download, verify and unzip the client
download the NRS client (blockchain files
not included):
wget http://download.nxtcrypto.org/nxt-client-0.6.1.zip
you can verify the SHA-256 checksum to prevent a installation of malicious client software:
sha256sum nxt-client-0.6.1.zip
the checksum can found at http://www.nxtcrypto.org/nxt-coin/client-download. The version 0.6.1 should be the following:
6b5c8632c2d52a066d40017055a2e28f25d16fa30d3c0574bddb12f7d157e55c
if checksum is ok unzip the file:
unzip nxt-client-0.6.1.zip
now the NRS client is in your home folder (
/home/pi/nxt/)
3.2 add a autorun script for NRS-Client
make a new file in the
/home/pi/nxt/ folder and name it "
run_nxt.sh":
nano nxt/run_nxt.sh
insert the following (PORT/KEY values can be freely selected):
#!/bin/bash
cd /home/pi/nxt/
/usr/bin/java -Xms250m -Xmx350m -jar /home/pi/nxt/start.jar STOP.PORT=11111 STOP.KEY=123456 > nxtout.txt 2> nxterr.txt
Press CTRL and O at the same time and than ENTER to save, Press CTRL and X together to exit.
edit autostart:
crontab -e
insert the following at the end of the file:
@reboot sudo bash /home/pi/nxt/run_nxt.sh
Press CTRL and O at the same time and than ENTER to save, Press CTRL and X together to exit.
now the raspberry should be able to load the NRS software on boot
3.3 add a stop script for NRS-Client
make a new file in the
/home/pi/nxt/ folder and name it "
stop_nxt.sh":
nano nxt/stop_nxt.sh
insert the following (PORT/KEY must be the same as described in step 3.2):
/usr/bin/java -jar /home/pi/nxt/start.jar STOP.PORT=11111 STOP.KEY=123456 --stop
Press CTRL and O at the same time and than ENTER to save, Press CTRL and X together to exit.
now you will be able to stop the client on bash command line with the following command:
sudo bash nxt/stop_nxt.sh
before you reboot the raspberry you should use this script to prevent a blockchain error!
after stopping the client you will be able to reboot the system with this command:
sudo reboot
3.4 edit web.xml to connect with your browser from another pc instead of localhost
nano nxt/webapps/root/WEB-INF/web.xml
add after
<param-name>allowedUserHosts</param-name> in
<param-value>127.0.0.1; localhost; 192.168.1.20; 0:0:0:0:0:0:0:1;</param-value> your remote ip (192.168.1.20)
Press CTRL and O at the same time and than ENTER to save, Press CTRL and X together to exit.
3.5 edit jetty.xml to reduce maxThreads for less peak RAM usage (thanks to davethetrousers)
nano nxt/etc/jetty.xml
replace the dafault values of
minThreads,
maxThreads and
idleTimeout with the following:
<Get name="ThreadPool">
<Set name="minThreads" type="int"><Property name="threads.min" default="4"/></Set>
<Set name="maxThreads" type="int"><Property name="threads.max" default="12"/></Set>
<Set name="idleTimeout" type="int"><Property name="threads.timeout" default="20000"/></Set>
<Set name="detailedDump">false</Set>
</Get>
Press CTRL and O at the same time and than ENTER to save, Press CTRL and X together to exit.
3.6 finish your installation
After all steps reboot the raspberry. Now the raspberry should be able to load the NRS software automatically on boot. You can check this with a browser connect to
https://192.168.1.10:7875 after raspberry reboot (wait a few seconds).
4. manually start forging with NRS-Client (Important!)
to start forging you will need to be logged in with your web browser once. open https://192.168.1.10:7875, confirm the ssl notification, click on the padlock and unlock your account with your passphrase (unlocking an address takes a few seconds). If you dont have an blockchain.nxt and transaction.nxt file in the nxt folder (since version 0.4.8 ) the client automatically creates the files and sync with other nodes from nxt network. You can monitoring it by the Recent blocks field (the block counter should be incremented automatically). If the client is unlocked you can close the browser and the system will forging as long as the raspberry runs.
5. security issues
please pay attention to the genaeral safety note from Jean-Luc (lead Nxt developer) affecting the browser cache and posted on https://bitcointalk.org/index.php?topic=345619.msg4268774#msg4268774
There is one serious security issue which is not completely fixed in 0.4.9e. All requests URLs are being cached by the browser, and even though they don't appear in the browsing history (which is why we didn't discover the problem earlier), they are still in the browser cache. Check for yourself using about:cache on firefox.
This is bad, as it means your secret phrase is being written out to disk as plain text in the browser cache. And I am sure javascript exploits will appear which will try to extract it from there. To really fix that, all API requests from the browser that include the secret phrase have to be sent as POST, rather than GET requests. But this will require some significant changes to the javascript client, which will take some time. As we don't plan to maintain the current javascript client, I am not sure if such rewriting should even be undertaken now. In 0.4.9e I at least added the response headers which prevent caching to disk. Firefox honors those, but still caches the request URLs to memory. To be safe, I strongly suggest using a separate browser profile only for accessing your Nxt client, or private browsing mode. Everybody using 0.4.8 and earlier should immediately delete their browser cache.
I would add:
- dont open ports 7875 and 7876 on router
- use a
offline passwort generator
- chose a long passphrase (more than 30 cryptical tokens)
6. automatic update script for NRS Client
coming soon...
7. handling with NRS and Java errors
you can check the java logfiles (nxtout.txt and nxterr.txt) in the nxt folder for errors!
7.1 "java.lang.NullPointerException" when open the adress https://192.168.1.10:7875 in browser:
the blockchain files seems to be currupted, delete blockchain.nrs, blockchain.nrs.bak, blocks.nxt, transactions.nxt, transactions.nxt.bak (next reboot the files will be recreated automatically)
7.2 you connect with your remote browser and after insert your passphrase the account interface cannot be opened (after a while)
in nxt/nxterr.txt there is a error like "DOS ALERT: Request from 192.168.1.20". the NRS client is still running but your remote ip is blocked by DOS protection. open the account local from raspberry browser does work. to solve this error do the following:
nano nxt/webapps/root/WEB-INF/web.xml
add a new init-param
<init-param><param-name>ipWhitelist</param-name><param-value>192.168.1.20;</param-value></init-param> with your remote ip (in this case 192.168.1.20)
it should look like this example:
<filter>
<filter-name>DoSFilter</filter-name>
<filter-class>org.eclipse.jetty.servlets.DoSFilter</filter-class>
<init-param>
<param-name>maxRequestsPerSec</param-name>
<param-value>3000</param-value>
</init-param>
<init-param>
<param-name>delayMs</param-name>
<param-value>1000</param-value>
</init-param>
<init-param>
<param-name>ipWhitelist</param-name>
<param-value>192.168.1.20;</param-value>
</init-param>
<init-param>
<param-name>trackSessions</param-name>
<param-value>false</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
now you will be able to connect with your remote browser again.
7.3 WARNING: System properties and/or JVM args set. Consider using --dry-run or --e (listed in nxterr.txt)
remove transactions.nxt and blocks.nxt
7.4 java.lang.IllegalStateException: AsyncContext completed (fixed)
After a few hours you get many errors like this in nxt/nxtout.txt. The error appears several times per second and the client gets stuck. Answer from developer
Come-from-Beyond: "This may be due to memory leak that is fixed in 0.4.8 (not released yet). Let's wait when it releases and check again."
If you see any errors in the log at all, please report them in our bug database: https://bitbucket.org/JeanLucPicard/nxt-public/issues
additional useful commands and tools
mount your local windows hdd remote for raspberry data sharing
sudo mount -t cifs //192.168.1.20/c$ /mnt -o user=myusername(x = ip windows pc, myusername = your username on windows pc)
starts the menu for the initial raspbian settings again (language, keyboard, timezone, hostname etc.)
sudo raspi-config
check the build-in Java configuration
sudo update-alternatives --config java(standard the location is marked with a star and the path is like
/usr/lib/jvm/jdk-7-oracle-armhf/jre/bin/java and
priority is
317 and
auto-modus. If that is ok confirm with enter)
xrdp - if you wish to use a desktop to work remote on raspberry (e.g. to connect with microsoft remote desktop console)
type the following commands:
sudo apt-get install xrdp
sudo apt-get upgrade xrdp
now you can use microsoft remote desktop and work remote on the raspberry. in windows go to start -> open -> and type "
mstsc" (insert the raspberry ip 192.168.1.10, connect and sign on with your password)
feel free to post corrections and additional infos, i'll add it into my thread.
If the short tutorial helps someone, feel free to spend some NXT @ 7121642459245273749
Changelog:
2014-02-07: NRS version 0.7.0e - will be tested ...
2014-02-07: NRS version 0.6.1 - OK
2014-02-05: NRS version 0.6.0 - OK
2014-01-31: NRS version 0.5.11 - Broken
2014-01-24: NRS version 0.5.10 - Broken
2014-01-19: NRS version 0.5.9 (Resolved all remaining thread concurrency issues in the block and transaction handling. All reported null pointer exceptions, division by
zero, and related bugs should not happen anymore.)
2014-01-16: NRS version 0.5.8 (fix critical memory issue of 0.5.7)
2014-01-15: NRS version 0.5.7 (performance, memory, network optimizations / debug logfile enabled / See: bitcointalk.org)
2014-01-14: NRS version 0.5.5 (performance optimizations / API changes)
2014-01-08: NRS version 0.5.3 (Fixed blockchain rescanning / prevent OutOfMemory attacks)
2014-01-07: NRS version 0.5.1
2014-01-05: edit step 3.2 and 3.5 to reduce maxThreads for less peak RAM usage (advice from davethetrousers) and guide update to the NRS version 0.5.0
2014-01-03: restructured install instructions and NRS version 0.4.8
