08 Sep 2021

Samourai Dojo

Run Dojo with an external node

There is no greater solitude than that of a samoura├», unless it is that of the tiger in the jungle…perhaps…

A manual for running Samourai Dojo with an external full node.

Why an external full node?

I am running a full node on my bare metal box. I understand it and am not quite ready to migrate it to Dojo’s docker-compose managed image. I like the idea of modularity and I have other services which depend on the full node. Dojo can expose it’s managed full node, but that is a project for another day.

Configurations

Dojo has some advanced docs on running an external full node, but there are a few missing tips which tripped me up.

The complexities boil down to full node configurations (e.g. /etc/bitcoin/bitcoin.conf) to make sure the Dojo docker images can talk to the node. The Dojo docker images are on their own “bridged” docker network, so its not as simple as always putting 127.0.0.1.

Here is my real life working configuration with the password changed:

rpcport=8332
rpcuser=bitcoin
rpcpassword=topsecretpassword
rpcallowip=192.168.1.0/24
rpcallowip=172.28.1.2/16
rpcallowip=172.28.1.7/16
rpcbind=0.0.0.0
rpcthreads=4
rpctimeout=300
txindex=1
server=1
dbcache=300
zmqpubhashblock=tcp://0.0.0.0:9502
zmqpubrawtx=tcp://0.0.0.0:9501
  1. rpcallowip
  1. rpcbind
  1. zmqpubhashblock and zmqpubrawtx

These network settings are more open than the standard 127.0.0.1 and extra precautions should be taken in your router and firewall settings to make sure access is not granted to things which shouldn’t have it (like the internet).

System manager

While not a great fit with docker-compose, I am using Systemd to control starting and stopping Dojo.

[Unit]
Description=Samourai Dojo
Requires=docker.service
# Using external full node
After=bitcoind.service docker.service

[Service]
# the dojo script used the -d parameter in docker-compose
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/lib/dojo/docker/my-dojo/dojo.sh start
ExecStop=/usr/lib/dojo/docker/my-dojo/dojo.sh stop
User=dojo
Group=dojo

[Install]
WantedBy=multi-user.target

The dojo docker-compose processes appear as whatever user has UUID 1001 on the host system when viewing from the host (e.g. running ps aux). This is a docker quirk and I am not sure the best pattern to deal with it other than creating a matching user on the host system.

Upgrades

Make sure to perform upgrades with start/stop through the script dojo.sh, not docker-compose directly. The script handles a few complexities.

Whirlpool

The Samourai coinjoin implementation can be run directly from the mobile app, but to get full benefits of it running 24/7 it has to be on an always connect server. Dojo supports an “Remote CLI backed GUI” option that allows clients to connect to its whirlpool instance. Still need the Samourai wallet android app that whirlpool CLI links to and manages (must be some private key passing going on).

Versions

The most up-to-date version of whirlpool GUI might not necessarily work with the whirlpool CLI being run by Dojo. For instance, Dojo 1.9 does not work with GUI 0.10.3.

So while there are some GUI packages in the AUR, might be easier to grab a specific version based on the Dojo version running. They publish AppImage artifacts that can easily be dropped in ~/.local/bin.

Initialize

Whirlpool first needs to be enabled on Dojo. Edit conf/docker-whirlpool.conf and set WHIRLPOOL_INSTALL to on. This requires a dojo.sh upgrade to enable some downstream settings like nginx configurations.

Running

Connect to the running CLI with the GUI. The input is pretty particular and isn’t able to tell you what you got wrong if you type something in wrong. For the tor proxy, be sure to use the right port (9150 if hopping on the browser’s tunnel).

For the URL use the form: http://<ONION_ADDRESS>. Notice the http not https.

If still unable to connect, bounce the Dojo instance with dojo.sh restart. Hopefully that does the trick cause my experience ends here.

yonson