部署 Monero P2Pool(TLS)
1. Monero 全节点部署
1.1 节点安装与配置
# 创建专用目录
mkdir -p /etc/monero-p2pool/monero
# 根据架构选择下载命令
# x86_64 架构
wget -O monero.tar.bz2 https://downloads.getmonero.org/cli/linux64
# ARM64 架构
wget -O monero.tar.bz2 https://downloads.getmonero.org/cli/linuxarm8
# 解压文件
apt install -y bzip2
tar -xvf monero.tar.bz2
mv monero-*/* /etc/monero-p2pool/monero
# 设置可执行权限
chmod +x /etc/monero-p2pool/monero/monerod1.2 节点服务配置
# 创建 systemd 服务文件
cat <<EOF > /etc/systemd/system/monerod.service
[Unit]
Description=Monero Daemon (monerod)
After=network.target
[Service]
User=root
Type=simple
ExecStart=/etc/monero-p2pool/monero/monerod \\
--data-dir /etc/monero-p2pool/monero-blockchain \\
--prune-blockchain \\
--zmq-pub tcp://127.0.0.1:18083 \\
--out-peers 32 \\
--in-peers 64 \\
--add-priority-node=p2pmd.xmrvsbeast.com:18080 \\
--add-priority-node=nodes.hashvault.pro:18080 \\
--disable-dns-checkpoints \\
--enable-dns-blocklist \\
--log-level 1 \\
--log-file /var/log/monerod.log \\
--non-interactive
Restart=on-failure
RestartSec=30
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=monerod
[Install]
WantedBy=multi-user.target
EOF关键参数说明:
--data-dir: 区块链存储路径(需提前创建mkdir -p /etc/monero-p2pool/monero-blockchain)--prune-blockchain: 启用区块链裁剪(可节省约 75% 存储空间)--zmq-pub: 必须与 P2Pool 的--zmq-port配置保持一致
1.3 服务管理
# 初始化操作
systemctl daemon-reload
systemctl start monerod
systemctl enable monerod
# 查看同步进度
tail -f /var/log/monerod.log | grep "Synced"提示:首次同步区块链可能需要 6-48 小时,取决于您的网络和硬件性能
2. TLS 证书申请
2.1 前置准备
# 安装依赖组件
apt update && apt install -y certbot nginx
# 开放必要的防火墙端口
ufw allow 80/tcp # Certbot 验证需要
ufw allow 443/tcp # HTTPS 访问
ufw allow 37889/tcp # P2Pool 节点通信2.2 证书申请流程
# 申请证书(需提前将域名解析到服务器IP)
certbot certonly --standalone -d your-domain.com
# 验证证书是否成功生成
ls /etc/letsencrypt/live/your-domain.com/ | grep fullchain.pem2.3 自动续期配置
# 测试续期流程
certbot renew --dry-run
# 添加自动续期定时任务
(crontab -l ; echo "0 3 * * * certbot renew --quiet --post-hook 'systemctl reload nginx'") | crontab -3. P2Pool 节点部署
3.1 软件安装
# 根据架构选择下载
# x86_64 架构
wget -O p2pool.tar.gz https://github.com/SChernykh/p2pool/releases/download/v4.3/p2pool-v4.3-linux-x64.tar.gz
# ARM64 架构
wget -O p2pool.tar.gz https://github.com/SChernykh/p2pool/releases/download/v4.3/p2pool-v4.3-linux-aarch64.tar.gz
# 解压并配置
tar -zxvf p2pool.tar.gz -C /etc/monero-p2pool/
mv /etc/monero-p2pool/p2pool-* /etc/monero-p2pool/p2pool
chmod +x /etc/monero-p2pool/p2pool/p2pool3.2 服务配置
# 创建 systemd 服务文件
cat <<EOF > /etc/systemd/system/p2pool.service
[Unit]
Description=Monero P2Pool Node
After=monerod.service
Requires=monerod.service
[Service]
User=root
Type=simple
WorkingDirectory=/etc/monero-p2pool/p2pool
ExecStart=/etc/monero-p2pool/p2pool/p2pool \\
--host 127.0.0.1 \\
--rpc-port 18081 \\
--zmq-port 18083 \\
--wallet YOUR_XMR_WALLET_ADDRESS \\
--stratum 0.0.0.0:8443 \\
--tls-cert /etc/letsencrypt/live/your-domain.com/fullchain.pem \\
--tls-cert-key /etc/letsencrypt/live/your-domain.com/privkey.pem \\
--p2p 0.0.0.0:37889 \\
--data-api /etc/monero-p2pool/p2pool/data-api \\
--local-api \\
--loglevel 3
Restart=on-failure
RestartSec=30
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=p2pool
[Install]
WantedBy=multi-user.target
EOF参数说明:
--stratum: 矿工加密连接端口(客户端需使用stratum+tls://前缀)--p2p: P2Pool 网络通信端口--wallet: 请替换为您的 XMR 钱包地址
3.3 服务启动
# 创建数据目录并启动服务
mkdir -p /etc/monero-p2pool/p2pool/data-api
systemctl daemon-reload
systemctl start p2pool
systemctl enable p2pool
# 查看运行状态
journalctl -u p2pool -f4. HTTPS P2Pool API 配置
4.1 Nginx 反向代理
# 创建配置文件
cat <<EOF > /etc/nginx/sites-available/p2pool
server {
listen 80;
server_name your-domain.com;
return 301 https://$host$request_uri; # 301 永久重定向
}
server {
listen 443 ssl;
server_name your-domain.com;
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
# SSL 安全配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
# 目录列表配置
autoindex on; # 启用目录浏览
autoindex_exact_size off; # 显示人类可读的文件大小
autoindex_localtime on; # 显示本地时间
location / {
alias /etc/monero-p2pool/p2pool/data-api/;
autoindex on;
default_type application/json;
charset utf-8;
}
}
EOF
# 启用站点配置
ln -s /etc/nginx/sites-available/p2pool /etc/nginx/sites-enabled/
nginx -t && systemctl restart nginx4.2 添加 HTTP 基础认证(可选)
4.2.1 安装 htpasswd 工具
apt update
apt install apache2-utils -y4.2.2 创建认证密码文件
# 创建第一个用户(使用 -c 参数创建新文件)
htpasswd -c /etc/nginx/.htpasswd your_username
# 添加更多用户(去掉 -c 参数)
# htpasswd /etc/nginx/.htpasswd another_username4.2.3 配置 Nginx 认证
修改已有的 Nginx 配置,在 location 块中添加认证:
cat <<EOF > /etc/nginx/sites-available/p2pool
server {
listen 80;
server_name your-domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name your-domain.com;
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
# SSL 配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
alias /etc/monero-p2pool/p2pool/data-api/;
autoindex on;
default_type application/json;
charset utf-8;
# 添加认证
auth_basic "P2Pool Dashboard";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
EOF
# 检查并重载配置
nginx -t && systemctl reload nginx4.3 访问验证
通过浏览器访问 https://your-domain.com 查看 P2Pool 仪表盘
提示:矿工应使用
stratum+tls://your-domain.com:8443连接进行加密挖矿
5. 操作注意事项
- 所有配置中的
your-domain.com需替换为您的实际域名 - 定期检查系统日志以确保服务正常运行:
journalctl -u monerod -f- 查看 Monero 节点日志journalctl -u p2pool -f- 查看 P2Pool 服务日志
- 建议启用防火墙,仅开放必要端口:80/443(网页)、8443(矿工连接)、37889(P2Pool网络)
- 定期更新软件以获取安全补丁和性能改进
若节点正常运行,您可以通过 https://your-domain.com/stats 查看挖矿统计信息,通过 https://your-domain.com/block_stats 查看区块状态。