This package provides the reference implementation of a Blockstack node, as well as tools and scripts for deploying it.
If you are looking to get started with Blockstack applications, we recommend you start with the Blockstack Browser first.
- What is the Blockstack project?
- What is Blockstack Core?
- Installing Blockstack Core
- Running a Blockstack Core Node
- Using Blockstack Core
- Troubleshooting
- Developer Resources
- Community
- Further Information
- Copyright and License
Blockstack is a new internet for decentralized apps where users own their data.
Blockstack applications follow a can't-be-evil design philosophy. They cannot alter, transfer, or revoke the user's identity, and they cannot read or write the user's data without permission. Blockstack provides the platform, network, and SDKs for building can't-be-evil applications using existing Web tools. If you are Web developer, all of your skills are immediately transferrable to Blockstack.
Blockstack applications look and feel like traditional Web applications.
Under the hood they use Blockstack APIs for user authentication and storage.
Blockstack handles user authentication using the Blockstack Naming
Service
(BNS), a decentralized naming and public key infrastructure built on top of the Bitcoin
blockchain. It handles storage using Gaia, a scalable decentralized
key/value storage system that looks and feels like localStorage
,
but lets users securely store and share application data
via existing storage systems like Dropbox or S3.
Blockstack applications differ from traditional Web applications in two key
ways. First, users own their identities.
The Blockstack Browser
gives users direct control over their private keys and profile data,
and fulfills the role of a SSO provider to Blockstack apps.
Blockstack Core provides BNS as a way for users to discover each other's public
keys.
The second key difference is that users own their data. Users choose where their app data gets hosted, and who is allowed to read it. Gaia loads and stores data with the user's chosen storage providers, and automatically signs and encrypts it with their app-specific keys. Only the intended recipients can authenticate and read the data; the storage providers are treated as untrusted middlemen.
Blockstack is a win/win for users and developers. Users are not locked into apps or services. Instead, users take their identities and data with them from app to app. Apps can only read user data if the user chooses to allow it. If an app goes offline, the user still keeps their data. If users find a better app, they can seamlessly switch over to using it. Because data is end-to-end encrypted and hosted separately from the app, data breaches are inconsequential to users because there is nothing for hackers to steal.
Developers benefit from Blockstack as well. Apps are simpler to build with Blockstack and require less operational overhead, since they no longer have to store user data. Many non-trivial applications can be implemented as single-page Javascript applications using blockstack.js, and deployed as a static Web page. The Blockstack API is small, simple, and straightforward to integrate into existing Web apps.
Blockstack Core implements BNS and Atlas, the storage routing system for Gaia. Blockstack Core nodes form the backbone of the Blockstack network. Each node indexes the Bitcoin blockchain and maintains a full replica of all names, public keys, and storage routing information. This makes the Blockstack network particularly resilient to node failure---applications only need to talk to a single Blockstack Core node to work, and a new or recovering node can quickly reconstruct all of its missing state from its peers.
Power users are encouraged to run local Blockstack Core nodes on their laptops or home/office networks in order to have reliable access to the Blockstack network. Your local node maintains the same state as the rest of the Blockstack Core nodes, so it will keep serving names, public keys, and storage routes even if upstream nodes are unreachable or go offline.
There are two parts to Blockstack Core: a background network daemon that talks
with the rest of the network and builds up the local BNS and storage routing state
(blockstack-core
), and
an API shim that provides a stable, RESTful API that facilitates name and
storage routing lookups and registrations (blockstack api
). Both are
installed by default.
There are three supported methods to install Blockstack Core:
Before installing Blockstack Core from source, you will need to install
libffi-dev
and
libssl-dev
. Mac and Linux users can
usually grab these packages from their respective package managers.
Once these dependencies are installed, you can install Blockstack Core
from source via the included setup.py
script, as follows:
$ git clone https://github.com/blockstack/blockstack-core
$ cd blockstack-core
$ python2 ./setup.py build
$ sudo python2 ./setup.py install
You can also use a virtualenv
to
install Blockstack Core in a non-system directory.
Blockstack is built against Python 2.7. You should use pip2
if you have it instead of pip
. If you do not have pip2
, you should verify that your pip
is configured for Python 2.
On Mac:
# Install blockstack
$ pip install blockstack --upgrade
On CentOS 7 & RHEL:
# Disable SELinux
$ setenforce 0
$ sed -i --follow-symlinks 's/^SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux && cat /etc/sysconfig/selinux
# Install dependencies
$ yum install epel-release
$ yum install python-pip python-devel openssl-devel libffi-devel rng-tools gmp-devel zlib-devel
# Install blockstack
$ sudo pip install blockstack --upgrade
$ systemctl stop firewalld && systemctl disable firewalld
On Debian & Ubuntu:
# Install dependancies
$ sudo apt-get update && sudo apt-get install -y python-pip python-dev libssl-dev libffi-dev rng-tools libgmp3-dev
$ sudo pip install pyparsing
# Install blockstack
$ sudo pip install blockstack --upgrade
Another way to run blockstack-core
is through docker. We provide per-commit image builds of this repository that are available on quay.io.
The common workflow for running in docker is to --fast_sync
a blockstack-core
node's data to a location on the host and then start up a container on top of that data. You will need at least ~5GB of disk to run each instance. There is a sample implementation of running the blockstack-core
and blockstack api
components in the tools/docker
folder. The instructions below show how to use that implementation:
# Clone the repo and navigate to the tools/docker dir:
git clone git@github.com:blockstack/blockstack-core.git
cd blockstack-core/tools/docker
# Initialize the core node and api wallet
./docker-tools.sh init-core
./docker-tools.sh init-api
# Wait for the core node to initialize (~15-20 min)
# Check if job is still running:
docker ps -f name=blockstack-core-init
# Once job finishes start the containers with docker-compose
docker-compose up -d
# OR
# Once the job finishes start the containers
# blockstack-core
docker run -d \
-v './data/core/server/:/root/.blockstack-server' \
-v './data/core/api/:/root/.blockstack' \
-p '6264:6264' \
--restart 'always' \
--name 'blockstack-core' \
quay.io/blockstack/blockstack-core:master \
blockstack-core start --foreground --debug
# blockstack api
docker run -d \
-v './data/api:/root/.blockstack' \
-v './data/api/tmp:/tmp' \
-e 'BLOCKSTACK_CLIENT_INTERACTIVE_YES=0' \
-p '6270:6270' \
--name 'blockstack-api' \
--restart 'always' \
quay.io/blockstack/blockstack-core:master \
blockstack api start-foreground -y --debug --password dummywalletpassword
# Test connectivity for the blockstack-core container
# NOTE: It can take some time (~1-5 min) before the RPC
# interface becomes available
./docker-tools.sh test-core localhost 6264
# Test connectivity for the blockstack api container
./docker-tools.sh test-api localhost 6270
Notes:
- This method is currently only fully supported on Linux.
- The
blockstack-core
instance runs in docker on MacOS with no problems. To enable this comment out theblockstack api
section in thedocker-compose.yaml
file and don't run the./docker-tools.sh init-api
command. - You will need
sudo
access to run the above scripts - You can run more than one instance of this setup per host. Allow at least 1 CPU core for each container
- To configure a different
bitcoind
node, orutxo_provider
for both containers you must change those settings in bothblockstack-server.ini
andclient.ini
before running the./docker-tools.sh init-*
commands. Afterinit-*
has been run you must edit thedata/core/server/blockstack-server.ini
anddata/api/client.ini
to change those settings.
There are two parts to this:
- Running a
blockstack-core
daemon to build up a local copy of the Blockstack network state. - Running a
blockstack api
daemon to provide a RESTful API endpoint for looking up and registering names.
Before doing anything, you should configure your Blockstack Core node.
$ blockstack-core configure
It is safe to accept all defaults. It will generate some configuration state in
~/.blockstack-server/
.
Because each Blockstack Core node maintains a full copy of the network state locally, it will need to synchronize its state with the Bitcoin blockchain when it starts for the first time. This can take days. To overcome this, we run some "fast-sync" servers that will serve a new Blockstack Core node a recent snapshot of the network state. Fast-sync only takes a few minutes.
To start up a Blockstack Core node from a snapshot, you should run
$ blockstack-core --debug fast_sync
By default, it will pull a snapshot from
http://fast-sync.blockstack.org/snapshot.bsk
and use a built-in public key to
verify its authenticity. It will populate your ~/.blockstack-server/
directory with a recent snapshot of the network state (less than 24 hours old).
To start your Blockstack Core node, you should run
$ blockstack-core --debug start
This will start a Blockstack Core node in the background. We recommend passing
the --debug
flag so you will receive verbose output, which will help diagnose
any problems you may have.
You can find the node's log in ~/.blockstack-server/blockstack-server.log
.
The Blockstack API endpoint provides a convenient RESTful API for interacting with the Blockstack network. It is stable, versioned, and documented. It provides the programmatic interfaces for registering new user names and looking up other users' public keys and storage routing information. In addition, it is used to implement Web services like core.blockstack.org and explorer.blockstack.org. Programs that want to interact with Blockstack over the Web should use the RESTful API.
Once you have a blockstack-core
daemon running somewhere, you can stand up a
RESTful API endpoint. This is achieved with the blockstack
CLI program that comes with Blockstack Core.
First, you will need to set up the API endpoint. To do so, run:
$ blockstack setup
The blockstack
program stores its state in ~/.blockstack/
.
- The configuration file is in
~/.blockstack/client.ini
- The log file is in
~/.blockstack/api_endpoint.log
- The encrypted wallet file is in
~/.blockstack/wallet.json
NOTE: This will generate a wallet. BE SURE TO SAVE THE PASSWORD. The wallet will be used to pay for names.
Hints
Most of the default config options are sound. However, there are a few to be aware of:
-
When prompted for a
server
andport
, fill in the host and port number for yourblockstack-core
daemon. The default port is 6264. -
You will be prompted for a wallet password. Again, BE SURE TO SAVE THE WALLET PASSWORD. It is used to derive the key that encrypts the wallet on disk.
-
Some RESTful API methods require an API password. This is set in the config file, under
[blockstack_client]
asapi_password
.
Once this step is complete, you will be able to start the API endpoint with:
$ blockstack api start
Once you have Blockstack Core installed, you will have two daemons running:
- The
blockstack-core
daemon - The
blockstack api
daemon
The standard way to interact with Blockstack Core is through the blockstack api
daemon. The full documentation for the API endpoints is available here. Below are some common examples.
To check that your API endpoint is up, you can ping it with:
$ curl http://localhost:6270/v1/ping
{"status": "alive", "version": "0.18.0"}
You can confirm that your API endpoint can contact the blockstack-core
daemon
by looking up a name as follows:
$ curl http://localhost:6270/v1/names/muneeb.id
{"status": "registered", "zonefile": "$ORIGIN muneeb.id\n$TTL 3600\n_http._tcp URI 10 1 \"https://gaia.blockstack.org/hub/1J3PUxY5uDShUnHRrMyU6yKtoHEUPhKULs/0/profile.json\"\n", "expire_block": 599266, "blockchain": "bitcoin", "last_txid": "7e16e8688ca0413a398bbaf16ad4b10d3c9439555fc140f58e5ab4e50793c476", "address": "1J3PUxY5uDShUnHRrMyU6yKtoHEUPhKULs", "zonefile_hash": "37aecf837c6ae9bdc9dbd98a268f263dacd00361"}
You can stop the API daemon with the following command:
$ blockstack api stop
You can stop the blockstack-core
daemon with the following command:
$ blockstack-core stop
Please see the usage docs to learn how to use the CLI interface for interacting with Blockstack Core.
Blockstack Core's API endpoint uses scrypt to secure its wallet. However, some Linux distributions have a hard time installing it.
Running this command usually fixes this issue:
$ pip uninstall scrypt; pip install scrypt
Some API calls are privileged, because they interact with the wallet and other
sensitive API daemon state (like its config file). In the API
documentation, these methods are marked as
Requires root authorization
.
To use these methods, you will need to do two things:
- pass the API password in an
Authorization
header - set the
Origin
header tohttp://localhost:8888
.
The reason the Origin
header is required is to stop a malicious Web page on the same host from
accessing your API endpoint. The origin http://localhost:8888
is whitelisted, because this is what the
Blockstack Browser uses.
To supply the API password, put it in an Authorization
field. You can get the
password from the ~/.blockstack/client.ini
file:
[blockstack-api]
...
api_password = super_secret_password # <-- this is the password you need
...
Your HTTP request should look something like this (the endpoint
/v1/node/config
is used in this example):
GET /v1/node/config HTTP/1.1
Host: localhost:6270
User-Agent: curl/7.58.0
Accept: */*
Authorization: bearer super_secret_password
Origin: http://localhost:8888
You can generate this request with curl
as follows:
$ curl -H 'Authorization: bearer super_secret_password' -H 'Origin: http://localhost:8888' http://localhost:6270/v1/node/config
Blockstack Core does not log very much non-error information by default. To get
verbose output, you can pass --debug
to both blockstack-core
and blockstack api
, as follows:
$ blockstack-core --debug start && tail -f ~/.blockstack-server/blockstack-server.log
$ blockstack --debug api start && tail -f ~/.blockstack/api_endpoint.log
In addition, both blockstack-core
and blockstack api
can run in the
foreground, without becoming daemons. To do so, run them as:
$ blockstack-core --debug start --foreground
$ blockstack --debug api start-foreground
v0.18.0 is the current stable release of Blockstack Core. It available on the master
branch.
The next release is being built on the develop. Please submit all
pull requests to the develop
branch.
In the list of release notes you can find what has changed in each release.
Blockstack Core has an extensive integration test framework, which lets you experiment with Blockstack in a sandboxed environment. The test framework gives your Blockstack Core node a local, private Bitcoin blockchain that lets you safely experiment with different name and namespace transactions without spending Bitcoin. We use the integration test framework to test everything from new API calls to new Blockstack Browser features. Please see the relevant documentation to get started.
We welcome any small or big contributions! Please take a moment to review the guidelines for contributing to open source in order to make the contribution process easy and effective for everyone involved.
Beyond this Github project, Blockstack maintains a public forum and a permissioned Slack channel. In addition, the project maintains a mailing list which sends out community announcements.
The greater Blockstack community regularly hosts in-person meetups. The project's YouTube channel includes videos from some of these meetups, as well as video tutorials to help new users get started and help developers wrap their heads around the system's design.
You can learn more by visiting the Blockstack Website and checking out the in-depth articles and documentation:
- How Blockstack Works (white paper)
- Blockstack General FAQ
- Blockstack Technical FAQ
- Blockstack In-depth Documentation Repository
You can also read peer-reviewed Blockstack papers:
- "Blockstack: A Global Naming and Storage System Secured by Blockchains", Proc. USENIX Annual Technical Conference (ATC '16), June 2016
- "Extending Existing Blockchains with Virtualchain", Distributed Cryptocurrencies and Consensus Ledgers (DCCL '16 workshop, at ACM PODC 2016), July 2016
If you have high-level questions about Blockstack, try searching our forum and start a new question if your question is not answered there.
The code and documentation copyright are attributed to blockstack.org for the year of 2018.
This code is released under the GPL v3 license, and the docs are released under the Creative Commons license.