Guide | How to setup a validator on ETH2 mainnet
As of March 29 2021, this guide is updated for mainnet. 😁
✨ For the PYRMONT testnet guide, please click here. Always test on testnet.
🎊 2020-12 Update: Thanks to all Gitcoin contributors, where you can contribute via quadratic funding and make a big impact. Funding complete! Thank you!🙏
As a validator for eth2, you will typically have the following abilities:
operational knowledge of how to set up, run and maintain a eth2 beacon node and validator continuously
a long term commitment to maintain your validator 24/7/365
basic operating system skills
have learned the essentials by watching 'Intro to Eth2 & Staking for Beginners' by Superphiz
have passed or is actively enrolled in the Eth2 Study Master course
and have read the 8 Things Every Eth2 validator should know.
Operating system: 64-bit Linux (i.e. Ubuntu 20.04 LTS Server or Desktop)
Processor: Dual core CPU, Intel Core i5–760 or AMD FX-8100 or better
Memory: 8GB RAM
Storage: 128GB SSD
Internet: Broadband internet connection with speeds at least 1 Mbps.
Power: Reliable electrical power.
ETH balance: at least 32 ETH and some ETH for deposit transaction fees
Wallet: Metamask installed
Operating system: 64-bit Linux (i.e. Ubuntu 20.04 LTS Server or Desktop)
Processor: Quad core CPU, Intel Core i7–4770 or AMD FX-8310 or better
Memory: 16GB RAM or more
Storage: 1TB SSD or more
Internet: Broadband internet connections with speeds at least 10 Mbps without data limit.
Power: Reliable electrical power with uninterruptible power supply (UPS)
ETH balance: at least 32 ETH and some ETH for deposit transaction fees
Wallet: Metamask installed
✨ Pro Validator Tip: Highly recommend you begin with a brand new instance of an OS, VM, and/or machine. Avoid headaches by NOT reusing testnet keys, wallets, or databases for your validator.
If you need ideas or a reminder on how to secure your validator, refer to
If you need to install Ubuntu Server, refer to
Or Ubuntu Desktop,
If you need to install Metamask, refer to
At the end of this guide, you will build a node that hosts three main components: a validator client, a beacon chain client and an eth1 node.
Validator client - Responsible for producing new blocks and attestations in the beacon chain and shard chains.
Beacon chain client - Responsible for managing the state of the beacon chain, validator shuffling, and more.
Eth1 node - Supplies incoming validator deposits from the eth1 mainnet chain to the beacon chain client.
Note: Teku and Nimbus combines both clients into one process.
Every 32 ETH you own allows you to make 1 validator. You can run thousands of validators with your beacon node.
Your ETH (or multiples of 32 ETH) should be consolidated into a single address accessible with Metamask.
If you need to buy/exchange or top up your ETH to a multiple of 32, check out:
Install dependencies, the ethereum foundation deposit tool and generate your two sets of key pairs.
Each validator will have two sets of key pairs. A signing key and a withdrawal key. These keys are derived from a single mnemonic phrase. Learn more about keys.
You have the choice of downloading the pre-built ethereum foundation deposit tool or building it from source.
Install dependencies.
sudo apt updatesudo apt install python3-pip git -y
Download source code and install.
cd $HOMEgit clone https://github.com/ethereum/eth2.0-deposit-cli.git eth2deposit-clicd eth2deposit-clisudo ./deposit.sh install
Make a new mnemonic.
./deposit.sh new-mnemonic --chain mainnet
Download eth2deposit-cli.
cd $HOMEwget https://github.com/ethereum/eth2.0-deposit-cli/releases/download/v1.1.0/eth2deposit-cli-ed5a6d3-linux-amd64.tar.gz
Verify the SHA256 Checksum matches the checksum on the releases page.
echo "2107f26f954545f423530e3501ae616c222b6bf77774a4f2743effb8fe4bcbe7 *eth2deposit-cli-ed5a6d3-linux-amd64.tar.gz" | shasum -a 256 --check
Example valid output:
eth2deposit-cli-ed5a6d3-linux-amd64.tar.gz: OK
Only proceed if the sha256 check passes with OK!
Extract the archive.
tar -xvf eth2deposit-cli-ed5a6d3-linux-amd64.tar.gzmv eth2deposit-cli-ed5a6d3-linux-amd64 eth2deposit-clirm eth2deposit-cli-ed5a6d3-linux-amd64.tar.gzcd eth2deposit-cli
Make a new mnemonic.
./deposit new-mnemonic --chain mainnet
🔥[ Optional ] Pro Security Tip: Run the eth2deposit-cli tool and generate your mnemonic seed for your validator keys on an air-gapped offline machine booted from usb.
Follow this ethstaker.cc exclusive for the low down on making a bootable usb.
You can copy via USB key the pre-built eth2deposit-cli binaries from an online machine to an air-gapped offline machine booted from usb. Make sure to disconnect the ethernet cable and/or WIFI.
2. Follow the prompts and pick a KEYSTORE password. This password encrypts your keystore files. Write down your mnemonic and keep this safe and offline.
🚧 Caution: Only deposit the 32 ETH per validator if you are confident your ETH1 node and ETH2 validator will be fully synched and ready to perform validator duties. You can return later to launchpad with your deposit-data to finish the next steps.
3. Follow the steps at https://launchpad.ethereum.org/ while skipping over the steps you already just completed. Study the eth2 phase 0 overview material. Understanding eth2 is the key to success!
4. Back on the launchpad website, upload yourdeposit_data-#########.json found in the validator_keys directory.
5. Connect to the launchpad with your Metamask wallet, review and accept terms.
6. Confirm the transaction(s). There's one deposit transaction of 32 ETH for each validator.
Your transaction is sending and depositing your ETH to the official ETH2 deposit contract address.
Check, double-check, triple-check that the official Eth2 deposit contract address is correct.0x00000000219ab540356cBB839Cbe05303d7705Fa
🔥 Critical Crypto Reminder: Keep your mnemonic, keep your ETH. 🚀
Write down your mnemonic seed offline. Not email. Not cloud.
Multiple copies are better. Best stored in a metal seed.
The withdrawal keys will be generated from this mnemonic in the future.
Make offline backups, such as to a USB key, of your
validator_keysdirectory.
Ethereum 2.0 requires a connection to Ethereum 1.0 in order to monitor for 32 ETH validator deposits. Hosting your own Ethereum 1.0 node is the best way to maximize decentralization and minimize dependency on third parties such as Infura.
The subsequent steps assume you have completed the best practices security guide.
🛑 Do not run your processes as ROOT user. 😱
Your choice of either OpenEthereum, Geth, Besu, Nethermind or Infura.
OpenEthereum - It's goal is to be the fastest, lightest, and most secure Ethereum client using the Rust programming language. OpenEthereum is licensed under the GPLv3 and can be used for all your Ethereum needs.
sudo apt-get updatesudo apt-get install curl jq unzip -y
Review the latest release at https://github.com/openethereum/openethereum/releases
Automatically download the latest linux release, un-zip, add execute permissions and cleanup.
mkdir $HOME/openethereumcd $HOME/openethereumcurl -s https://api.github.com/repos/openethereum/openethereum/releases/latest | jq -r ".assets[] | select(.name) | .browser_download_url" | grep linux | xargs wget -q --show-progressunzip -o openethereum*.zipchmod +x openethereumrm openethereum*.zip
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
Simply copy/paste the following.
cat > $HOME/eth1.service << EOF[Unit]Description = openethereum eth1 serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = $(echo $HOME)/openethereum/openethereum --metrics --metrics-port=6060Restart = on-failureRestartSec = 3[Install]WantedBy = multi-user.targetEOF
Nimbus Specific Configuration: Add the following flag to the ExecStart line.
--ws-origins=all
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1
sudo systemctl start eth1
Geth - Go Ethereum is one of the three original implementations (along with C++ and Python) of the Ethereum protocol. It is written in Go, fully open source and licensed under the GNU LGPL v3.
Review the latest release notes at https://github.com/ethereum/go-ethereum/releases
sudo add-apt-repository -y ppa:ethereum/ethereumsudo apt-get update -ysudo apt-get install ethereum -y
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
Simply copy/paste the following.
cat > $HOME/eth1.service << EOF[Unit]Description = geth eth1 serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = /usr/bin/geth --http --metrics --pprofRestart = on-failureRestartSec = 3TimeoutSec = 300[Install]WantedBy = multi-user.targetEOF
Nimbus Specific Configuration: Add the following flag to the ExecStart line.
--ws
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1
sudo systemctl start eth1
Geth Tip: When is my geth node synched?
Attach to the geth console with:
geth attachhttp://127.0.0.1:8545Type the following:
eth.syncingIf it returns false, your geth node is synched.
Hyperledger Besu is an open-source Ethereum client designed for demanding enterprise applications requiring secure, high-performance transaction processing in a private network. It's developed under the Apache 2.0 license and written in Java.
sudo apt updatesudo apt install openjdk-11-jdk -y
Review the latest release at https://github.com/hyperledger/besu/releases
File can be downloaded from https://dl.bintray.com/hyperledger-org/besu-repo
cdwget -O besu.tar.gz https://dl.bintray.com/hyperledger-org/besu-repo/besu-20.10.1.tar.gztar -xvf besu.tar.gzrm besu.tar.gzmv besu* besu
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
Simply copy/paste the following.
cat > $HOME/eth1.service << EOF[Unit]Description = besu eth1 serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = $(echo $HOME)/besu/bin/besu --metrics-enabled --rpc-http-enabled --data-path="$HOME/.besu"Restart = on-failureRestartSec = 3[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1
sudo systemctl start eth1
Nethermind is a flagship Ethereum client all about performance and flexibility. Built on .NET core, a widespread, enterprise-friendly platform, Nethermind makes integration with existing infrastructures simple, without losing sight of stability, reliability, data integrity, and security.
sudo apt-get updatesudo apt-get install curl libsnappy-dev libc6-dev jq libc6 unzip -y
Review the latest release at https://github.com/NethermindEth/nethermind/releases
Automatically download the latest linux release, un-zip and cleanup.
mkdir $HOME/nethermindchmod 775 $HOME/nethermindcd $HOME/nethermindcurl -s https://api.github.com/repos/NethermindEth/nethermind/releases/latest | jq -r ".assets[] | select(.name) | .browser_download_url" | grep linux | xargs wget -q --show-progressunzip -o nethermind*.ziprm nethermind*linux*.zip
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
Simply copy/paste the following.
cat > $HOME/eth1.service << EOF[Unit]Description = nethermind eth1 serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = $(echo $HOME)/nethermind/Nethermind.Runner --baseDbPath $HOME/.nethermind --Metrics.Enabled true --JsonRpc.Enabled true --Sync.DownloadBodiesInFastSync true --Sync.DownloadReceiptsInFastSync true --Sync.AncientBodiesBarrier 11052984 --Sync.AncientReceiptsBarrier 11052984Restart = on-failureRestartSec = 3[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.service
sudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1
sudo systemctl start eth1
Note about Metric Error messages: You will see these until prometheus pushergateway is setup in section 6. Error in MetricPusher: System.Net.Http.HttpRequestException: Connection refused
Infura is suitable for limited disk space setups. Always run your own full eth1 node when possible.
Sign up for an API access key at https://infura.io/
Sign up for a free account.
Confirm your email address.
Visit your dashboard https://infura.io/dashboard
Create a project, give it a name.
Select Mainnet as the ENDPOINT
Follow the specific configuration for your eth2 client found below.
Alternatively use a free Ethereum node such as Chainstack at https://ethereumnodes.com/
When creating your systemd's unit file, update the
--web-urlparameter with this endpoint.Copy the websocket endpoint. Starts with
wss://Save this for step 4, configuring your eth2 node.
#example--web3-url=<your wss:// infura endpoint>
After creating the
teku.yamllocated in/etc/teku/teku.yaml, update the--eth1-endpointparameter with this endpoint.Copy the http endpoint. Starts with
http://Save this for step 4, configuring your eth2 node.
#exampleeth1-endpoint: <your https:// infura endpoint>
When creating your beacon chain systemd unit file, add the
--eth1-endpointparameter with this endpoint.Copy the https endpoint. Starts with
https://Save this for step 4, configuring your eth2 node.
#example--eth1-endpoint=<your https:// infura endpoint>
When creating your beacon chain systemd unit file, update the
--http-web3providerparameter with this endpoint.Copy the https endpoint. Starts with
https://Save this for step 4, configuring your eth2 node.
#example--http-web3provider=<your https:// infura endpoint>
Syncing an eth1 node can take up to 1 week. On high-end machines with gigabit internet, expect syncing to take less than a day.
Your eth1 node is fully sync'd when these events occur.
OpenEthereum:Imported #<block number>Geth:Imported new chain segmentBesu:Imported #<block number>Nethermind:No longer syncing Old Headers
🗒 To view and follow eth1 logs
journalctl -u eth1 -f
🗒 To stop eth1 service
sudo systemctl stop eth1
Your choice of Lighthouse, Nimbus, Teku, Prysm or Lodestar.
Lighthouse is an Eth2.0 client with a heavy focus on speed and security. The team behind it, Sigma Prime, is an information security and software engineering firm who have funded Lighthouse along with the Ethereum Foundation, Consensys, and private individuals. Lighthouse is built in Rust and offered under an Apache 2.0 License.
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Enter '1' to proceed with the default install.
Update your environment variables.
echo export PATH="$HOME/.cargo/bin:$PATH" >> ~/.bashrcsource ~/.bashrc
Install rust dependencies.
sudo apt-get updatesudo apt install -y git gcc g++ make cmake pkg-config libssl-dev
mkdir ~/gitcd ~/gitgit clone https://github.com/sigp/lighthouse.gitcd lighthousegit fetch --all && git checkout stable && git pullmake
In case of compilation errors, run the following sequence.
rustup updatecargo cleanmake
This build process may take a few minutes.
Verify lighthouse was installed properly by checking the version number.
lighthouse --version
When you import your keys into Lighthouse, your validator signing key(s) are stored in the $HOME/.lighthouse/mainnet/validators folder.
Run the following command to import your validator keys from the eth2deposit-cli tool directory.
Enter your keystore password to import accounts.
lighthouse account validator import --network mainnet --directory=$HOME/eth2deposit-cli/validator_keys
Verify the accounts were imported successfully.
lighthouse account_manager validator list --network mainnet
WARNING: DO NOT USE THE ORIGINAL KEYSTORES TO VALIDATE WITH ANOTHER CLIENT, OR YOU WILL GET SLASHED.
Specific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.
Lighthouse beacon chain requires port 9000 for tcp and udp
eth1 node requires port 30303 for tcp and udp
✨ Port Forwarding Tip: You'll need to forward and open ports to your validator. Verify it's working with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .
Auto-start your beacon chain when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed beacon chain processes.
Maximize your beacon chain up-time and performance.
Run the following to create a unit file to define yourbeacon-chain.service configuration. Simply copy and paste.
cat > $HOME/beacon-chain.service << EOF# The eth2 beacon chain service (part of systemd)# file: /etc/systemd/system/beacon-chain.service[Unit]Description = eth2 beacon chain serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = $(which lighthouse) bn --staking --validator-monitor-auto --metrics --network mainnetRestart = on-failure[Install]WantedBy = multi-user.targetEOF
🔥 Lighthouse Pro Tip: On the ExecStart line, adding the --eth1-endpoints flag allows for redundant eth1 nodes. Separate with comma. Make sure the endpoint does not end with a trailing slash or/ Remove it.
# Example:--eth1-endpoints http://localhost:8545,https://nodes.mewapi.io/rpc/eth,https://mainnet.eth.cloud.ava.do,https://mainnet.infura.io/v3/xxx
💸 Find free ethereum fallback nodes at https://ethereumnodes.com/
Move the unit file to /etc/systemd/system
sudo mv $HOME/beacon-chain.service /etc/systemd/system/beacon-chain.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/beacon-chain.service
Run the following to enable auto-start at boot time and then start your beacon node service.
sudo systemctl daemon-reloadsudo systemctl enable beacon-chainsudo systemctl start beacon-chain
Troubleshooting common issues:
The beacon chain couldn't connect to the :8545 service?
In the beacon chain unit file under [Service], add, "
ExecStartPre = /bin/sleep 30" so that it waits 30 seconds for eth1 node to startup before connecting.
CRIT Invalid eth1 chain id. Please switch to correct chain id.
Allow your eth1 node to fully sync to mainnet.
Nice work. Your beacon chain is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
#view and follow the logjournalctl --unit=beacon-chain -f
#view log since yesterdayjournalctl --unit=beacon-chain --since=yesterday
#view log since todayjournalctl --unit=beacon-chain --since=today
#view log between a datejournalctl --unit=beacon-chain --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active beacon-chain
sudo systemctl status beacon-chain
sudo systemctl reload-or-restart beacon-chain
sudo systemctl stop beacon-chain
Setup your graffiti, a custom message included in blocks your validator successfully proposes, and earn a POAP token. Generate your POAP string by supplying an Ethereum 1.0 address here.
Run the following command to set the MY_GRAFFITI variable. Replace <my POAP string or message> between the single quotes.
MY_GRAFFITI='<my POAP string or message>'# Examples# MY_GRAFFITI='poapAAAAACGatUA1bLuDnL4FMD13BfoD'# MY_GRAFFITI='eth2 rulez!'
Learn more about POAP - The Proof of Attendance token.
Auto-start your validator when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed validator processes.
Maximize your validator up-time and performance.
Run the following to create a unit file to define yourvalidator.service configuration. Simply copy and paste.
cat > $HOME/validator.service << EOF# The eth2 validator service (part of systemd)# file: /etc/systemd/system/validator.service[Unit]Description = eth2 validator serviceWants = network-online.target beacon-chain.serviceAfter = network-online.target[Service]User = $(whoami)ExecStart = $(which lighthouse) vc --network mainnet --graffiti "${MY_GRAFFITI}" --metricsRestart = on-failure[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system
sudo mv $HOME/validator.service /etc/systemd/system/validator.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/validator.service
Run the following to enable auto-start at boot time and then start your validator.
sudo systemctl daemon-reloadsudo systemctl enable validatorsudo systemctl start validator
Nice work. Your validator is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
#view and follow the logjournalctl --unit=validator -f
#view log since yesterdayjournalctl --unit=validator --since=yesterday
#view log since todayjournalctl --unit=validator --since=today
#view log between a datejournalctl --unit=validator --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active validator
sudo systemctl status validator
sudo systemctl reload-or-restart validator
sudo systemctl stop validator
Nimbus is a research project and a client implementation for Ethereum 2.0 designed to perform well on embedded systems and personal mobile devices, including older smartphones with resource-restricted hardware. The Nimbus team are from Status the company best known for their messaging app/wallet/Web3 browser by the same name. Nimbus (Apache 2) is written in Nim, a language with Python-like syntax that compiles to C.
Install dependencies.
sudo apt-get updatesudo apt-get install curl build-essential git -y
Install and build Nimbus.
mkdir ~/gitcd ~/gitgit clone https://github.com/status-im/nimbus-eth2cd nimbus-eth2make NIMFLAGS="-d:insecure" nimbus_beacon_node
The build process may take a few minutes.
Verify Nimbus was installed properly by displaying the help.
cd $HOME/git/nimbus-eth2/build./nimbus_beacon_node --help
Copy the binary file to /usr/bin
sudo cp $HOME/git/nimbus-eth2/build/nimbus_beacon_node /usr/bin
Create a directory structure to store nimbus data.
sudo mkdir -p /var/lib/nimbus
Take ownership of this directory and set the correct permission level.
sudo chown $(whoami):$(whoami) /var/lib/nimbussudo chmod 700 /var/lib/nimbus
The following command will import your validator keys.
Enter your keystore password to import accounts.
cd $HOME/git/nimbus-eth2build/nimbus_beacon_node deposits import --data-dir=/var/lib/nimbus $HOME/eth2deposit-cli/validator_keys
Now you can verify the accounts were imported successfully by doing a directory listing.
ll /var/lib/nimbus/validators
You should see a folder named for each of your validator's pubkey.
When you import your keys into Nimbus, your validator signing key(s) are stored in the /var/lib/nimbus folder, under secrets and validators.
The secrets folder contains the common secret that gives you access to all your validator keys.
The validators folder contains your signing keystore(s) (encrypted keys). Keystores are used by validators as a method for exchanging keys.
For more on keys and keystores, see here.
WARNING: DO NOT USE THE ORIGINAL KEYSTORES TO VALIDATE WITH ANOTHER CLIENT, OR YOU WILL GET SLASHED.
Specific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.
Nimbus beacon chain node will use port 9000 for tcp and udp
eth1 node requires port 30303 for tcp and udp
✨ Port Forwarding Tip: You'll need to forward and open ports to your validator. Verify it's working with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .
Nimbus combines both the beacon chain and validator into one process.
Setup your graffiti, a custom message included in blocks your validator successfully proposes, and earn a POAP token. Generate your POAP string by supplying an Ethereum 1.0 address here.
Run the following command to set the MY_GRAFFITI variable. Replace <my POAP string or message> between the single quotes.
MY_GRAFFITI='<my POAP string or message>'# Examples# MY_GRAFFITI='poapAAAAACGatUA1bLuDnL4FMD13BfoD'# MY_GRAFFITI='eth2 rulez!'
Learn more about POAP - The Proof of Attendance token.
Auto-start your beacon chain when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed beacon chain processes.
Maximize your beacon chain up-time and performance.
Run the following to create a unit file to define yourbeacon-chain.service configuration. Simply copy and paste.
cat > $HOME/beacon-chain.service << EOF# The eth2 beacon chain service (part of systemd)# file: /etc/systemd/system/beacon-chain.service[Unit]Description = eth2 beacon chain serviceWants = network-online.targetAfter = network-online.target[Service]Type = simpleUser = $(whoami)WorkingDirectory= /var/lib/nimbusExecStart = /bin/bash -c '/usr/bin/nimbus_beacon_node --network=mainnet --graffiti="${MY_GRAFFITI}" --data-dir=/var/lib/nimbus --web3-url=ws://127.0.0.1:8546 --metrics --metrics-port=8008 --rpc --rpc-port=9091 --validators-dir=/var/lib/nimbus/validators --secrets-dir=/var/lib/nimbus/secrets --log-file=/var/lib/nimbus/beacon.log'Restart = on-failure[Install]WantedBy = multi-user.targetEOF
Nimbus only supports websocket connections ("ws://" and "wss://") for the ETH1 node. Geth, OpenEthereum and Infura ETH1 nodes are verified compatible.
Move the unit file to /etc/systemd/system
sudo mv $HOME/beacon-chain.service /etc/systemd/system/beacon-chain.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/beacon-chain.service
Run the following to enable auto-start at boot time and then start your beacon node service.
sudo systemctl daemon-reloadsudo systemctl enable beacon-chainsudo systemctl start beacon-chain
Nice work. Your beacon chain is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
#view and follow the logjournalctl --unit=beacon-chain -f
#view log since yesterdayjournalctl --unit=beacon-chain --since=yesterday
#view log since todayjournalctl --unit=beacon-chain --since=today
#view log between a datejournalctl --unit=beacon-chain --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active beacon-chain
sudo systemctl status beacon-chain
sudo systemctl reload-or-restart beacon-chain
sudo systemctl stop beacon-chain
PegaSys Teku (formerly known as Artemis) is a Java-based Ethereum 2.0 client designed & built to meet institutional needs and security requirements. PegaSys is an arm of ConsenSys dedicated to building enterprise-ready clients and tools for interacting with the core Ethereum platform. Teku is Apache 2 licensed and written in Java, a language notable for its materity & ubiquity.
Install git.
sudo apt-get install git -y
Install Java 11.
For Ubuntu 20.x, use the following
sudo apt updatesudo apt install openjdk-11-jdk -y
For Ubuntu 18.x, use the following
sudo add-apt-repository ppa:linuxuprising/javasudo apt updatesudo apt install oracle-java11-set-default -y
Verify Java 11+ is installed.
java --version
Install and build Teku.
mkdir ~/gitcd ~/gitgit clone https://github.com/ConsenSys/teku.gitcd teku./gradlew distTar installDist
This build process may take a few minutes.
Verify Teku was installed properly by displaying the version.
cd $HOME/git/teku/build/install/teku/bin./teku --version
Copy the teku binary file to /usr/bin/teku
sudo cp -r $HOME/git/teku/build/install/teku /usr/bin/teku
Specific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.
Teku beacon chain node will use port 9000 for tcp and udp
eth1 node requires port 30303 for tcp and udp
✨ Port Forwarding Tip: You'll need to forward and open ports to your validator. Verify it's working with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .
Teku combines both the beacon chain and validator into one process.
Setup a directory structure for Teku.
sudo mkdir -p /var/lib/tekusudo mkdir -p /etc/tekusudo chown $(whoami):$(whoami) /var/lib/teku
Copy your validator_files directory to the data directory we created above and remove the extra deposit_data file.
cp -r $HOME/eth2deposit-cli/validator_keys /var/lib/tekurm /var/lib/teku/validator_keys/deposit_data*
WARNING: DO NOT USE THE ORIGINAL KEYSTORES TO VALIDATE WITH ANOTHER CLIENT, OR YOU WILL GET SLASHED.
Store your keystore password in a file and make it read-only. This is required so that Teku can decrypt and load your validators.
Update your keystore password between the quotation marks after echo.
echo 'my_password_goes_here' > $HOME/validators-password.txtsudo mv $HOME/validators-password.txt /etc/teku/validators-password.txtsudo chmod 600 /etc/teku/validators-password.txt
Setup your graffiti, a custom message included in blocks your validator successfully proposes, and earn a POAP token. Generate your POAP string by supplying an Ethereum 1.0 address here.
Run the following command to set the MY_GRAFFITI variable. Replace <my POAP string or message> between the single quotes.
MY_GRAFFITI='<my POAP string or message>'# Examples# MY_GRAFFITI='poapAAAAACGatUA1bLuDnL4FMD13BfoD'# MY_GRAFFITI='eth2 rulez!'
Learn more about POAP - The Proof of Attendance token.
Generate your Teku Config file. Simply copy and paste.
cat > $HOME/teku.yaml << EOF# networknetwork: "mainnet"# p2pp2p-enabled: truep2p-port: 9000# validatorsvalidator-keys: "/var/lib/teku/validator_keys:/var/lib/teku/validator_keys"validators-graffiti: "${MY_GRAFFITI}"# Eth 1eth1-endpoint: "http://localhost:8545"# metricsmetrics-enabled: truemetrics-port: 8008# databasedata-path: "$(echo $HOME)/tekudata"data-storage-mode: "archive"# rest apirest-api-port: 5051rest-api-docs-enabled: truerest-api-enabled: true# logginglog-include-validator-duties-enabled: truelog-destination: CONSOLEEOF
Move the config file to /etc/teku
sudo mv $HOME/teku.yaml /etc/teku/teku.yaml
When specifying directories for your validator-keys, Teku expects to find identically named keystore and password files.
For example keystore-m_12221_3600_1_0_0-11222333.json and keystore-m_12221_3600_1_0_0-11222333.txt
Create a corresponding password file for every one of your validators.
for f in /var/lib/teku/validator_keys/keystore*.json; do cp /etc/teku/validators-password.txt /var/lib/teku/validator_keys/$(basename $f .json).txt; done
Verify that your validator's keystore and validator's passwords are present by checking the following directory.
ll /var/lib/teku/validator_keys
Use systemd to manage starting and stopping teku.
Auto-start your beacon chain when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed beacon chain processes.
Maximize your beacon chain up-time and performance.
Run the following to create a unit file to define yourbeacon-chain.service configuration.
cat > $HOME/beacon-chain.service << EOF# The eth2 beacon chain service (part of systemd)# file: /etc/systemd/system/beacon-chain.service[Unit]Description = eth2 beacon chain serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = /usr/bin/teku/bin/teku -c /etc/teku/teku.yamlRestart = on-failureEnvironment = JAVA_OPTS=-Xmx5g[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system
sudo mv $HOME/beacon-chain.service /etc/systemd/system/beacon-chain.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/beacon-chain.service
Run the following to enable auto-start at boot time and then start your beacon node service.
sudo systemctl daemon-reloadsudo systemctl enable beacon-chainsudo systemctl start beacon-chain
Nice work. Your beacon chain is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
#view and follow the logjournalctl --unit=beacon-chain -f
#view log since yesterdayjournalctl --unit=beacon-chain --since=yesterday
#view log since todayjournalctl --unit=beacon-chain --since=today
#view log between a datejournalctl --unit=beacon-chain --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active beacon-chain
sudo systemctl status beacon-chain
sudo systemctl reload-or-restart beacon-chain
sudo systemctl stop beacon-chain
Prysm is a Go implementation of Ethereum 2.0 protocol with a focus on usability, security, and reliability. Prysm is developed by Prysmatic Labs, a company with the sole focus on the development of their client. Prysm is written in Go and released under a GPL-3.0 license.
mkdir ~/prysm && cd ~/prysmcurl https://raw.githubusercontent.com/prysmaticlabs/prysm/master/prysm.sh --output prysm.sh && chmod +x prysm.sh
Specific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.
Prysm beacon chain node will use port 12000 for udp and port 13000 for tcp
eth1 node requires port 30303 for tcp and udp
✨ Port Forwarding Tip: You'll need to forward and open ports to your validator. Verify it's working with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .
Accept terms of use, accept default wallet location, enter a new prysm-only password to encrypt your local prysm wallet files and enter the keystore password for your imported accounts.
If you wish, you can use the same password for the keystore and prysm.
$HOME/prysm/prysm.sh validator accounts import --mainnet --keys-dir=$HOME/eth2deposit-cli/validator_keys
Verify your validators imported successfully.
$HOME/prysm/prysm.sh validator accounts list --mainnet
Confirm your validator's pubkeys are listed.
#Example output:
Showing 1 validator account View the eth1 deposit transaction data for your accounts by running `validator accounts list --show-deposit-data
Account 0 | pens-brother-heat [validating public key] 0x2374.....7121
WARNING: DO NOT USE THE ORIGINAL KEYSTORES TO VALIDATE WITH ANOTHER CLIENT, OR YOU WILL GET SLASHED.
Auto-start your beacon chain when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed beacon chain processes.
Maximize your beacon chain up-time and performance.
Run the following to create a unit file to define yourbeacon-chain.service configuration. Simply copy and paste.
cat > $HOME/beacon-chain.service << EOF# The eth2 beacon chain service (part of systemd)# file: /etc/systemd/system/beacon-chain.service[Unit]Description = eth2 beacon chain serviceWants = network-online.targetAfter = network-online.target[Service]Type = simpleUser = $(whoami)ExecStart = $(echo $HOME)/prysm/prysm.sh beacon-chain --mainnet --p2p-max-peers=45 --http-web3provider=http://127.0.0.1:8545 --accept-terms-of-useRestart = on-failure[Install]WantedBy = multi-user.targetEOF
🔥 Prysm Pro Tip: On the ExecStart line, adding the --fallback-web3provider flag allows for a backup eth1 node. May use flag multiple times. Make sure the endpoint does not end with a trailing slash or/ Remove it.
--fallback-web3provider=<http://<alternate eth1 provider one> --fallback-web3provider=<http://<alternate eth1 provider two># Example# --fallback-web3provider=https://nodes.mewapi.io/rpc/eth --fallback-web3provider=https://mainnet.infura.io/v3/YOUR-PROJECT-ID
💸 Find free ethereum fallback nodes at https://ethereumnodes.com/
Move the unit file to /etc/systemd/system
sudo mv $HOME/beacon-chain.service /etc/systemd/system/beacon-chain.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/beacon-chain.service
Run the following to enable auto-start at boot time and then start your beacon node service.
sudo systemctl daemon-reloadsudo systemctl enable beacon-chainsudo systemctl start beacon-chain
Nice work. Your beacon chain is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
#view and follow the logjournalctl --unit=beacon-chain -f
#view log since yesterdayjournalctl --unit=beacon-chain --since=yesterday
#view log since todayjournalctl --unit=beacon-chain --since=today
#view log between a datejournalctl --unit=beacon-chain --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active beacon-chain
sudo systemctl status beacon-chain
sudo systemctl reload-or-restart beacon-chain
sudo systemctl stop beacon-chain
Store your prysm-only password in a file and make it read-only. This is required so that Prysm can decrypt and load your validators.
echo 'my_password_goes_here' > $HOME/.eth2validators/validators-password.txtsudo chmod 600 $HOME/.eth2validators/validators-password.txt
Setup your graffiti, a custom message included in blocks your validator successfully proposes, and earn a POAP token. Generate your POAP string by supplying an Ethereum 1.0 address here.
Run the following command to set the MY_GRAFFITI variable. Replace <my POAP string or message> between the single quotes.
MY_GRAFFITI='<my POAP string or message>'# Examples# MY_GRAFFITI='poapAAAAACGatUA1bLuDnL4FMD13BfoD'# MY_GRAFFITI='eth2 rulez!'
Learn more about POAP - The Proof of Attendance token.
Your choice of running a validator manually from command line or automatically with systemd.
Auto-start your validator when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed validator processes.
Maximize your validator up-time and performance.
Run the following to create a unit file to define yourvalidator.service configuration. Simply copy and paste.
cat > $HOME/validator.service << EOF# The eth2 validator service (part of systemd)# file: /etc/systemd/system/validator.service[Unit]Description = eth2 validator serviceWants = network-online.target beacon-chain.serviceAfter = network-online.target[Service]User = $(whoami)ExecStart = $(echo $HOME)/prysm/prysm.sh validator --mainnet --graffiti "${MY_GRAFFITI}" --accept-terms-of-use --wallet-password-file $(echo $HOME)/.eth2validators/validators-password.txtRestart = on-failure[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system
sudo mv $HOME/validator.service /etc/systemd/system/validator.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/validator.service
Run the following to enable auto-start at boot time and then start your validator.
sudo systemctl daemon-reloadsudo systemctl enable validatorsudo systemctl start validator
#view and follow the logjournalctl --unit=validator -f
#view log since yesterdayjournalctl --unit=validator --since=yesterday
#view log since todayjournalctl --unit=validator --since=today
#view log between a datejournalctl --unit=validator --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active validator
sudo systemctl status validator
sudo systemctl reload-or-restart validator
sudo systemctl stop validator
Verify that your validator public key appears in the logs.
journalctl --unit=validator --since=today# Example below# INFO Enabled validator voting_pubkey: 0x2374.....7121
Lodestar is a Typescript implementation of the official Ethereum 2.0 specification by the ChainSafe.io team. In addition to the beacon chain client, the team is also working on 22 packages and libraries. A complete list can be found here. Finally, the Lodestar team is leading the Eth2 space in light client research and development and has received funding from the EF and Moloch DAO for this purpose.
Install curl and git.
sudo apt-get install gcc g++ make git curl -y
Install yarn.
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.listsudo apt updatesudo apt install yarn -y
Confirm yarn is installed properly.
yarn --version# Should output version >= 1.22.4
Install nodejs.
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -sudo apt-get install -y nodejs
Confirm nodejs is installed properly.
nodejs -v# Should output version >= v12.18.3
Install and build Lodestar.
mkdir ~/gitcd ~/gitgit clone https://github.com/chainsafe/lodestar.gitcd lodestaryarn install --ignore-optionalyarn run build
This build process may take a few minutes.
Verify Lodestar was installed properly by displaying the help menu.
./lodestar --help
Specific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.
Lodestar beacon chain node will use port 30607 for tcp and port 9000 for udp peer discovery.
eth1 node requires port 30303 for tcp and udp
✨ Port Forwarding Tip: You'll need to forward and open ports to your validator. Verify it's working with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .
./lodestar account validator import \--network mainnet \--directory $HOME/eth2deposit-cli/validator_keys
Enter your keystore password to import accounts.
Confirm your keys were imported properly.
./lodestar account validator list --network mainnet
WARNING: DO NOT USE THE ORIGINAL KEYSTORES TO VALIDATE WITH ANOTHER CLIENT, OR YOU WILL GET SLASHED.
Run the beacon chain automatically with systemd.
Auto-start your beacon chain when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed beacon chain processes.
Maximize your beacon chain up-time and performance.
Run the following to create a unit file to define yourbeacon-chain.service configuration. Simply copy and paste.
cat > $HOME/beacon-chain.service << EOF# The eth2 beacon chain service (part of systemd)# file: /etc/systemd/system/beacon-chain.service[Unit]Description = eth2 beacon chain serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)WorkingDirectory= $(echo $HOME)/git/lodestarExecStart = $(echo $HOME)/git/lodestar/lodestar beacon --network mainnet --eth1.providerUrl http://localhost:8545 --metrics.enabled true --metrics.serverPort 8008Restart = on-failure[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system
sudo mv $HOME/beacon-chain.service /etc/systemd/system/beacon-chain.service
Update file permissions.
sudo chmod 644 /etc/systemd/system/beacon-chain.service
Run the following to enable auto-start at boot time and then start your beacon node service.
sudo systemctl daemon-reloadsudo systemctl enable beacon-chainsudo systemctl start beacon-chain
Nice work. Your beacon chain is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
#view and follow the logjournalctl --unit=beacon-chain -f
#view log since yesterdayjournalctl --unit=beacon-chain --since=yesterday
#view log since todayjournalctl --unit=beacon-chain --since=today
#view log between a datejournalctl --unit=beacon-chain --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
sudo systemctl is-active beacon-chain