This thread is basically replacing the old messy one over at https://this forum.org/index.php?topic=5496494
TL;DR => jump to whatever fits your situation
- just wanna run a node, maybe a wallet too
- looking to spin up a lightning node on testnet4
- wanna run a solo mining pool on testnet4
- wanna cpu mine on testnet4 (yeah i know, not the greatest idea, but here you go)
So i got into testnet4 a while back and honestly it was a pain for most people to even get a node running, let alone deal with lightning or mining on it. That's why i put together a few containers built on ubuntu 24.04.
The issue though... the official ubuntu 24.04 image already ships with a bunch of vulnerabilities out of the box, and on top of that you had to run the container in privileged mode which is far from ideal. Another headache was that i crammed multiple services into single containers: "node + lightning", "node + cpuminer", "node + ckpool", the whole "node + lightning + cpuminer + ckpool" combo. Maintaining that mess was a nightmare.
So instead of keep going down that road i went back to the drawing board and rebuilt everything from scratch. Now i'm using the minimal Base Container Images from SuSe (way safer) and where possible splitting the services into separate containers so they're actually manageable. The approach is: compile everything using the BCI-base image, then just copy the binaries and libraries over into BCI-minimal. This basically kills almost the entire attack surface. Dockerhub's free scan tool comes back clean on the new images with zero vulnerabilities found, though obviously nothing is 100% bulletproof and there could still be undisclosed ones lurking somewhere.
Container image #1: only bitcoin core with sqlite3 wallet enabled
branch home + extra info: https://github.com/mocacinno/btc_testnet4/tree/bci_node
This image contains bitcoin core, with the pull request for testnet4 applied. The useage is pretty simple... You'll need:
a linux host, running dockera path to store the persistent data (blocks, wallets,...)
Once you have these, just copy this docker-compose.yml file on your local system:
https://raw.githubusercontent.com/mocacinno/btc_testnet4/bci_node/docker-compose.yml
modify the docker-compose.yml (for example, change the user, password, port and LOCAL paths). Then run
If you want to check if your wallet is running, you can use the most common linux tools like "top" or "ps", or you can look at your local mountpoint (see prereqs), it should now contain a folder "testnet4" which contains your "debug.log"...
Making a wallet, receiving tBTC,...
If you don't trust me (and eventough i personally think i'm trustworthy, i have never given you any reason to actually trust me), you can build the image all by yourself aswell... Just use my dockerfile:
https://raw.githubusercontent.com/mocacinno/btc_testnet4/bci_node/Dockerfile
Open it, read what i did, and once you verified that i did a good thing, execute
then use the docker-compose.yml i provided and change the image name, user, pass,... and run
Container image #2: bitcoin core with sqlite3 wallet enabled + lightning core 24.02.2
branch home + extra info: https://github.com/mocacinno/btc_testnet4/tree/bci_lightning
This image contains bitcoin core, with the pull request for testnet4 applied and lightning core 24.02.2.
This one is a little bit "odd". I decided to split services into seperate containers as much as possible, but lightning core is so intertwained with bitcoin core, it was to hard to seperate them into different containers... So bitcoin core and lightning core are bundled...
This being said, it's still pretty easy to run. The prereqs are
a linux host, running dockera path to store the persistent bitcoin core data (blocks, wallets,...)a path to store the persistent lightning core data
Once you have these, just copy this docker-compose.yml file on your local system:
https://raw.githubusercontent.com/mocacinno/btc_testnet4/bci_lightning/docker-compose.yml
modify the docker-compose.yml (for example, change the user, password, port and LOCAL paths). Then run
Now, i did notice that lightningd does not always start properly... It might be necessary to enter the container and actually start lightningd yourself
once your lightning daemon is running, the fun can start
If you don't trust me (and eventough i personally think i'm trustworthy, i have never given you any reason to actually trust me), you can build the image all by yourself aswell... Just use my dockerfile:
https://raw.githubusercontent.com/mocacinno/btc_testnet4/bci_lightning/Dockerfile
Open it, read what i did, and once you verified that i did a good thing, execute
then use the docker-compose.yml i provided and change the image name, user, pass,... and run
Container image #3: ckpool
branch home + extra info: https://github.com/mocacinno/btc_testnet4/tree/bci_ckpool
This image contains only ckpool + basic config for ckpool. The docker-compose.yml provided combines the bitcoin core container with the ckpool container. The "node" container will run the node, the ckpool container will run the actual mining pool.
The basic container image contains a ckpool.conf file with a 0% donation to my address... If you want something else, you'll have to edit the docker-compose.yml to mount your own local ckpool.conf file over /ckpool.conf inside the container.
The prereqs are:
a linux host, running dockera path to store the persistent data (blocks, wallets,...)
Once you have these, just copy this docker-compose.yml file on your local system:
https://raw.githubusercontent.com/mocacinno/btc_testnet4/bci_ckpool/docker-compose.yml
modify the docker-compose.yml (for example, change the user, password, port and LOCAL paths). Then run
If you don't trust me (and eventough i personally think i'm trustworthy, i have never given you any reason to actually trust me), you can build the image all by yourself aswell... Just use my dockerfile:
https://raw.githubusercontent.com/mocacinno/btc_testnet4/bci_ckpool/Dockerfile
Open it, read what i did, and once you verified that i did a good thing, execute
then use the docker-compose.yml i provided and change the image name, user, pass,... and run
Container image #4: cpuminer
branch home + extra info: https://github.com/mocacinno/btc_testnet4/tree/bci_cpuminer
This image contains only contains a compiled version of JaDDee's cpuminer. The provided docker-compose.yml starts a bitcoin core node image AND a second cpuminer container. The node will run the node (duh), and the cpuminer container runs a cpuminer process. Pay special attention to the docker-compose.yml, if you don't replace my tBTC4 addy by yours, you'll be mining for me instead of yourself
note on cpu mining: the diff on testnet4 is already pretty high. Without an ASIC, you won't mine much... However, from time to time, no block is found for >20 minutes, and at that time the diff drops to 1 and you have a (very small) chance of solving a block (you are still competing against ASIC's tough, so your odds are not that good).
The prereqs are:
a linux host, running dockera path to store the persistent data (blocks, wallets,...)
Once you have these, just copy this docker-compose.yml file on your local system:
https://raw.githubusercontent.com/mocacinno/btc_testnet4/bci_cpuminer/docker-compose.yml
modify the docker-compose.yml (for example, change the user, password, port and LOCAL paths). Then run
If you don't trust me (and eventough i personally think i'm trustworthy, i have never given you any reason to actually trust me), you can build the image all by yourself aswell... Just use my dockerfile:
https://raw.githubusercontent.com/mocacinno/btc_testnet4/bci_cpuminer/Dockerfile
Open it, read what i did, and once you verified that i did a good thing, execute
then use the docker-compose.yml i provided and change the image name, user, pass,... and run
Erm, is there something I'm missing here? What is this vulnerability that is (according to you) omnipresent in all containers? And webservers?
The only critical flaw I've heard of recently is SnailLoad, but that only breaks VPNs and privacy, and it doesn't have anything to do with containers.
Can you link to me a CVE or something like that?
In the latest scan of a container based on ubuntu:24:04, i get the following critical vulnerability's:
- CVE-2024-36016
- CVE-2024-26923
- CVE-2023-52433
- CVE-2023-4921
- CVE-2023-42756
- CVE-2023-35001
- CVE-2023-3390
there's also a list of 43 medium severity vulnerability's and 41 low severity... But i'm not going to list those..
But all in all 7 high + 46 medium + 41 low = 94 vulnerability's...
In a BCI minimal base image, there are exactly 0 vulnerability's that have been detected... doesn't mean there are none, but i'm pretty sure the BCI_minimal base image is safer than the ubuntu:24.04... And i'm not just saying this as a lifelong fan (and professional user) of Sles... The scan was done by docker scout, which should be agnostic when it comes to the choice of base image to base ones container on.
By the way, i'm not claiming those vulnerability's are exploitable per se... That's why i posted a notice for people not to panic... I just want to build a container image that's as safe as possible, so it makes sense to chose a base image that's as minimal and as safe as possible.
I just set a ckpool image, you can mine using (0.0% fee)
fvm.mywire.org:3334
wallet_addr_testnet4:x
This node is reachable using I2P:
And Yggdrasil-network, an ipv6 overlay network (that also works over IPv4). If anyone is interested connecting using this network, you need to install and configure it on your machine using latest release from their github repository, it takes no more than 10min, my address inside this network: