Guide | How to setup a validator on ETH2 mainnet
🎊 2021-09 Gitcoin Grant Round 11: We improve this guide with your support!
Help fund us and earn a POAP NFT. Appreciate your support!🙏
As of August 28 2021, this is guide version 3.3.1 and written for ethereum mainnet😁
✨ PRATER testnet guide. Always test and practice on testnet.
geth + erigon pruning / Altair hard fork changes / nimbus eth1 fallback
lighthouse + prysm doppelganger protection enabled. Doppelganger protection intentionally misses an epoch on startup and listens for attestations to make sure your keys are not still running on the old validator client.
OpenEthereum will no longer be supported post London hard fork. Gnosis, maintainers of OpenEthereum, suggest users migrate to their new Erigon Ethererum client. Added setup instructions for Erigon under eth1 node section.
Updated eth2.0-deposit-cli to v.1.2.0 and added section on eth1 withdrawal address
Added generating mnemonic seeds on Tails OS by punggolzenith
Iancoleman.io BLS12-381 Key Generation Tool how-to added
Testnet guide forked for Prater testnet staking
Geth pruning guide created
Major changes to Lodestar guide
Additional Grafana Dashboards for Prysm, Lighthouse and Nimbus
Translations now available for Japanese, Chinese and Spanish (access by changing site language)
Generate keystore files on Ledger Nano X, Nano S and Trezor Model T with tool from allnodes.com
Batch deposit tool by abyss.finance now added
As a validator for eth2, you will typically have the following abilities:
operational knowledge of how to set up, run and maintain a eth2 beacon node and validator continuously
a long term commitment to maintain your validator 24/7/365
basic operating system skills
have learned the essentials by watching 'Intro to Eth2 & Staking for Beginners' by Superphiz
have passed or is actively enrolled in the Eth2 Study Master course
and have read the 8 Things Every Eth2 validator should know.
Operating system: 64-bit Linux (i.e. Ubuntu 20.04 LTS Server or Desktop)
Processor: Dual core CPU, Intel Core i5–760 or AMD FX-8100 or better
Memory: 8GB RAM
Storage: 128GB SSD
Internet: Broadband internet connection with speeds at least 1 Mbps.
Power: Reliable electrical power.
ETH balance: at least 32 ETH and some ETH for deposit transaction fees
Wallet: Metamask installed
Operating system: 64-bit Linux (i.e. Ubuntu 20.04 LTS Server or Desktop)
Processor: Quad core CPU, Intel Core i7–4770 or AMD FX-8310 or better
Memory: 16GB RAM or more
Storage: 2TB SSD or more
Internet: Broadband internet connections with speeds at least 10 Mbps without data limit.
Power: Reliable electrical power with uninterruptible power supply (UPS)
ETH balance: at least 32 ETH and some ETH for deposit transaction fees
Wallet: Metamask installed
💡 For examples of actual staking hardware builds, check out RocketPool's hardware guide.
✨ Pro Validator Tip: Highly recommend you begin with a brand new instance of an OS, VM, and/or machine. Avoid headaches by NOT reusing testnet keys, wallets, or databases for your validator.
If you need ideas or a reminder on how to secure your validator, refer to
If you need to install Ubuntu Server, refer to
Or Ubuntu Desktop,
If you need to install Metamask, refer to
At the end of this guide, you will build a node that hosts three main components: a validator client, a beacon chain client and an eth1 node.
Validator client - Responsible for producing new blocks and attestations in the beacon chain and shard chains.
Beacon chain client - Responsible for managing the state of the beacon chain, validator shuffling, and more.
Eth1 node - Supplies incoming validator deposits from the eth1 mainnet chain to the beacon chain client.
Note: Teku and Nimbus combines both clients into one process.
Every 32 ETH you own allows you to make 1 validator. You can run thousands of validators with your beacon node.
Your ETH (or multiples of 32 ETH) should be consolidated into a single address accessible with Metamask.
If you need to buy/exchange or top up your ETH to a multiple of 32, check out:
Install dependencies, the ethereum foundation deposit tool and generate your two sets of key pairs.
Each validator will have two sets of key pairs. A signing key and a withdrawal key. These keys are derived from a single mnemonic phrase. Learn more about keys.
You have the choice of downloading the pre-built ethereum foundation deposit tool or building it from source. Alternatively, if you have a Ledger Nano X/S or Trezor Model T, you're able to generate deposit files with keys managed by a hardware wallet.
Allnodes has created an easy to use tool to connect a Ledger Nano X/S and Trezor Model T and generate the deposit json files such that the withdrawal credentials remain secured by the hardware wallet. This tool can be used by any validator or staker.
Connect your hardware wallet to your PC/laptop
If using a Ledger Nano X/S, open the "ETHEREUM" ledger app (if missing, install from Ledger Live)
Select network > Mainnet
Select your wallet > then CONTINUE
6. From the dropdown, select your eth address with at least 32 ETH to fund your validators
7. On your hardware wallet, sign the ETH signature message to login to allnodes.com
8. Again on your hardware wallet, sign another message to verify your eth2 withdrawal credentials
Double check that your generated deposit data file contains the same string as in withdrawal credentials and that this string includes your Ethereum address (starting after 0x)
9. Enter the amount of nodes (or validators you want)
10. Finally, enter a KEYSTORE password to encrypt the deposit json files. Keep this password safe and offline.
11. Confirm password and click GENERATE
Install dependencies.
sudo apt updatesudo apt install python3-pip git -y
Download source code and install.
cd $HOMEgit clone https://github.com/ethereum/eth2.0-deposit-cli.git eth2deposit-clicd eth2deposit-clisudo ./deposit.sh install
Make a new mnemonic.
./deposit.sh new-mnemonic --chain mainnet
Advanced option: Custom eth1 withdrawal address, often used for 3rd party staking.
# Add the following--eth1_withdrawal_address <eth1 address hex string># Example./deposit.sh new-mnemonic --chain mainnet --eth1_withdrawal_address 0x1...x
If this field is set and valid, the given Eth1 address will be used to create the withdrawal credentials. Otherwise, it will generate withdrawal credentials with the mnemonic-derived withdrawal public key in EIP-2334 format.
Download eth2deposit-cli.
cd $HOMEwget https://github.com/ethereum/eth2.0-deposit-cli/releases/download/v1.2.0/eth2deposit-cli-256ea21-linux-amd64.tar.gz
Verify the SHA256 Checksum matches the checksum on the releases page.
echo "825035b6d6c06c0c85a38f78e8bf3e9df93dfd16bf7b72753b6888ae8c4cb30a *eth2deposit-cli-ed5a6d3-linux-amd64.tar.gz" | shasum -a 256 --check
Example valid output:
eth2deposit-cli-256ea21-linux-amd64.tar.gz: OK
Only proceed if the sha256 check passes with OK!
Extract the archive.
tar -xvf eth2deposit-cli-256ea21-linux-amd64.tar.gzmv eth2deposit-cli-256ea21-linux-amd64 eth2deposit-clirm eth2deposit-cli-256ea21-linux-amd64.tar.gzcd eth2deposit-cli
Make a new mnemonic.
./deposit new-mnemonic --chain mainnet
Advanced option: Custom eth1 withdrawal address, often used for 3rd party staking.
# Add the following--eth1_withdrawal_address <eth1 address hex string># Example./deposit.sh new-mnemonic --chain mainnet --eth1_withdrawal_address 0x1...x
If this field is set and valid, the given Eth1 address will be used to create the withdrawal credentials. Otherwise, it will generate withdrawal credentials with the mnemonic-derived withdrawal public key in EIP-2334 format.
🔥[ Optional ] Pro Security Tip: Run the eth2deposit-cli tool and generate your mnemonic seed for your validator keys on an air-gapped offline machine booted from usb.
You will learn how to boot up a windows PC into an airgapped Tails operating system.
The Tails OS is an amnesic operating system, meaning it will save nothing and leave no tracks behind each time you boot it.
You need:
2 storage mediums (can be USB stick, SD cards or external hard drives)
One of them must be > 8GB
Windows or Mac computer
30 minutes or longer depending on your download speed
Download the official image from the Tails website. Might take a while, go grab a coffee.
Make sure you follow the guide on the Tails website to verify your download of Tails.
For Windows, use one of
For Mac, download Etcher
Run the above software. This is an example how it looks like on Mac OS with etcher, but other software should be similar.
Select the Tails OS image that you downloaded as the image. Then select the USB stick (the larger one).
Then flash the image to the larger USB stick.
You can refer to the other tab on this guide on how to download and verify the eth2-deposit-cli.
Copy the file to the other USB stick.
After you have done all the above, you can reboot. If you are connected by a LAN cable to the internet, you can disconnect it manually.
Plug in the USB stick that has your Tails OS.
On Mac, press and hold the Option key immediately upon hearing the startup chime. Release the key after Startup Manager appears.
On Windows, it depends on your computer manufacturer. Usually it is by pressing F1 or F12. If it doesn't work, try googling "Enter boot options menu on [Insert your PC brand]"
Choose the USB stick that you loaded up with Tails OS to boot into Tails.
You can boot with all the default settings.
Plug in your other USB stick with the eth2-deposit-cli file.
You can then open your command line and navigate into the directory containing the file. Then you can continue the guide from the other tab.
Make a new mnemonic.
./deposit.sh new-mnemonic --chain mainnet
If you ran this command directly from your non-Tails USB stick, the validator keys should stay on it. If it hasn't, copy the directory over to your non-Tails USB stick.
🔥 Make sure you have saved your validator keys directory in your other USB stick (non Tails OS) before you shutdown Tails. Tails will delete everything saved on it after you shutdown..
🎉 Congrats on learning how to use Tails OS to make an air gapped system. As a bonus, you can reboot into Tails OS again and connect to internet to surf the dark web or clear net safely!
Alternatively, follow this ethstaker.cc exclusive for the low down on making a bootable usb.
You can copy via USB key the pre-built eth2deposit-cli binaries from an online machine to an air-gapped offline machine booted from usb. Make sure to disconnect the ethernet cable and/or WIFI.
2. If using eth2deposit-cli, follow the prompts and pick a KEYSTORE password. This password encrypts your keystore files. Write down your mnemonic and keep this safe and offline.
🚧 Caution: Only deposit the 32 ETH per validator if you are confident your ETH1 node and ETH2 validator will be fully synched and ready to perform validator duties. You can return later to launchpad with your deposit-data to finish the next steps.
3. Follow the steps at https://launchpad.ethereum.org/ while skipping over the steps you already just completed. Study the eth2 phase 0 overview material. Understanding eth2 is the key to success!
🐳 Batch Depositing Tip: If you have many deposits to make for many validators, consider using Abyss.finance's eth2depositor tool. This greatly improves the deposit experience as multiple deposits can be batched into one transaction, thereby saving gas fees and saving your fingers by minimizing Metamask clicking.
Source: https://twitter.com/AbyssFinance/status/1379732382044069888
4. Back on the launchpad website, upload yourdeposit_data-#########.json found in the validator_keys directory.
5. Connect to the launchpad with your Metamask wallet, review and accept terms.
6. Confirm the transaction(s). There's one deposit transaction of 32 ETH for each validator.
For instance, if you want to run 3 validators you will need to have (32 x 3) = 96 goerli ETH plus some extra to cover the gas fees.
Your transaction is sending and depositing your ETH to the official ETH2 deposit contract address.
Check, double-check, triple-check that the official Eth2 deposit contract address is correct.0x00000000219ab540356cBB839Cbe05303d7705Fa
🔥 Critical Crypto Reminder: Keep your mnemonic, keep your ETH. 🚀
Write down your mnemonic seed offline. Not email. Not cloud.
Multiple copies are better. Best stored in a metal seed.
The withdrawal keys will be generated from this mnemonic in the future.
Make offline backups, such as to a USB key, of your
validator_keysdirectory.
Ethereum 2.0 requires a connection to Ethereum 1.0 in order to monitor for 32 ETH validator deposits. Hosting your own Ethereum 1.0 node is the best way to maximize decentralization and minimize dependency on third parties such as Infura.
The subsequent steps assume you have completed the best practices security guide.
🛑 Do not run your processes as ROOT user. 😱
Your choice of either Geth, Besu, Nethermind, Erigon or Infura.
Geth - Go Ethereum is one of the three original implementations (along with C++ and Python) of the Ethereum protocol. It is written in Go, fully open source and licensed under the GNU LGPL v3.
Review the latest release notes at https://github.com/ethereum/go-ethereum/releases
sudo add-apt-repository -y ppa:ethereum/ethereumsudo apt-get update -ysudo apt dist-upgrade -ysudo apt-get install ethereum -y
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
Simply copy/paste the following.
cat > $HOME/eth1.service << EOF[Unit]Description = geth eth1 serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = /usr/bin/geth --http --metrics --pprofRestart = on-failureRestartSec = 3TimeoutSec = 300[Install]WantedBy = multi-user.targetEOF
Nimbus Specific Configuration: Add the following flag to the ExecStart line.
--ws
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1
sudo systemctl start eth1
Geth Tip: When is my geth node synched?
Attach to the geth console with:
geth attachhttp://127.0.0.1:8545Type the following:
eth.syncingIf it returns false, your geth node is synched.
Hyperledger Besu is an open-source Ethereum client designed for demanding enterprise applications requiring secure, high-performance transaction processing in a private network. It's developed under the Apache 2.0 license and written in Java.
sudo apt updatesudo apt install openjdk-11-jdk -y
Review the latest release at https://github.com/hyperledger/besu/releases
File can be downloaded from https://dl.bintray.com/hyperledger-org/besu-repo
cdwget -O besu.tar.gz https://dl.bintray.com/hyperledger-org/besu-repo/besu-20.10.1.tar.gztar -xvf besu.tar.gzrm besu.tar.gzmv besu* besu
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
Simply copy/paste the following.
cat > $HOME/eth1.service << EOF[Unit]Description = besu eth1 serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = $(echo $HOME)/besu/bin/besu --metrics-enabled --rpc-http-enabled --data-path="$HOME/.besu"Restart = on-failureRestartSec = 3[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1
sudo systemctl start eth1
Nethermind is a flagship Ethereum client all about performance and flexibility. Built on .NET core, a widespread, enterprise-friendly platform, Nethermind makes integration with existing infrastructures simple, without losing sight of stability, reliability, data integrity, and security.
sudo apt-get updatesudo apt-get install curl libsnappy-dev libc6-dev jq libc6 unzip -y
Review the latest release at https://github.com/NethermindEth/nethermind/releases
Automatically download the latest linux release, un-zip and cleanup.
mkdir $HOME/nethermindchmod 775 $HOME/nethermindcd $HOME/nethermindcurl -s https://api.github.com/repos/NethermindEth/nethermind/releases/latest | jq -r ".assets[] | select(.name) | .browser_download_url" | grep linux | xargs wget -q --show-progressunzip -o nethermind*.ziprm nethermind*linux*.zip
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
Simply copy/paste the following.
cat > $HOME/eth1.service << EOF[Unit]Description = nethermind eth1 serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = $(echo $HOME)/nethermind/Nethermind.Runner --baseDbPath $HOME/.nethermind --Metrics.Enabled true --JsonRpc.Enabled true --Sync.DownloadBodiesInFastSync true --Sync.DownloadReceiptsInFastSync true --Sync.AncientBodiesBarrier 11052984 --Sync.AncientReceiptsBarrier 11052984Restart = on-failureRestartSec = 3[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1
sudo systemctl start eth1
Note about Metric Error messages: You will see these until prometheus pushergateway is setup in section 6. Error in MetricPusher: System.Net.Http.HttpRequestException: Connection refused
Erigon - Successor to OpenEthereum, Erigon is an implementation of Ethereum (aka "Ethereum client"), on the efficiency frontier, written in Go.
wget -O go.tar.gz https://golang.org/dl/go1.16.5.linux-amd64.tar.gz
sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go.tar.gz
echo export PATH=$PATH:/usr/local/go/bin>> $HOME/.bashrcsource $HOME/.bashrc
Verify Go is properly installed and cleanup files.
go versionrm go.tar.gz
Review the latest release at https://github.com/ledgerwatch/erigon/releases
cd $HOMEgit clone --recurse-submodules -j8 https://github.com/ledgerwatch/erigon.gitcd erigonmake erigon && make rpcdaemon
Make data directory and update directory ownership.
sudo mkdir -p /var/lib/erigonsudo chown $USER:$USER /var/lib/erigon
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
Simply copy/paste the following.
cat > $HOME/eth1.service << EOF[Unit]Description = erigon eth1 serviceWants = network-online.targetAfter = network-online.targetRequires = eth1-erigon.service[Service]Type = simpleUser = $USERExecStart = $HOME/erigon/build/bin/erigon --datadir /var/lib/erigon --chain mainnet --private.api.addr=localhost:9089 --metrics --pprof --prune htcRestart = on-failureRestartSec = 3KillSignal = SIGINTTimeoutStopSec = 5[Install]WantedBy = multi-user.targetEOF
By default with Erigon, --prune deletes data older than 90K blocks from the tip of the chain (aka, for if tip block is no. 12'000'000, only the data between 11'910'000-12'000'000 will be kept).
cat > $HOME/eth1-erigon.service << EOF[Unit]Description = erigon rpcdaemon serviceBindsTo = eth1.serviceAfter = eth1.service[Service]Type = simpleUser = $USERExecStartPre = /bin/sleep 3ExecStart = $HOME/erigon/build/bin/rpcdaemon --private.api.addr=localhost:9089 --datadir /var/lib/erigon --http.api=eth,erigon,web3,net,debug,trace,txpool,shhRestart = on-failureRestartSec = 3KillSignal = SIGINTTimeoutStopSec = 5[Install]WantedBy = eth1.serviceEOF
Move the unit files to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.servicesudo mv $HOME/eth1-erigon.service /etc/systemd/system/eth1-erigon.service
sudo chmod 644 /etc/systemd/system/eth1.servicesudo chmod 644 /etc/systemd/system/eth1-erigon.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1 eth1-erigon
sudo systemctl start eth1
OpenEthereum will no longer be supported post London hard fork. Gnosis, maintainers of OpenEthereum, suggest users migrate to their new Erigon Ethererum client.
OpenEthereum - It's goal is to be the fastest, lightest, and most secure Ethereum client using the Rust programming language. OpenEthereum is licensed under the GPLv3 and can be used for all your Ethereum needs.
sudo apt-get updatesudo apt-get install curl jq unzip -y
Review the latest release at https://github.com/openethereum/openethereum/releases
Automatically download the latest linux release, un-zip, add execute permissions and cleanup.
mkdir $HOME/openethereumcd $HOME/openethereumcurl -s https://api.github.com/repos/openethereum/openethereum/releases/latest | jq -r ".assets[] | select(.name) | .browser_download_url" | grep linux | xargs wget -q --show-progressunzip -o openethereum*.zipchmod +x openethereumrm openethereum*.zip
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
Simply copy/paste the following.
cat > $HOME/eth1.service << EOF[Unit]Description = openethereum eth1 serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = $(echo $HOME)/openethereum/openethereum --metrics --metrics-port=6060Restart = on-failureRestartSec = 3[Install]WantedBy = multi-user.targetEOF
Nimbus Specific Configuration: Add the following flag to the ExecStart line.
--ws-origins=all
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1
sudo systemctl start eth1
Infura is suitable for limited disk space setups. Always run your own full eth1 node when possible.
Sign up for an API access key at https://infura.io/
Sign up for a free account.
Confirm your email address.
Visit your dashboard https://infura.io/dashboard
Create a project, give it a name.
Select Mainnet as the ENDPOINT
Follow the specific configuration for your eth2 client found below.
Alternatively use a free Ethereum node such as Chainstack at https://ethereumnodes.com/
When creating your systemd's unit file, update the
--web-urlparameter with this endpoint.Copy the websocket endpoint. Starts with
wss://Save this for step 4, configuring your eth2 node.
#example--web3-url=<your wss:// infura endpoint>
After creating the
teku.yamllocated in/etc/teku/teku.yaml, update the--eth1-endpointparameter with this endpoint.Copy the http endpoint. Starts with
http://Save this for step 4, configuring your eth2 node.
#exampleeth1-endpoint: <your https:// infura endpoint>
When creating your beacon chain systemd unit file, add the
--eth1-endpointparameter with this endpoint.Copy the https endpoint. Starts with
https://Save this for step 4, configuring your eth2 node.
#example--eth1-endpoint=<your https:// infura endpoint>
When creating your beacon chain systemd unit file, update the
--http-web3providerparameter with this endpoint.Copy the https endpoint. Starts with
https://Save this for step 4, configuring your eth2 node.
#example--http-web3provider=<your https:// infura endpoint>
Syncing an eth1 node can take up to 1 week. On high-end machines with gigabit internet, expect syncing to take less than a day.
Your eth1 node is fully sync'd when these events occur.
OpenEthereum:Imported #<block number>Geth:Imported new chain segmentBesu:Imported #<block number>Nethermind:No longer syncing Old Headers
🗒 To view and follow eth1 logs
journalctl -fu eth1
🗒 To stop eth1 service
sudo systemctl stop eth1
Your choice of Lighthouse, Nimbus, Teku, Prysm or Lodestar.
Lighthouse is an Eth2.0 client with a heavy focus on speed and security. The team behind it, Sigma Prime, is an information security and software engineering firm who have funded Lighthouse along with the Ethereum Foundation, Consensys, and private individuals. Lighthouse is built in Rust and offered under an Apache 2.0 License.
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Enter '1' to proceed with the default install.
Update your environment variables.
echo export PATH="$HOME/.cargo/bin:$PATH" >> ~/.bashrcsource ~/.bashrc
Install rust dependencies.
sudo apt-get updatesudo apt install -y git gcc g++ make cmake pkg-config libssl-dev
mkdir ~/gitcd ~/gitgit clone https://github.com/sigp/lighthouse.gitcd lighthousegit fetch --all && git checkout stable && git pullmake
In case of compilation errors, run the following sequence.
rustup updatecargo cleanmake
This build process may take a few minutes.
Verify lighthouse was installed properly by checking the version number.
lighthouse --version
When you import your keys into Lighthouse, your validator signing key(s) are stored in the $HOME/.lighthouse/mainnet/validators folder.
Run the following command to import your validator keys from the eth2deposit-cli tool directory.
Enter your keystore password to import accounts.
lighthouse account validator import --network mainnet --directory=$HOME/eth2deposit-cli/validator_keys
Verify the accounts were imported successfully.
lighthouse account_manager validator list --network mainnet
WARNING: DO NOT USE THE ORIGINAL KEYSTORES TO VALIDATE WITH ANOTHER CLIENT, OR YOU WILL GET SLASHED.
Specific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.
Lighthouse beacon chain requires port 9000 for tcp and udp
eth1 node requires port 30303 for tcp and udp
✨ Port Forwarding Tip: You'll need to forward and open ports to your validator. Verify it's working with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .
Auto-start your beacon chain when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed beacon chain processes.
Maximize your beacon chain up-time and performance.
Run the following to create a unit file to define yourbeacon-chain.service configuration. Simply copy and paste.
cat > $HOME/beacon-chain.service << EOF# The eth2 beacon chain service (part of systemd)# file: /etc/systemd/system/beacon-chain.service[Unit]Description = eth2 beacon chain serviceWants = network-online.targetAfter = network-online.target[Service]User = $USERExecStart = $(which lighthouse) bn --staking --validator-monitor-auto --metrics --network mainnetRestart = on-failure[Install]WantedBy = multi-user.targetEOF
🔥 Lighthouse Pro Tip: On the ExecStart line, adding the --eth1-endpoints flag allows for redundant eth1 nodes. Separate with comma. Make sure the endpoint does not end with a trailing slash or/ Remove it.
# Example:--eth1-endpoints http://localhost:8545,https://nodes.mewapi.io/rpc/eth,https://mainnet.eth.cloud.ava.do,https://mainnet.infura.io/v3/xxx
💸 Find free ethereum fallback nodes at https://ethereumnodes.com/
Move the unit file to /etc/systemd/system
sudo mv $HOME/beacon-chain.service /etc/systemd/system/beacon-chain.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/beacon-chain.service
Run the following to enable auto-start at boot time and then start your beacon node service.
sudo systemctl daemon-reloadsudo systemctl enable beacon-chainsudo systemctl start beacon-chain
Troubleshooting common issues:
The beacon chain couldn't connect to the :8545 service?
In the beacon chain unit file under [Service], add, "
ExecStartPre = /bin/sleep 30" so that it waits 30 seconds for eth1 node to startup before connecting.
CRIT Invalid eth1 chain id. Please switch to correct chain id.
Allow your eth1 node to fully sync to mainnet.
Nice work. Your beacon chain is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
#view and follow the logjournalctl --unit=beacon-chain -f
#view log since yesterdayjournalctl --unit=beacon-chain --since=yesterday
#view log since todayjournalctl --unit=beacon-chain --since=today
#view log between a datejournalctl --unit=beacon-chain --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active beacon-chain
sudo systemctl status beacon-chain
sudo systemctl reload-or-restart beacon-chain
sudo systemctl stop beacon-chain
Setup your graffiti, a custom message included in blocks your validator successfully proposes, and earn a POAP token. Generate your POAP string by supplying an Ethereum 1.0 address here.
Run the following command to set the MY_GRAFFITI variable. Replace <my POAP string or message> between the single quotes.
MY_GRAFFITI='<my POAP string or message>'# Examples# MY_GRAFFITI='poapAAAAACGatUA1bLuDnL4FMD13BfoD'# MY_GRAFFITI='eth2 rulez!'
Learn more about POAP - The Proof of Attendance token.
Auto-start your validator when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed validator processes.
Maximize your validator up-time and performance.
Run the following to create a unit file to define yourvalidator.service configuration. Simply copy and paste.
cat > $HOME/validator.service << EOF# The eth2 validator service (part of systemd)# file: /etc/systemd/system/validator.service[Unit]Description = eth2 validator serviceWants = network-online.target beacon-chain.serviceAfter = network-online.target[Service]User = $USERExecStart = $(which lighthouse) vc --network mainnet --graffiti "${MY_GRAFFITI}" --metrics --enable-doppelganger-protectionRestart = on-failure[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system
sudo mv $HOME/validator.service /etc/systemd/system/validator.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/validator.service
Run the following to enable auto-start at boot time and then start your validator.
sudo systemctl daemon-reloadsudo systemctl enable validatorsudo systemctl start validator
Nice work. Your validator is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
#view and follow the logjournalctl --unit=validator -f
#view log since yesterdayjournalctl --unit=validator --since=yesterday
#view log since todayjournalctl --unit=validator --since=today
#view log between a datejournalctl --unit=validator --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active validator
sudo systemctl status validator
sudo systemctl reload-or-restart validator
sudo systemctl stop validator
Nimbus is a research project and a client implementation for Ethereum 2.0 designed to perform well on embedded systems and personal mobile devices, including older smartphones with resource-restricted hardware. The Nimbus team are from Status the company best known for their messaging app/wallet/Web3 browser by the same name. Nimbus (Apache 2) is written in Nim, a language with Python-like syntax that compiles to C.
💡 Noteworthy: binaries for all the usual platforms as well as dockers for x86 and arm can be found below:
https://github.com/status-im/nimbus-eth2/releases/ https://hub.docker.com/r/statusim/nimbus-eth2
Install dependencies.
sudo apt-get updatesudo apt-get install curl build-essential git -y
Install and build Nimbus.
mkdir ~/gitcd ~/gitgit clone https://github.com/status-im/nimbus-eth2cd nimbus-eth2make nimbus_beacon_node
The build process may take a few minutes.
Verify Nimbus was installed properly by displaying the help.
cd $HOME/git/nimbus-eth2/build./nimbus_beacon_node --help
Copy the binary file to /usr/bin
sudo cp $HOME/git/nimbus-eth2/build/nimbus_beacon_node /usr/bin
Create a directory structure to store nimbus data.
sudo mkdir -p /var/lib/nimbus
Take ownership of this directory and set the correct permission level.
sudo chown $(whoami):$(whoami) /var/lib/nimbussudo chmod 700 /var/lib/nimbus
The following command will import your validator keys.
Enter your keystore password to import accounts.
cd $HOME/git/nimbus-eth2build/nimbus_beacon_node deposits import --data-dir=/var/lib/nimbus $HOME/eth2deposit-cli/validator_keys
Now you can verify the accounts were imported successfully by doing a directory listing.
ll /var/lib/nimbus/validators
You should see a folder named for each of your validator's pubkey.
When you import your keys into Nimbus, your validator signing key(s) are stored in the /var/lib/nimbus folder, under secrets and validators.
The secrets folder contains the common secret that gives you access to all your validator keys.
The validators folder contains your signing keystore(s) (encrypted keys). Keystores are used by validators as a method for exchanging keys.
For more on keys and keystores, see here.
WARNING: DO NOT USE THE ORIGINAL KEYSTORES TO VALIDATE WITH ANOTHER CLIENT, OR YOU WILL GET SLASHED.
Specific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.
Nimbus beacon chain node will use port 9000 for tcp and udp
eth1 node requires port 30303 for tcp and udp
✨ Port Forwarding Tip: You'll need to forward and open ports to your validator. Verify it's working with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .
Nimbus combines both the beacon chain and validator into one process.
Setup your graffiti, a custom message included in blocks your validator successfully proposes, and earn a POAP token. Generate your POAP string by supplying an Ethereum 1.0 address here.
Run the following command to set the MY_GRAFFITI variable. Replace <my POAP string or message> between the single quotes.
MY_GRAFFITI='<my POAP string or message>'# Examples# MY_GRAFFITI='poapAAAAACGatUA1bLuDnL4FMD13BfoD'# MY_GRAFFITI='eth2 rulez!'
Learn more about POAP - The Proof of Attendance token.
Auto-start your beacon chain when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed beacon chain processes.
Maximize your beacon chain up-time and performance.
Run the following to create a unit file to define yourbeacon-chain.service configuration. Simply copy and paste.
cat > $HOME/beacon-chain.service << EOF# The eth2 beacon chain service (part of systemd)# file: /etc/systemd/system/beacon-chain.service[Unit]Description = eth2 beacon chain serviceWants = network-online.targetAfter = network-online.target[Service]Type = simpleUser = $(whoami)WorkingDirectory= /var/lib/nimbusExecStart = /bin/bash -c '/usr/bin/nimbus_beacon_node --network=mainnet --graffiti="${MY_GRAFFITI}" --data-dir=/var/lib/nimbus --web3-url=ws://127.0.0.1:8546 --metrics --metrics-port=8008 --rpc --rpc-port=9091 --validators-dir=/var/lib/nimbus/validators --secrets-dir=/var/lib/nimbus/secrets --log-file=/var/lib/nimbus/beacon.log'Restart = on-failure[Install]WantedBy = multi-user.targetEOF
Nimbus only supports websocket connections ("ws://" and "wss://") for the ETH1 node. Geth, OpenEthereum and Infura ETH1 nodes are verified compatible.
Move the unit file to /etc/systemd/system
sudo mv $HOME/beacon-chain.service /etc/systemd/system/beacon-chain.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/beacon-chain.service
Run the following to enable auto-start at boot time and then start your beacon node service.
sudo systemctl daemon-reloadsudo systemctl enable beacon-chainsudo systemctl start beacon-chain
Nice work. Your beacon chain is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
#view and follow the logjournalctl --unit=beacon-chain -f
#view log since yesterdayjournalctl --unit=beacon-chain --since=yesterday
#view log since todayjournalctl --unit=beacon-chain --since=today
#view log between a datejournalctl --unit=beacon-chain --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active beacon-chain
sudo systemctl status beacon-chain
sudo systemctl reload-or-restart beacon-chain
sudo systemctl stop beacon-chain
PegaSys Teku (formerly known as Artemis) is a Java-based Ethereum 2.0 client designed & built to meet institutional needs and security requirements. PegaSys is an arm of ConsenSys dedicated to building enterprise-ready clients and tools for interacting with the core Ethereum platform. Teku is Apache 2 licensed and written in Java, a language notable for its materity & ubiquity.
Install git.
sudo apt-get install git -y
Install Java 11.
For Ubuntu 20.x, use the following
sudo apt updatesudo apt install openjdk-11-jdk -y
For Ubuntu 18.x, use the following
sudo add-apt-repository ppa:linuxuprising/javasudo apt updatesudo apt install oracle-java11-set-default -y
Verify Java 11+ is installed.
java --version
Install and build Teku.
mkdir ~/gitcd ~/gitgit clone https://github.com/ConsenSys/teku.gitcd teku./gradlew distTar installDist
This build process may take a few minutes.
Verify Teku was installed properly by displaying the version.
cd $HOME/git/teku/build/install/teku/bin./teku --version
Copy the teku binary file to /usr/bin/teku
sudo cp -r $HOME/git/teku/build/install/teku /usr/bin/teku
Specific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.
Teku beacon chain node will use port 9000 for tcp and udp
eth1 node requires port 30303 for tcp and udp
✨ Port Forwarding Tip: You'll need to forward and open ports to your validator. Verify it's working with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .
Teku combines both the beacon chain and validator into one process.
Setup a directory structure for Teku.
sudo mkdir -p /var/lib/tekusudo mkdir -p /etc/tekusudo chown $(whoami):$(whoami) /var/lib/teku
Copy your validator_files directory to the data directory we created above and remove the extra deposit_data file.
cp -r $HOME/eth2deposit-cli/validator_keys /var/lib/tekurm /var/lib/teku/validator_keys/deposit_data*
WARNING: DO NOT USE THE ORIGINAL KEYSTORES TO VALIDATE WITH ANOTHER CLIENT, OR YOU WILL GET SLASHED.
Store your keystore password in a file and make it read-only. This is required so that Teku can decrypt and load your validators.
Update your keystore password between the quotation marks after echo.
echo 'my_password_goes_here' > $HOME/validators-password.txtsudo mv $HOME/validators-password.txt /etc/teku/validators-password.txtsudo chmod 600 /etc/teku/validators-password.txt
Clear the bash history in order to remove traces of keystore password.
shred -u ~/.bash_history && touch ~/.bash_history
Setup your graffiti, a custom message included in blocks your validator successfully proposes, and earn a POAP token. Generate your POAP string by supplying an Ethereum 1.0 address here.
Run the following command to set the MY_GRAFFITI variable. Replace <my POAP string or message> between the single quotes.
MY_GRAFFITI='<my POAP string or message>'# Examples# MY_GRAFFITI='poapAAAAACGatUA1bLuDnL4FMD13BfoD'# MY_GRAFFITI='eth2 rulez!'
Learn more about POAP - The Proof of Attendance token.
Generate your Teku Config file. Simply copy and paste.
cat > $HOME/teku.yaml << EOF# networknetwork: "mainnet"# p2pp2p-enabled: truep2p-port: 9000# validatorsvalidator-keys: "/var/lib/teku/validator_keys:/var/lib/teku/validator_keys"validators-graffiti: "${MY_GRAFFITI}"# Eth 1eth1-endpoint: "http://localhost:8545"# metricsmetrics-enabled: truemetrics-port: 8008# databasedata-path: "$(echo $HOME)/tekudata"data-storage-mode: "archive"# rest apirest-api-port: 5051rest-api-docs-enabled: truerest-api-enabled: true# logginglog-include-validator-duties-enabled: truelog-destination: CONSOLEEOF
Move the config file to /etc/teku
sudo mv $HOME/teku.yaml /etc/teku/teku.yaml
When specifying directories for your validator-keys, Teku expects to find identically named keystore and password files.
For example keystore-m_12221_3600_1_0_0-11222333.json and keystore-m_12221_3600_1_0_0-11222333.txt
Create a corresponding password file for every one of your validators.
for f in /var/lib/teku/validator_keys/keystore*.json; do cp /etc/teku/validators-password.txt /var/lib/teku/validator_keys/$(basename $f .json).txt; done
Verify that your validator's keystore and validator's passwords are present by checking the following directory.
ll /var/lib/teku/validator_keys
Use systemd to manage starting and stopping teku.
Auto-start your beacon chain when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed beacon chain processes.
Maximize your beacon chain up-time and performance.
Run the following to create a unit file to define yourbeacon-chain.service configuration.
cat > $HOME/beacon-chain.service << EOF# The eth2 beacon chain service (part of systemd)# file: /etc/systemd/system/beacon-chain.service[Unit]Description = eth2 beacon chain serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = /usr/bin/teku/bin/teku -c /etc/teku/teku.yamlRestart = on-failureEnvironment = JAVA_OPTS=-Xmx5g[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system
sudo mv $HOME/beacon-chain.service /etc/systemd/system/beacon-chain.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/beacon-chain.service
Run the following to enable auto-start at boot time and then start your beacon node service.
sudo systemctl daemon-reloadsudo systemctl enable beacon-chainsudo systemctl start beacon-chain
Nice work. Your beacon chain is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
#view and follow the logjournalctl --unit=beacon-chain -f
#view log since yesterdayjournalctl --unit=beacon-chain --since=yesterday
#view log since todayjournalctl --unit=beacon-chain --since=today
#view log between a datejournalctl --unit=beacon-chain --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active beacon-chain
sudo systemctl status beacon-chain
sudo systemctl reload-or-restart beacon-chain
sudo systemctl stop beacon-chain
Prysm is a Go implementation of Ethereum 2.0 protocol with a focus on usability, security, and reliability. Prysm is developed by Prysmatic Labs, a company with the sole focus on the development of their client. Prysm is written in Go and released under a GPL-3.0 license.
mkdir ~/prysm && cd ~/prysmcurl https://raw.githubusercontent.com/prysmaticlabs/prysm/master/prysm.sh --output prysm.sh && chmod +x prysm.sh
Specific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.
Prysm beacon chain node will use port 12000 for udp and port 13000 for tcp
eth1 node requires port 30303 for tcp and udp
✨ Port Forwarding Tip: You'll need to forward and open ports to your validator. Verify it's working with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .
Accept terms of use, accept default wallet location, enter a new prysm-only password to encrypt your local prysm wallet files and enter the keystore password for your imported accounts.
If you wish, you can use the same password for the keystore and prysm-only.
$HOME/prysm/prysm.sh validator accounts import --mainnet --keys-dir=$HOME/eth2deposit-cli/validator_keys
Verify your validators imported successfully.
$HOME/prysm/prysm.sh validator accounts list --mainnet
Confirm your validator's pubkeys are listed.
#Example output:
Showing 1 validator account View the eth1 deposit transaction data for your accounts by running `validator accounts list --show-deposit-data
Account 0 | pens-brother-heat [validating public key] 0x2374.....7121
WARNING: DO NOT USE THE ORIGINAL KEYSTORES TO VALIDATE WITH ANOTHER CLIENT, OR YOU WILL GET SLASHED.
Auto-start your beacon chain when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed beacon chain processes.
Maximize your beacon chain up-time and performance.
Run the following to create a unit file to define yourbeacon-chain.service configuration. Simply copy and paste.
cat > $HOME/beacon-chain.service << EOF# The eth2 beacon chain service (part of systemd)# file: /etc/systemd/system/beacon-chain.service[Unit]Description = eth2 beacon chain serviceWants = network-online.targetAfter = network-online.target[Service]Type = simpleUser = $(whoami)ExecStart = $(echo $HOME)/prysm/prysm.sh beacon-chain --mainnet --p2p-max-peers=45 --http-web3provider=http://127.0.0.1:8545 --accept-terms-of-useRestart = on-failure[Install]WantedBy = multi-user.targetEOF
🔥 Prysm Pro Tip: On the ExecStart line, adding the --fallback-web3provider flag allows for a backup eth1 node. May use flag multiple times. Make sure the endpoint does not end with a trailing slash or/ Remove it.
--fallback-web3provider=<http://<alternate eth1 provider one> --fallback-web3provider=<http://<alternate eth1 provider two># Example# --fallback-web3provider=https://nodes.mewapi.io/rpc/eth --fallback-web3provider=https://mainnet.infura.io/v3/YOUR-PROJECT-ID
💸 Find free ethereum fallback nodes at https://ethereumnodes.com/
Move the unit file to /etc/systemd/system
sudo mv $HOME/beacon-chain.service /etc/systemd/system/beacon-chain.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/beacon-chain.service
Run the following to enable auto-start at boot time and then start your beacon node service.
sudo systemctl daemon-reloadsudo systemctl enable beacon-chainsudo systemctl start beacon-chain
Nice work. Your beacon chain is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
#view and follow the logjournalctl --unit=beacon-chain -f
#view log since yesterdayjournalctl --unit=beacon-chain --since=yesterday
#view log since todayjournalctl --unit=beacon-chain --since=today
#view log between a datejournalctl --unit=beacon-chain --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active beacon-chain
sudo systemctl status beacon-chain