Make Knots reachable over Tor on Windows, Mac, and Linux

paul · June 2, 2025, 11:23pm

Below are instructions (for various popular operating systems) for installing Tor and configuring Bitcoin Knots to be a “reachable” node. Confirm by looking up your node’s new .onion address from BitNodes.io). Click “Details” to expand the relevant section.

Windows (11)

#1. Launch PowerShell as Admininstrator, and enable scripts:

Set-ExecutionPolicy Bypass -Scope Process -Force

#2. Install Choco:

iwr https://community.chocolatey.org/install.ps1 -UseBasicParsing | iex

(shut down PowerShell, and re-launch again as Administrator)

#3. Install Tor Expert Bundle:

choco install tor -y

#4. Create the Tor service:

$torExe  = 'C:\ProgramData\chocolatey\lib\tor\tools\tor\tor.exe'
$torBase = 'C:\ProgramData\tor'
$torrc   = "$torBase\torrc"
New-Item -Force -ItemType Directory "$torBase\data" | Out-Null
Set-Content -Encoding ASCII $torrc @"
DataDirectory $torBase\data
ControlPort   9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
"@
icacls $torBase /grant "NT AUTHORITY\LOCAL SERVICE:(OI)(CI)F" /T
& $torExe --service install --options -f $torrc
sc.exe config tor start= auto
sleep 20
$cookie = 'C:\ProgramData\tor\data\control_auth_cookie'
icacls $cookie /grant "$($env:USERNAME):(R)"

#5. Enable RPC Server:
From Bitcoin Knots, open Settings > Options
Check “Enable RPC server”, and click OK

#6. Configure Bitcoin Knots:
From Bitcoin Knots, open Settings > Options > Open Configuration File > Continue
Paste in:

torcontrol=127.0.0.1:9051
proxy=127.0.0.1:9050
listen=1
listenonion=1

(save)

#7. Shut down Knots and re-start it. Then grab your node’s new .onion address:
From Bitcoin Knots, open Window > Console and enter:

getnetworkinfo

And look under “localaddresses” for the .onion address

MacOS (Sequoia)

#1. Install Tor via Homebrew

brew install tor
brew services start tor

#2. Permit control-port access

sudo tee -a "$(brew --prefix)/etc/tor/torrc" >/dev/null <<'EOF'
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
EOF
brew services restart tor

#3. Enable RPC Server:
From Bitcoin Knots, open Settings > Options
Check “Enable RPC server”, and click OK

#4. Configure Bitcoin Konts
From Bitcoin Knots, open Settings > Options > Open Configuration File > Continue
Paste in:

proxy=127.0.0.1:9050
listen=1
listenonion=1

(save)

#5. Shut down Knots and re-start it. Then grab your node’s new .onion address:
From Bitcoin Knots, open Window > Console and enter:

getnetworkinfo

And look under “localaddresses” for the .onion address

Linux (Debian / Ubuntu / Linux Mint / Pop!_OS / RaspOS)

#1. Install & start Tor:

sudo apt update && sudo apt install tor -y
sudo systemctl enable --now tor

#2. Expose Tor’s control port (and make the cookie readable):

sudo tee -a /etc/tor/torrc >/dev/null <<'EOF'
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
EOF
sudo systemctl restart tor

#3. Give your login user access to the cookie, then log out/in once

sudo usermod -aG debian-tor $USER

(log out and back in to apply the change)

#4. Enable RPC Server:
From Bitcoin Knots, open Settings > Options
Check “Enable RPC server”, and click OK

#5. Tell Bitcoin Knots to use Tor:
From Bitcoin Knots, open Settings > Options > Open Configuration File > Continue
Paste in:

proxy=127.0.0.1:9050
listen=1
listenonion=1

(save)

#6. Shut down Knots and re-start it. Then grab your node’s new .onion address:

bitcoin-cli getnetworkinfo | grep ".onion"

Linux (Arch / Manjaro / EndeavourOS / Garuda)

#1. Install & start Tor:

sudo pacman -Syu tor
sudo systemctl enable --now tor.service

#2. Expose Tor’s control port (and make the cookie readable):

sudo tee -a /etc/tor/torrc >/dev/null <<'EOF'
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
EOF
sudo systemctl restart tor.service

#3. Give your login user access to the cookie, then log out/in once

sudo usermod -aG tor $USER

(log out and back in to apply the change)

#4. Enable RPC Server:
From Bitcoin Knots, open Settings > Options
Check “Enable RPC server”, and click OK

#5. Tell Bitcoin Knots to use Tor:
From Bitcoin Knots, open Settings > Options > Open Configuration File > Continue
Paste in:

proxy=127.0.0.1:9050
listen=1
listenonion=1

(save)

#6. Shut down Knots and re-start it. Then grab your node’s new .onion address:

bitcoin-cli getnetworkinfo | grep ".onion"

Linux (RHEL / CentOS / Rocky / Alma)

#1. Install & start Tor:

# Enable EPEL (RHEL/CentOS/Rocky/Alma)
sudo dnf install -y epel-release

# Add Tor Project’s repo
sudo tee /etc/yum.repos.d/tor.repo >/dev/null <<'EOF'
[tor]
name=Tor for Enterprise Linux $releasever - $basearch
baseurl=https://rpm.torproject.org/centos/$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=https://rpm.torproject.org/centos/public_gpg.key
cost=100
EOF

# Install and start Tor
sudo dnf install -y tor
sudo systemctl enable --now tor.service

#2. Expose Tor’s control port (and make the cookie readable):

sudo tee -a /etc/tor/torrc >/dev/null <<'EOF'
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
EOF
sudo systemctl restart tor.service

#3. Give your login user access to the cookie, then log out/in once

sudo usermod -aG toranon "$USER"

(log out and back in to apply the change)

#4. Enable RPC Server:
From Bitcoin Knots, open Settings > Options
Check “Enable RPC server”, and click OK

#5. Tell Bitcoin Knots to use Tor:
From Bitcoin Knots, open Settings > Options > Open Configuration File > Continue
Paste in:

proxy=127.0.0.1:9050
listen=1
listenonion=1

(save)

#6. Shut down Knots and re-start it. Then grab your node’s new .onion address:

bitcoin-cli getnetworkinfo | grep ".onion"

davk60 · July 9, 2025, 5:20am

I have been trying to follow your guide and setup knots on ubuntu. I had a working install of knots but when I went to #4 Enable RPC server my node hangs on exit and I have to reboot to recover this happens everytime not. What should I do?

paul · July 9, 2025, 5:25am

That is strange. You don’t actually need to enable the RPC server (it is only needed for step 6 to use bitcoin-cli) Instead, you can get your .onion address a different way. After skipping step 4 and completing step 5:

Shut down Bitcoin Knots and restart it, then open Window > Console and enter:

getnetworkinfo

And look under “localaddresses” for the .onion address

satoshmund · July 25, 2025, 8:12pm

Dear Paul!
Love your videos and topics here!
Anyway… I have sort of a noob question…
If i dont`t want to run my node over Tor. How do i go back from that? Is it just to remove everything in the bitcoin.conf file exept “server=1”, or do i have to do more?
Do i have to do any changes in Sparrow?
I run Ubuntu
Is privacy the only difference running over Tor or are there other benefits?

Thanks

paul · July 25, 2025, 8:23pm

Yes, reverting the bitcoin.conf changes is sufficient to stop knots from being reachable on Tor. There shouldn’t be any changes to Sparrow, although I didn’t cover Sparrow in my videos, so depends on how you connnected it. Since you posted this on the Windows/Mac/Linux thread, I assume you are just connecting Sparrow to bitcoin-qt on the same computer via localhost. Tor would not be a factor in that setup.

satoshmund · July 25, 2025, 8:37pm

Thanks!
Yeah I thought that would be sufficient too, but it still says I am connected trought Tor when I search for it at bitnodes.io… Will it take some time to update? I did a reboot of the computer after changing the config file…

paul · July 25, 2025, 8:54pm

Hmm, I hadn’t really checked on caching, I suppose that is possible. With the listenonion and proxy configurations gone, it should not be reachable anymore.

I suppose you could always uninstall Tor if you aren’t using it for anything else:

sudo apt-get remove --purge tor

Then reboot again.

satoshmund · July 25, 2025, 9:18pm

Well, I uninstalled Tor and that certainly made a difference… Now it is not reachable when Im searching the IP (both IPV4/6).. But I believe it is still running OK tought.. Again, sorry for the newbie questions.. Im in the learning stage of node-running…