Environmental Variables
Below is a list of Docker environmental variables that cn be used to template /bitcoin/bitcoin.conf.
The docker image creates a /bitcoin/bitcoin.conf.lock after templating. If the lock file is found on container start templating will be skipped. Alternatively if the lock file is found but CONFIG_OVERWRITE=true is set, then the bitcoin.conf will be copied over and templated`
Set user id to match local user for file permissions
PUID=1000
Set group id to match local user for file permissions
PGID=1001
Overwrite config based on environmental variables set
CONFIG_OVERWRITE=false
Log bitcoin.conf on container start
LOG_CONFIG=false
Remove file locks on startup. File locks ensure two instances of bitcoin-core are not trying to access the same database files, which is good. When you have an ungraceful shutdown file locks stop the container from starting up again.
REMOVE_FILE_LOCKS=false
Execute command when a relevant alert is received or we see a really long fork (%s in cmd is replaced by message)
ALERT_NOTIFY=<cmd>
If this block is in the chain assume that it and its ancestors are valid and potentially skip their script verification (0 to verify all,
default: 0000000000000000000b9d2ec5a352ecba0592946514a92f14319dc2b367fc72,
testnet: 000000000000006433d1efec504c53ca332b64963c425395515b01977bd7b3b0,
signet: 0000002a1de0f46379358c1fd09906f7ac59adf3712323ed90eb59e4c183c020)
ASSUME_VALID=0000000000000000000b9d2ec5a352ecba0592946514a92f14319dc2b367fc72
Maintain an index of compact filters by block (default: false, values: basic). If
BLOCK_FILTER_INDEX=false
Execute command when the best block changes (%s in cmd is replaced by block hash)
BLOCK_NOTIFY=<cmd>
Extra transactions to keep in memory for compact block reconstructions (default: 100)
BLOCK_RECONSTRUCTION_EXTRA_TXN=100
Specify directory to hold blocks subdirectory for *.dat files (default:
BLOCKS_DIR=/bitcoin
Whether to reject transactions from network peers. Automatic broadcast and rebroadcast of any transactions from inbound peers is disabled, unless the peer has the 'forcerelay' permission. RPC transactions are not affected. (default: false)
BLOCKS_ONLY=false
Maintain coinstats index used by the gettxoutsetinfo RPC (default: 0)
COIN_STATS_INDEX=false
Specify path to read-only configuration file. Relative paths will be prefixed by datadir location. (default: bitcoin.conf)
CONF=bitcoin.conf
Run in the background as a daemon and accept commands
DAEMON=true
Wait for initialization to be finished before exiting. This implies -daemon (default: 0)
DAEMON_WAIT=false
Specify data directory. This is set by the docker image and should not be changed
DATA_DIR=/bitcoin
Maximum database cache size
DB_CACHE=450
Specify location of debug log file. Relative paths will be prefixed by a net-specific datadir location. (-nodebuglogfile to disable; default: debug.log)
DEBUG_LOG_FILE=debug.log
Specify additional configuration file, relative to the -datadir path (only useable from configuration file, not command line)
INCLUDE_CONF=<file>
Imports blocks from external file on startup
LOAD_BLOCK=<file>
Keep the transaction memory pool below
MAX_MEM_POOL=300
Keep at most
MAX_ORPHAN_TX=100
Do not keep transactions in the mempool longer than
MEM_POOL_EXPIRY=336
Set the number of script verification threads (-4 to 15, 0 = auto, <0 = leave that many cores free, default: 0)
PAR=0
Whether to save the mempool on shutdown and load on restart (default: true)
PERSIST_MEMPOOL=true
Specify pid file. Relative paths will be prefixed by a net-specific datadir location. (default: bitcoind.pid)
PID=bitcoind.pid
Reduce storage requirements by enabling pruning (deleting) of old blocks. This allows the pruneblockchain RPC to be called to delete specific blocks, and enables automatic pruning of old blocks if a target size in MiB is provided. This mode is incompatible with -txindex and -rescan. Warning: Reverting this setting requires re-downloading the entire blockchain. (default: 0 = disable pruning blocks, 1 = allow manual pruning via RPC, >=550 = automatically prune block files to stay under the specified target size in MiB)
PRUNE=0
Rebuild chain state and block index from the blk*.dat files on disk
REINDEX=true
Rebuild chain state from the currently indexed blocks. When in pruning mode or if blocks on disk might be corrupted, use full -reindex instead.
REINDEX_CHAIN_STATE=true
Specify path to dynamic settings data file. Can be disabled with -nosettings. File is written at runtime and not meant to be edited by users (use bitcoin.conf instead for custom settings). Relative paths will be prefixed by datadir location. (default: settings.json)
SETTINGS=settings.json
Execute command on startup.
STARTUP_NOTIFY=<cmd>
Create new files with system default permissions, instead of umask 077 (only effective with disabled wallet functionality)
SYS_PERMS=1
Maintain a full transaction index, used by the getrawtransaction rpc call (default: false)
TX_INDEX=false
Connection options
Add a node to connect to and attempt to keep the connection open (see the addnode RPC command help for more info). This option can be specified multiple times to add multiple nodes.
ADD_NODE=<address:port>
Specify asn mapping used for bucketing of the peers (default: ip_asn.map). Relative paths will be prefixed by the net-specific datadir location.
ASMAP=ip_asn.map
Default duration (in seconds) of manually configured bans (default: 86400)
BAN_TIME=86400
Bind to given address and always listen on it (default: 0.0.0.0). Use [host]:port notation for IPv6. Append =onion to tag any incoming connections to that address and port as incoming Tor connections (default: 127.0.0.1:8334=onion, testnet: 127.0.0.1:18334=onion, signet: 127.0.0.1:38334=onion, regtest: 127.0.0.1:18445=onion)
BIND=0.0.0.0,10.0.0.1
Connect only to the specified node; -noconnect disables automatic connections (the rules for this peer are the same as for -addnode). This option can be specified multiple times to connect to multiple nodes.
CONNECT=<ip>,<ip>
Discover own IP addresses (default: true when listening and no -externalip or -proxy)
DISCOVER=true
Allow DNS lookups for -addnode, -seednode and -connect (default: true)
DNS=true
Query for peer addresses via DNS lookup, if low on addresses (default: true unless -connect used)
DNS_SEED=true
Specify your own public address
EXTERNAL_IP=<ip>
Allow fixed seeds if DNS seeds don't provide peers (default: 1)
FIXED_SEEDS=true
Always query for peer addresses via DNS lookup (default: false)
FORCE_DNS_SEED=false
If set and -i2psam is also set then incoming I2P connections are accepted via the SAM proxy. If this is not set but -i2psam is set then only outgoing connections will be made to the I2P network. Ignored if -i2psam is not set. Listening for incoming I2P connections is done through the SAM proxy, not by binding to a local address and port (default: 1)
I2P_ACCEPT_INCOMING=true
I2P SAM proxy to reach I2P peers and accept I2P connections (default: none)
i2psam=<ip:port>,<ip:port>,<ip:port>
Accept connections from outside (default: false if no -proxy or -connect)
LISTEN=false
Automatically create Tor onion service (default: true)
LISTEN_ONION=true
Maintain at most
MAX_CONNECTIONS=125
Maximum per-connection receive buffer,
MAX_RECEIVE_BUFFER=5000
Maximum per-connection send buffer,
MAX_SEND_BUFFER=1000
Maximum allowed median peer time offset adjustment. Local perspective of time may be influenced by peers forward or backward by this amount. (default: 4200 seconds)
MAX_TIME_ADJUSTMENT=4200
Tries to keep outbound traffic under the given target (in MiB per 24h). Limit does not apply to peers with 'download' permission. 0 = no limit (default: 0)
MAX_UPLOAD_TARGET=0
Enable all P2P network activity (default: true). Can be changed by the setnetworkactive RPC command
NETWORK_ACTIVE=true
Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy)
ONION=<ip:port>
Make outgoing connections only through network
ONLY_NET=<net>
Serve compact block filters to peers per BIP 157 (default: false)
PEER_BLOCK_FILTERS=false
Support filtering of blocks and transaction with bloom filters (default: false)
PEER_BLOOM_FILTERS=false
Relay non-P2SH multisig (default: true)
PERMIT_BARE_MULTISIG=true
Listen for connections on
PORT=8333
Connect through SOCKS5 proxy, set -noproxy to disable (default: disabled)
PROXY=<ip:port>
Randomize credentials for every proxy connection. This enables Tor stream isolation (default: true)
PROXY_RANDOMIZE=true
Connect to a node to retrieve peer addresses, and disconnect. This option can be specified multiple times to connect to multiple nodes.
SEED_NODE=<ip>
Specify connection timeout in milliseconds (minimum: 1, default: 5000)
TIMEOUT=5000
Tor control port to use if onion listening enabled (default: 127.0.0.1:9051)
TOR_CONTROL=127.0.0.1:9051
Tor control port password (default: empty)
TOR_PASSWORD=password
Use UPnP to map the listening port (default: false)
UPNP=false
Bind to the given address and add permission flags to the peers connecting to it. Use [host]:port notation for IPv6. Allowed permissions: bloomfilter (allow requesting BIP37 filtered blocks and transactions), noban (do not ban for misbehavior; implies download), forcerelay (relay transactions that are already in the mempool; implies relay), relay (relay even in -blocksonly mode, and unlimited transaction announcements), mempool (allow requesting BIP35 mempool contents), download (allow getheaders during IBD, no disconnect after maxuploadtarget limit), addr (responses to GETADDR avoid hitting the cache and contain random records with the most up-to-date info). Specify multiple permissions separated by commas (default: download,noban,mempool,relay). Can be specified multiple times.
WHITE_BIND=<[permissions@]addr>
Add permission flags to the peers connecting from the given IP address (e.g. 1.2.3.4) or CIDR-notated network (e.g. 1.2.3.0/24). Uses the same permissions as -whitebind. Can be specified multiple times.
WHITE_LIST=<[permissions@]IP address or network>
Wallet options:
What type of addresses to use ("legacy", "p2sh-segwit", or "bech32", default: "bech32")
ADDRESS_TYPE=bech32
Group outputs by address, selecting many (possibly all) or none, instead of selecting on a per-output basis. Privacy is improved as addresses are mostly swept with fewer transactions and outputs are aggregated in clean change addresses. It may result in higher fees due to less optimal coin selection caused by this added limitation and possibly a larger-than-necessary number of inputs being used. Always enabled for wallets with "avoid_reuse" enabled, otherwise default: 0.
avoid_partial_spends=false
What type of change to use ("legacy", "p2sh-segwit", or "bech32"). Default is same as -addresstype, except when -addresstype=p2sh-segwit a native segwit output is used when sending to a native segwit address)
CHANGE_TYPE=<addresstype>
Do not load the wallet and disable wallet RPC calls
DISABLE_WALLET=0
The fee rate (in BTC/kvB) that indicates your tolerance for discarding change by adding it to the fee (default: 0.0001). Note: An output is discarded if it is dust at this rate, but we will always discard up to the dust relay fee and a discard fee above that is limited by the fee estimate for the longest target.
DISCARD_FEE=<amt>
A fee rate (in BTC/kvB) that will be used when fee estimation has insufficient data. 0 to entirely disable the fallbackfee feature. (default: 0.00)
FALLBACK_FEE=<amt>
Set key pool size to
KEY_POOL=<n>
Spend up to this amount in additional (absolute) fees (in BTC) if it allows the use of partial spend avoidance (default: 0.00)
MAX_APS_FEE=<n>
Fee rates (in BTC/kvB) smaller than this are considered zero fee for transaction creation (default: 0.00001)
MIN_TX_FEE=<amt>
Maximum total fees (in BTC) to use in a single wallet transaction; setting this too low may abort large transactions (default: 0.10)
MAX_TX_FEE=<amt>
Fee rate (in BTC/kvB) to add to transactions you send (default: 0.00)
PAY_TX_FEE=<amt>
Rescan the block chain for missing wallet transactions on startup
RESCAN=false
External signing tool, see doc/external-signer.md
SIGNER=<cmd>
Spend unconfirmed change when sending transactions (default: 1)
SPEND_ZERO_CONF_CHANGE=true
If paytxfee is not set, include enough fee so transactions begin confirmation on average within n blocks (default: 6)
TX_CONFIRM_TARGET=<n>
Specify wallet path to load at startup. Can be used multiple times to load multiple wallets. Path is to a directory containing wallet data and log files. If the path is not absolute, it is interpreted relative to
WALLET=<path>
Make the wallet broadcast transactions (default: 1)
WALLET_BROADCAST=true
Specify directory to hold wallets (default:
WALLET_DIR=<dir>
Execute command when a wallet transaction changes. %s in cmd is replaced by TxID, %w is replaced by wallet name, %b is replaced by the hash of the block including the transaction (set to 'unconfirmed' if the transaction is not included) and %h is replaced by the block height (-1 if not included). %w is not currently implemented on windows. On systems where %w is supported, it should NOT be quoted because this would break shell escaping used to invoke the command.
WALLET_NOTIFY=<cmd>
Send transactions with full-RBF opt-in enabled (RPC only, default: 0)
WALLET_RBF=false
ZeroMQ notification options:
Enable publish hash block in
ZMQ_PUB_HASH_BLOCK=<address>
Set publish hash block outbound message high water mark (default: 1000)
ZMQ_PUB_HASH_BLOCK_HWM=<n>
Enable publish hash transaction in
ZMQ_PUB_HASH_TX=<address>
Set publish hash transaction outbound message high water mark (default: 1000)
ZMQ_PUB_HASH_TX_HWM=<n>
Enable publish raw block in
ZMQ_PUB_RAW_BLOCK=<address>
Set publish raw block outbound message high water mark (default: 1000)
ZMQ_PUB_RAW_BLOCK_HWM=<n>
Enable publish raw transaction in
ZMQ_PUB_RAW_TX=<address>
Set publish raw transaction outbound message high water mark (default: 1000)
ZMQ_PUB_RAW_TX_HWM=<n>
Enable publish hash block and tx sequence in
ZMQ_PUB_SEQUENCE=<address>
Set publish hash sequence message high water mark (default: 1000)
ZMQ_PUB_SEQUENCE_HWM=<n>
Debugging/Testing options:
Output debugging information (default: -nodebug, supplying
DEBUG=<category>,<category>,<category>
Exclude debugging information for a category. Can be used in conjunction with -debug=1 to output debug logs for all categories except one or more specified categories.
DEBUG_EXCLUDE=<category>,<category>,<category>
Include IP addresses in debug output (default: false)
LOG_IPS=false
Prepend debug output with name of the originating source location (source file, line number and function name) (default: 0)
LOG_SOURCE_LOCATIONS=false
Prepend debug output with timestamp (default: true)
LOG_TIMESTAMPS=true
Send trace/debug info to console (default: true when no -daemon. To disable logging to file, set -nodebuglogfile)
PRINT_TO_CONSOLE=true
Shrink debug.log file on client startup (default: true when no -debug)
SHRINK_DEBUG_FILE=true
Append comment to the user agent string
UA_COMMENT=<cmt>
Chain selection options
Use the chain
CHAIN=main
Use the signet chain. Equivalent to -chain=signet. Note that the network is defined by the -signetchallenge parameter
SIGNET=true
Blocks must satisfy the given script to be considered valid (only for signet networks; defaults to the global default signet test network challenge)
SIGNET_CHALLENGE=false
Specify a seed node for the signet network, in the hostname[:port] format, e.g. sig.net:1234 (may be used multiple times to specify multiple seed nodes; defaults to the global default signet test network seed node(s))
SIGNET_SEED_NODE=<host[:port]>,<host[:port]>,<host[:port]>
Use the test chain. Equivalent to -chain=test.
TEST_NET=true
Node relay options
Equivalent bytes per sigop in transactions for relay and mining (default: 20)
BYTE_PER_SIGOP=20
Relay and mine data carrier transactions (default: true)
DATA_CARRIER=true
Maximum size of data in data carrier transactions we relay and mine (default: 83)
DATA_CARRIER_SIZE=83
Fees (in BTC/kB) smaller than this are considered zero fee for relaying, mining and transaction creation (default: 0.00001)
MIN_RELAY_TX_FEE=0.00001
Add 'forcerelay' permission to whitelisted inbound peers with default permissions. This will relay transactions even if the transactions were already in the mempool. (default: false)
WHITE_LIST_FORCE_RELAY=false
Add 'relay' permission to whitelisted inbound peers with default permissions. This will accept relayed transactions even when not relaying transactions (default: true)
WHITE_LIST_RELAY=true
Block creation options
Set maximum BIP141 block weight (default: 3996000)
BLOCK_MAX_WEIGHT=3996000
Set lowest fee rate (in BTC/kB) for transactions to be included in block creation. (default: 0.00001)
BLOCK_MIN_TX_FEE=0.00001
RPC server options
Accept public REST requests (default: false)
REST=false
Allow JSON-RPC connections from specified source. Valid for
RPC_ALLOW_IP=127.0.0.1
Username and HMAC-SHA-256 hashed password for JSON-RPC connections. The field
Multiple username:password pairs can be set.
The entrypoint script parses each pair by a space and password username is parsed by a :
RPC_AUTH=<username:password> <username:password>
Bind to given address to listen for JSON-RPC connections. Do not expose the RPC server to untrusted networks such as the public internet! This option is ignored unless -rpcallowip is also passed. Port is optional and overrides -rpcport. Use [host]:port notation for IPv6. This option can be specified multiple times (default: 127.0.0.1 and ::1 i.e., localhost)
RPC_BIND=127.0.0.1:8332
Location of the auth cookie. Relative paths will be prefixed by a net-specific datadir location. (default: data dir)
RPC_COOKIE_FILE=<loc>
Password for JSON-RPC connections. RPC_AUTH is the preferred method of setting username and password.
RPC_PASSWORD=<password>
Listen for JSON-RPC connections on
RPC_PORT=8332
Sets the serialization of raw transaction or block hex returned in non-verbose mode, non-segwit(false) or segwit(true) (default: true)
RPC_SERIAL_VERSION=true
Set the number of threads to service RPC calls (default: 4)
RPC_THREADS=4
Username for JSON-RPC connections. RPC_AUTH is the preferred method of setting username and password.
RPC_USER=<username>
Set a whitelist to filter incoming RPC calls for a specific user. The field
RPC_WHITELIST=<whitelist>
Sets default behavior for rpc whitelisting. Unless RPC_WHITE_LIST_DEFAULT is set to false, if any RPC_WHITELIST is set, the rpc server acts as if all rpc users are subject to empty-unless-otherwise-specified whitelists. If RPC_WHITE_LIST_DEFAULT is set to true and no RPC_WHITELIST is set, rpc server acts as if all rpc users are subject to empty whitelists.
RPC_WHITE_LIST_DEFAULT=true
Accept command line and JSON-RPC commands
SERVER=true