Fulcrum

Fulcrum (opens in a new tab) is a fast & nimble SPV server for Bitcoin Cash, Bitcoin BTC, and Litecoin created by Calin Culianu. It can be used as an alternative to Electrs because of its performance, as we can see in Craig Raw's comparison (opens in a new tab) of servers.

Preparations

Install dependencies

These are make dependencies (safe to remove after installation, if you want)

$SU apk add autoconf clang git lz4-dev make pkgconf qt6-qtbase-dev rocksdb-dev zeromq-dev

These are runtime dependencies

$SU apk add libzmq qt6-qtbase rocksdb

Compile and install jemalloc from source

Alpine apk package doesn't have a patch necessary to work with musl lib C and LLVM toolchain, alpine merge request (opens in a new tab), upstream pull request (opens in a new tab)

cd /tmp
VERSION=5.3.0
wget https://github.com/jemalloc/jemalloc/releases/download/$VERSION/jemalloc-$VERSION.tar.bz2
tar xjf jemalloc-$VERSION.tar.bz2 && cd jemalloc-$VERSION
printf "$VERSION\n" > VERSION
 
sed 's/  \*-\*-linux\*)/  \*-\*-linux-musl\*)\
\tdnl syscall(2) and secure_getenv(3) are exposed by _GNU_SOURCE.\
\tJE_APPEND_VS(CPPFLAGS, -D_GNU_SOURCE)\
\tabi="elf"\
\tAC_DEFINE([JEMALLOC_PURGE_MADVISE_DONTNEED_ZEROS], [ ], [ ])\
\tAC_DEFINE([JEMALLOC_HAS_ALLOCA_H], [ ], [ ])\
\tAC_DEFINE([JEMALLOC_PROC_SYS_VM_OVERCOMMIT_MEMORY], [ ], [ ])\
\tAC_DEFINE([JEMALLOC_THREADED_INIT], [ ], [ ])\
\tif test "${LG_SIZEOF_PTR}" = "3"; then\
\t\tdefault_retain="1"\
\tfi\
\tzero_realloc_default_free="1"\
\t;;\
  \*-\*-linux\*)/' \
    configure.ac > _
mv -f _ configure.ac
 
sed 's/(__FreeBSD__))/(__FreeBSD__) || (defined(__linux__) \&\& !defined(__GLIBC__)))/' \
    include/jemalloc/jemalloc_macros.h.in > _
mv -f _ include/jemalloc/jemalloc_macros.h.in
 
./autogen.sh \
    --prefix=/usr \
    --enable-xmalloc \
    --enable-shared \
    --disable-static \
    --disable-doc \
    --with-lg-page=12 \
    --with-lg-hugepage=21
make
$SU make install_lib install_include

Create the `fulcrum` user/group

$SU addgroup -S fulcrum

$SU adduser \
    -S \
    -D \
    -H \
    -h /dev/null \
    -s /sbin/nologin \
    -G fulcrum \
    -g fulcrum \
    fulcrum

Add `fulcrum` user to the `bitcoin` group

$SU adduser fulcrum bitcoin

Add the user `satoshi` to the group `fulcrum` as well

$SU adduser satoshi fulcrum

Firewall & reverse proxy

In the Security section, we already set up NGINX as a reverse proxy. Now we can add the Electrum server configuration.

Enable NGINX reverse proxy to add SSL/TLS encryption to the Electrum server communication. Create the configuration file and paste the following content

$SU $EDITOR /etc/nginx/streams-available/electrum-reverse-proxy.conf

/etc/nginx/streams-available/electrum-reverse-proxy.conf

upstream electrum {
  server 127.0.0.1:50001;
}
 
server {
  listen 50002 ssl;
  proxy_pass electrum;
}

$SU ln \
    -s \
    ../streams-available/electrum-reverse-proxy.conf \
    /etc/nginx/streams-enabled/electrum-reverse-proxy.conf

Test and reload NGINX configuration

$SU nginx -t
$SU rc-service nginx restart

Configure the firewall to allow incoming requests

$SU ufw allow 50002/tcp comment 'allow Electrum SSL from anywhere'

Installation

An easy and performant way to run an Electrum server is to use Fulcrum (opens in a new tab), the fast & nimble Electrum Server. There are no compatible binaries available, so we will compile the application ourselves.

Download source code

We get the latest release of the Fulcrum source code, verify it, compile it to an executable binary and install it.

Download the source code for the latest Fulcrum release. You can check the release page (opens in a new tab) to see if a newer release is available. Other releases might not have been properly tested with the rest of the MicroBolt configuration, though.

cd /tmp

VERSION=1.10.0

git clone --branch v$VERSION https://github.com/cculianu/Fulcrum.git && cd Fulcrum

Signature check

To avoid using bad source code, verify that the release has been properly signed by the main developer Calin Culianu (opens in a new tab).

url="https://raw.githubusercontent.com/Electron-Cash/keys-n-hashes/master/pubkeys/calinkey.txt"
wget -qO- "$url" | gpg --import

git verify-commit v$VERSION

Configure, compile and install

Now compile the source code into an executable binary and install it.

qmake6 \
    Fulcrum.pro \
    -spec "linux-$CC" \
    -o build/

make -C build

$SU install -m 0755 -o root -g root -t /usr/bin ./build/Fulcrum

$SU install -m 0755 -o root -g root -t /usr/bin ./FulcrumAdmin

$SU install -D -m 0660 -o fulcrum -g fulcrum ./doc/fulcrum-example-config.conf /etc/fulcrum/fulcrum.conf

Download the custom Fulcrum banner based on MicroBolt. Create your own if you want here (opens in a new tab)

$SU wget \
    https://gist.githubusercontent.com/doitwithnotepad/\
4472a92414223672d9ab4c3b55d0cd23/raw/5241bfb860e709d4f6cf8eb436c264f9cc264d79/\
banner.txt \
    -O /etc/fulcrum/banner.txt

Strip installed binaries

$SU strip -v /usr/bin/Fulcrum

Configuration

Modify the config file with the following content

Remember to accommodate the fast-sync parameter depending on your hardware

$SU $EDITOR /etc/fulcrum/fulcrum.conf

/etc/fulcrum/fulcrum.conf

[...]
#datadir = /path/to/a/dir
[...]
#rpcuser = Bob_The_Banker
[...]
#rpcpassword = hunter1
[...]
rpccookie = /var/lib/bitcoind/.cookie
[...]
tcp = 0.0.0.0:50001
[...]
banner = /etc/fulcrum/banner.txt
[...]
peering = false
[...]
fast-sync = 24576
[...]

Slow-performance devices

/etc/fulcrum/fulcrum.conf

[...]
bitcoind_clients = 1
[...]
bitcoind_timeout = 600
[...]
db_max_open_files = # RAM: 4GB -> 200 | 8GB -> 400
[...]
db_mem = 1024.0
[...]
worker_threads = 1
[...]

Remote access over Tor

To use your Electrum server when you're on the go, you can easily create a Tor hidden service. This way, you can connect the BitBoxApp or Electrum wallet also remotely, or even share the connection details with friends and family. Note that the remote device needs to have Tor installed as well.

Add the following lines in the section for "location-hidden services" in the torrc file.

$SU $EDITOR /etc/tor/torrc

/etc/tor/torrc

# Hidden Service Electrum
HiddenServiceDir /var/lib/tor/electrum/
HiddenServiceVersion 3
HiddenServicePoWDefensesEnabled 1
HiddenServicePort 50002 127.0.0.1:50002

Reload Tor configuration and get your connection address.

$SU rc-service tor reload
$SU cat /var/lib/tor/electrum/hostname

output

abcdefg..............xyz.onion

You should now be able to connect to your Electrum server remotely via Tor using your hostname and port 50002

Autostart on boot

Fulcrum needs to start automatically on system boot.

Create the Fulcrum init.d unit and copy/paste the following configuration

$SU $EDITOR /etc/init.d/fulcrum

/etc/init.d/fulcrum

#!/sbin/openrc-run
 
: ${FULCRUM_CONFIGFILE:=/etc/fulcrum/fulcrum.conf}
: ${FULCRUM_DATADIR:=/var/lib/fulcrum}
: ${FULCRUM_LOGDIR:=/var/log/fulcrum}
: ${FULCRUM_USER:=fulcrum}
: ${FULCRUM_GROUP:=fulcrum}
: ${FULCRUM_BIN:=/usr/bin/Fulcrum}
: ${FULCRUM_ADMINPORT:=8000}
: ${FULCRUM_OPTS=${FULCRUM_OPTS}}
: ${FULCRUM_SIGTERM_TIMEOUT:=600}
 
FULCRUM_PIDDIR="/run/fulcrum"
 
required_files="${FULCRUM_CONFIGFILE}"
pidfile="${FULCRUM_PIDDIR}/${SVCNAME}.pid"
retry="${FULCRUM_SIGTERM_TIMEOUT}"
 
name="Fulcrum"
description="A fast & nimble SPV Server for BCH, BTC, and LTC"
 
command="${FULCRUM_BIN}"
command_args="${FULCRUM_CONFIGFILE}
              --datadir ${FULCRUM_DATADIR}
              --admin ${FULCRUM_ADMINPORT}
              --pidfile ${pidfile}
              ${FULCRUM_OPTS}"
command_user="${FULCRUM_USER}:${FULCRUM_GROUP}"
command_background="true"
 
start_stop_daemon_args="--stdout ${FULCRUM_LOGDIR}/debug.log
                        --stderr ${FULCRUM_LOGDIR}/debug.log"
 
depend() {
    use bitcoind
    after bitcoind
}
 
start_pre() {
    checkpath --file      --mode 0660 --owner "${command_user}" "${FULCRUM_CONFIGFILE}"
    checkpath --directory --mode 0750 --owner "${command_user}" "${FULCRUM_DATADIR}"
    checkpath --directory --mode 0755 --owner "${command_user}" "${FULCRUM_LOGDIR}"
    checkpath --directory --mode 0755 --owner "${command_user}" "${FULCRUM_PIDDIR}"
    checkconfig
}
 
start_post() {
    checkpath --file --owner "${command_user}" "${pidfile}"
}
 
checkconfig() {
    if ! grep -qs '^rpccookie = ' "${FULCRUM_CONFIGFILE}"
    then
        eerror ""
        eerror "ERROR: You must set a rpccookie path to run Fulcrum."
        eerror "The setting must appear in ${FULCRUM_CONFIGFILE}"
        eerror ""
        return 1
    fi
}

Enable execution permission

$SU chmod +x /etc/init.d/fulcrum

Enable logrotate

Enter the complete next configuration. Save and exit

$SU $EDITOR /etc/logrotate.d/fulcrum

/etc/logrotate.d/fulcrum

/var/log/fulcrum/*.log {
    weekly
    missingok
    rotate 104
    compress
    delaycompress
    notifempty
    create 0640 fulcrum fulcrum
    sharedscripts
    postrotate
        killall -HUP `cat /run/fulcrum/fulcrum.pid`
    endscript
}

Test

$SU logrotate /etc/logrotate.d/fulcrum --debug

Enable and start Fulcrum

$SU rc-update add fulcrum
$SU rc-service fulcrum start

Check the log to see Fulcrum output. Exit with Ctrl-C

tail -f /var/log/fulcrum/debug.log

Fulcrum will now index the whole Bitcoin blockchain so that it can provide all necessary information to signing devices. With this, the signing devices you use no longer need to connect to any third-party server to communicate with the Bitcoin peer-to-peer network.

For the future: Fulcrum upgrade

Follow again Fulcrum page replacing the environment variable VERSION=x.xx value for the latest if it has not been already changed in this guide.

Update the Fulcrum configuration if necessary (see release notes)

$SU $EDITOR /etc/fulcrum/fulcrum.conf

Restart the service to apply the changes

$SU rc-service fulcrum restart

Electrs Desktop signing app