Links

Running Nethermind & CL

Introduction

Ethereum’s long awaited shift from Proof of Work (POW) to Proof of Stake (POS) known as The Merge happened on September 15, 2022 and came with fundamental changes to the network. The most notable change is the addition of the Beacon chain (Consensus layer) which replaced Proof of Work mining. It is coordinating and pseudorandomly selecting block producers from the pool of stakers / validators in a way that makes it extremely difficult for validators to coordinate attacks on the network.
The Merge changed how operators run nodes on the Ethereum blockchain. A node now needs two clients that work together as a pair. In addition to the Execution Layer client (e.g. Nethermind) you need a Consensus Layer client that connects to the Beacon chain and runs the POS algorithm.
This guide will show you everything you need to know to operate an Ethereum node. It will show how to connect to the Goerli, Sepolia, Kiln and Ropsten test networks as well.
An easy way to run both CL and EL clients is by using Sedge. Sedge is a setup tool for PoS network/chain validators and nodes. Currently, Sedge supports multiple Linux distributions and MacOS.
To do your setup manually follow the steps below.

Step 1: Installing Nethermind

You can choose from downloading the official release, downloading the docker image, or building Nethermind from source.
Support for post merge Ropsten is available as of Nethermind version 1.13.1

Downloading Official Release

Ubuntu

Run the following commands to enable our launchpad repository run then install Nethermind
sudo add-apt-repository ppa:nethermindeth/nethermind
sudo apt install nethermind

macOS

Run the following commands to add the Nethermind repository to your local Homebrew and install
brew tap nethermindeth/nethermind
brew install nethermind

Windows

On Windows all you have to do is install and unzip the packages. There are two sources that you can download from.

Downloading Docker Image

To download the latest Docker image run the following command to install the latest Debian biased Nethermind image.
docker pull nethermind/nethermind
Currently Nethermind only supports images for AMD64 and ARM64 CPU architectures.

Building From Source

Installing Dependencies

To build Nethermind you will need to have Git and the .NET SDK 6.0 installed.
Depending on the platform you are using you may need to install extra dependencies.

Windows

You may need to install Microsoft Visual C++ Redistributable

macOS

You will need to install the following packages.
brew install gmp snappy lz4 zstd

Ubuntu 18.04 and Debian 10

You will need to install the following packages
sudo apt-get update && sudo apt-get install libsnappy-dev libc6-dev libc6
Commands for other Linux distros can be found here.

Building Nethermind

After you have installed all of the dependencies for your platform you need to clone the Nethermind repo from GitHub.
Once the download has finished enter the nethermind/src/Nethermind directory and run the build command.
git clone --recursive https://github.com/NethermindEth/nethermind.git
cd nethermind/src/Nethermind
dotnet build Nethermind.sln -c Release

Step 2: Installing Consensus Client

On the Consensus Layer you have five client implementations to choose from. Though all CL clients are great check them out for yourself and find the client best suited to your needs.
We urge you to take client diversity into consideration when choosing your CL client and avoid majority clients.

Prysm

Teku

Lighthouse

Lodestar

Nimbus

Step 3 : Configure JSON-RPC API

JWT Secrets

JSON Web Token authentication was added to the JSON-RPC API for security reasons to ensure that nothing interferes with the communication between the Execution Client (Nethermind in this case) and the Consensus Client. This requires you to create a file containing a hexadecimal “secret” that will be passed to each .
To create this “Secret File” use the following command.
openssl rand -hex 32 | tr -d "\n" > "/tmp/jwtsecret"
Install OpenSSL for Windows
Binaries - OpenSSLWiki
then simply type on your Terminal or Command Prompt (make sure you add the binaries directory to your environment variables or run the terminal from there)
where "/tmp/jwtsecret" will be the file path and name when created.
If you do not want to install OpenSSL, you may use a random hex generator website. All you need is a 64 character hex string saved to a .txt file.
fcba4ab3138530cf233568bee2d518dd960da77355333d5ac856e1f27487dc9c
We strongly recommend you use OpenSSL to generate the secret locally because it is more secure

JsonRpc Configuration Module

Nethermind has added some additional configuration settings for the JSON-RPC API to support the Consensus Clients.

Please do not use JsonRpc.Port or JsonRpc.EnabledModules for enabling Engine API. Nethermind uses JsonRpc.EnginePort, JsonRpc.EngineHost and JsonRpc.EngineEnabledModules for that.

"JsonRpc": {
"Enabled": true,
"Timeout": 20000,
"Host": "127.0.0.1",
"Port": 8545,
"EnabledModules": ["Eth", "Subscribe", "Trace", "TxPool", "Web3", "Personal", "Proof", "Net", "Parity", "Health"],
"EnginePort": 8551,
"EngineHost": "127.0.0.1",
"JwtSecretFile": "keystore/jwt-secret"
},

if you want to changeJsonRpc.EngineHost, JsonRpc.EnginePort should be specified as well.

EngineHost

This setting specifies the host for your Engine API. Click here for more info on EngineAPI.

EnginePort

This setting specifies the port used for Engine API.
EngineEnabledModules
This setting specifies the modules to be enabled on the Engine API endpoint.

JwtSecretFile

This setting is used to identify the location of the file containing the JWT secret.
Nethermind will create it's own jwtsecret file if you do not specify a location or pass the wrong location.

Step 4: Run Nethermind

Ensure you have:
  • Installed Nethermind
  • Installed Consensus client
  • Created a JWT secret file
  • Engine module is enabled with authenticated port
Then you are ready to start your clients. First start up Nethermind.
Since the Ethereum merge, you are required to set the Merge.Enabled=true flag. This is not required if you are using the default config files as this is enabled by default.

Choosing the Network

Depending on the network you want to run the node for, choose the --config variable. for more on networks, check here.
--config is the config file for the network you want to connect to. For example, to run a node for the kiln testnet use --config kiln

Running Local Build

After you have built Nethermind you should be in the nethermind/src/Nethermind directory. From there you will need to run the following commands
cd Nethermind.Runner
dotnet run -c Release -- --config ropsten --JsonRpc.JwtSecretFile=PATH
Where PATH is the path to your JWT secret. ex --JsonRpc.JwtSecretFile=/tmp/jwtsecret

Running Release

You have two options when running from a release. The Nethermind.Launcher which is a simple GUI with options to configure your node, or the Nethermind.Runner where you can configure your node by hand.
You will need to be in the directory that the Nethermind.Runner and Nethermind.Launcher are in to run Nethermind.

Nethermind.Launcher

Windows
Ubuntu
macOS
./Nethermind.Launcher
nethermind
nethermind-launcher

Nethermind.Runner

Windows
Ubuntu
macOS
./Nethermind.Runner --config ropsten --JsonRpc.JwtSecretFile=PATH
nethermind --config ropsten --JsonRpc.JwtSecretFile=PATH
nethermind --config ropsten --JsonRpc.JwtSecretFile=PATH
--config flag is the network. for example it can be mainnet, goerli, sepolia, kiln or Ropsten.
Where PATH is the path to your JWT secret. ex --JsonRpc.JwtSecretFile=/tmp/jwtsecret
If you are not using the default config files, make sure you also use the Merge.Enabled=true flag when launching the client.

Running Docker Image

Running Nethermind from a Docker image may require more configuration depending on the situation.
The commands below should work in most situations
docker run -it -v /home/user/data:/nethermind/data nethermind/nethermind nethermind/nethermind --config ropsten --JsonRpc.Enabled true --JsonRpc.JwtSecretFile=PATH --datadir data --JsonRpc.EngineHost=0.0.0.0 --JsonRpc.EnginePort=8551
--config flag is the network. for example it can be mainnet, goerli, sepolia, kiln or Ropsten. If you are not using the config file, make sure you set Merge.Enabled=true as flag.

Docker Settings

  • -v /home/user/data:/nethermind/data sets local directory we will be storing our data to
On some OS like Amazon Linux ****you may need to increase the nofile limit by adding the following instruction to docker command -ulimit nofile=1000000:1000000 or you can take a look an alternative solution.

Nethermind Settings

  • --JsonRpc.JwtSecretFile=PATH where PATH is the location of your JWT secret ex. /tmp/jwtsecret
  • --datadir data maps the database, keystore, and logs all at once

Step 5: Run Consensus Clients

Once Nethermind has started you can start the CL client. See section below for commands to run the CL client you installed. You will need to make sure the --jwt-secret has the correct path as well or the clients will not be able to communicate.
Once both clients are running watch the logs to make sure you don’t get any Unauthorized errors to ensure the clients are communicating.

Checkpoint Sync

It would be way faster to sync consensus clients using checkpoint sync.
  • To sync the CL client using a checkpoint sync, view the community maintained endpoints here.
  • For Goerli, Ropsten or Sepolia see here.

Running on Kiln

To run on the kiln testnet, lodestar, nimbus and prysm require cloning the kiln configs.
git clone https://github.com/eth-clients/merge-testnets.git
cd merge-testnets/kiln
For more detailed instructions on running the consensus clients on kiln, see here.

Running Nimbus With Nethermind

Mainnet
Goerli
Sepolia
Ropsten
Kiln
nimbus-eth2/build/nimbus_beacon_node \
--network=mainnet \
--web3-url=http://127.0.0.1:8551 \
--rest \
--metrics \
--suggested-fee-recipient=<Enter-eth-address-here> \
--jwt-secret="/tmp/jwtsecret"
For checkpoint sync, add the following flag with a checkpoint sync endpoint from above. Example:
--trusted-node-url=https://beaconstate.ethstaker.cc
nimbus-eth2/build/nimbus_beacon_node \
--network=goerli \
--web3-url=http://127.0.0.1:8551 \
--rest \
--metrics \
--suggested-fee-recipient=<Enter-eth-address-here> \
--jwt-secret="/tmp/jwtsecret"
nimbus-eth2/build/nimbus_beacon_node \
--network=sepolia \
--web3-url=http://127.0.0.1:8551 \
--rest \
--metrics \
--suggested-fee-recipient=<Enter-eth-address-here> \
--jwt-secret="/tmp/jwtsecret"
nimbus-eth2/build/nimbus_beacon_node \
--network=ropsten \
--web3-url=http://127.0.0.1:8551 \
--rest \
--metrics \
--suggested-fee-recipient=<Enter-eth-address-here> \
--jwt-secret="/tmp/jwtsecret"
nimbus-eth2/build/nimbus_beacon_node \
--network=merge-testnets/kiln \
--web3-url=ws://127.0.0.1:8551 \
--rest \
--metrics \
--log-level=DEBUG \
--terminal-total-difficulty-override=20000000000000 \
--jwt-secret="/tmp/jwtsecret" \
--suggested-fee-recipient=<Enter-eth-address-here> \
--eth1.depositContractDeployBlock=0

Running Prysm With Nethermind

Mainnet
Goerli
Sepolia
Ropsten
Kiln
Chiado
cd prysm
./prysm.sh beacon-chain \
--mainnet \
--datadir "$db_path" \
--suggested-fee-recipient=<Enter-eth-address-here> \
--execution-endpoint=http://localhost:8551 \
--jwt-secret="/tmp/jwtsecret"
For checkpoint sync, add the following flag with a checkpoint sync endpoint from above. Example:
--checkpoint-sync-url="https://beaconstate.ethstaker.cc" \
--genesis-beacon-api-url="https://beaconstate.ethstaker.cc"
cd prysm
./prysm.sh beacon-chain \
--goerli \
--datadir $db_path \
--suggested-fee-recipient=<Enter-eth-address-here> \
--execution-endpoint=http://localhost:8551 \
--jwt-secret=/tmp/jwtsecret
cd prysm
./prysm.sh beacon-chain \
--sepolia \
--datadir $db_path \
--suggested-fee-recipient=<Enter-eth-address-here> \
--execution-endpoint=http://localhost:8551 \
--jwt-secret=/tmp/jwtsecret
cd prysm
./prysm.sh beacon-chain \
--ropsten \
--datadir $db_path \
--suggested-fee-recipient=<Enter-eth-address-here> \
--execution-endpoint=http://localhost:8551 \
--bootstrap-node=enr:-Iq4QMCTfIMXnow27baRUb35Q8iiFHSIDBJh6hQM5Axohhf4b6Kr_cOCu0htQ5WvVqKvFgY28893DHAg8gnBAXsAVqmGAX53x8JggmlkgnY0gmlwhLKAlv6Jc2VjcDI1NmsxoQK6S-Cii_KmfFdUJL2TANL3ksaKUnNXvTCv1tLwXs0QgIN1ZHCCIyk
--jwt-secret=/tmp/jwtsecret
cd prysm
./prysm.sh beacon-chain \
--genesis-state $genesis_state_path \
--datadir $db_path \
--suggested-fee-recipient=<Enter-eth-address-here> \
--execution-endpoint=$execution_server \
--execution-provider=http://localhost:8551 \
--chain-config-file=$config_path \
--bootstrap-node=enr:-Iq4QMCTfIMXnow27baRUb35Q8iiFHSIDBJh6hQM5Axohhf4b6Kr_cOCu0htQ5WvVqKvFgY28893DHAg8gnBAXsAVqmGAX53x8JggmlkgnY0gmlwhLKAlv6Jc2VjcDI1NmsxoQK6S-Cii_KmfFdUJL2TANL3ksaKUnNXvTCv1tLwXs0QgIN1ZHCCIyk
--jwt-secret=/tmp/jwtsecret
Please follow guide provided here.

Running Lighthouse With Nethermind

Mainnet
Goerli
Sepolia
Ropsten
Kiln
Chiado
lighthouse \
beacon_node \
--network mainnet \
--debug-level info \
--datadir ./mainnet-lh1 \
--eth1 \
--http \
--http-allow-sync-stalled \
--metrics \
--execution-endpoints http://127.0.0.1:8551 \
--enr-udp-port=9000 \
--enr-tcp-port=9000 \
--discovery-port=9000 \
--suggested-fee-recipient=<enter-eth-address-here> \
--jwt-secrets="/tmp/jwtsecret"
For checkpoint sync, add the following flag with a checkpoint sync endpoint from above. Example:
--checkpoint-sync-url "https://beaconstate.ethstaker.cc"
lighthouse \
beacon_node \
--network goerli \
--debug-level info \
--datadir ./testnet-lh1 \
--eth1 \
--http \
--http-allow-sync-stalled \
--metrics \
--execution-endpoints http://127.0.0.1:8551 \
--enr-udp-port=9000 \
--enr-tcp-port=9000 \
--discovery-port=9000 \
--suggested-fee-recipient=<enter-eth-address-here> \
--jwt-secrets="/tmp/jwtsecret"
lighthouse \
beacon_node \
--network sepolia \
--debug-level info \
--datadir ./testnet-lh1 \
--eth1 \
--http \
--http-allow-sync-stalled \
--metrics \
--execution-endpoints http://127.0.0.1:8551 \
--enr-udp-port=9000 \
--enr-tcp-port=9000 \
--discovery-port=9000 \
--suggested-fee-recipient=<enter-eth-address-here> \
--jwt-secrets="/tmp/jwtsecret"
lighthouse \
beacon_node \
--network ropsten \
--debug-level info \
--datadir ./testnet-lh1 \
--eth1 \
--http \
--http-allow-sync-stalled \
--metrics \
--execution-endpoints http://127.0.0.1:8551 \
--enr-udp-port=9000 \
--enr-tcp-port=9000 \
--discovery-port=9000 \
--suggested-fee-recipient=<enter-eth-address-here> \
--jwt-secrets="/tmp/jwtsecret"
lighthouse \
beacon_node \
--network kiln \
--debug-level info \
--datadir ./testnet-lh1 \
--eth1 \
--http \
--http-allow-sync-stalled \
--metrics \
--execution-endpoints http://127.0.0.1:8551 \
--enr-udp-port=9000 \
--enr-tcp-port=9000 \
--discovery-port=9000 \
--suggested-fee-recipient=<enter-eth-address-here> \
--jwt-secrets="/tmp/jwtsecret"
Please follow guide provided here.

Running Lodestar With Nethermind

Mainnet
Goerli
Sepolia
Ropsten
Kiln
Chiado
cd lodestar
./lodestar beacon \
--dataDir "../lodestar-beacondata" \
--network mainnet \
--eth1 \
--execution.urls "http://127.0.0.1:8551" \
--discv5 \
--suggestedFeeRecipient <Enter-eth-address-here> \
--jwt-secret "/tmp/jwtsecret" \
For checkpoint sync, add the following flag with a checkpoint sync endpoint from above. Example:
--checkpointSyncUrl "https://beaconstate.ethstaker.cc"
cd lodestar
./lodestar beacon \
--dataDir "../lodestar-beacondata" \
--network goerli \
--eth1 \
--execution.urls "http://127.0.0.1:8551" \
--discv5 \
--suggestedFeeRecipient <Enter-eth-address-here> \
--jwt-secret "/tmp/jwtsecret"
cd lodestar
./lodestar beacon \
--dataDir "../lodestar-beacondata" \
--network sepolia \
--eth1 \
--execution.urls "http://127.0.0.1:8551" \
--discv5 \
--suggestedFeeRecipient <Enter-eth-address-here> \
--jwt-secret "/tmp/jwtsecret"
cd lodestar
./lodestar beacon \
--dataDir "../lodestar-beacondata" \
--network ropsten \
--eth1 \
--execution.urls "http://127.0.0.1:8551" \
--discv5 \
--suggestedFeeRecipient <Enter-eth-address-here> \
--jwt-secret "/tmp/jwtsecret" \
--bootnodes "enr:-Iq4QMCTfIMXnow27baRUb35Q8iiFHSIDBJh6hQM5Axohhf4b6Kr_cOCu0htQ5WvVqKvFgY28893DHAg8gnBAXsAVqmGAX53x8JggmlkgnY0gmlwhLKAlv6Jc2VjcDI1NmsxoQK6S-Cii_KmfFdUJL2TANL3ksaKUnNXvTCv1tLwXs0QgIN1ZHCCIyk"
cd lodestar
./lodestar beacon \
--dataDir "../lodestar-beacondata" \
--network Kiln \
--eth1 \
--execution.urls "http://127.0.0.1:8551" \
--discv5 \
--suggestedFeeRecipient <Enter-eth-address-here> \
--jwt-secret "/tmp/jwtsecret"
Please follow guide provided here.

Running Teku With Nethermind

Mainnet
Goerli
Sepolia
Ropsten
Kiln
Chiado
./teku/build/install/teku/bin/teku \
--data-path "datadir-teku" \
--network mainnet \
--ee-endpoint http://localhost:8551 \
--ee-jwt-secret-file "/tmp/jwtsecret" \
--log-destination console \
--validators-proposer-default-fee-recipient=<Enter-eth-address-here>
For checkpoint sync, add the following flag with a checkpoint sync endpoint from above. Example:
--initial-state="https://beaconstate.ethstaker.cc"
./teku/build/install/teku/bin/teku \
--data-path "datadir-teku" \
--network goerli \
--ee-endpoint http://localhost:8551 \
--ee-jwt-secret-file "/tmp/jwtsecret" \
--log-destination console \
--validators-proposer-default-fee-recipient=<Enter-eth-address-here> \
./teku/build/install/teku/bin/teku \
--data-path "datadir-teku" \
--network sepolia \
--ee-endpoint http://localhost:8551 \
--ee-jwt-secret-file "/tmp/jwtsecret" \
--log-destination console \
--validators-proposer-default-fee-recipient=<Enter-eth-address-here> \
./teku/build/install/teku/bin/teku \
--data-path "datadir-teku" \
--network ropsten \
--ee-endpoint http://localhost:8551 \
--ee-jwt-secret-file "/tmp/jwtsecret" \
--log-destination console \
--validators-proposer-default-fee-recipient=<Enter-eth-address-here> \
./teku/build/install/teku/bin/teku \
--data-path "datadir-teku" \
--network kiln \
--p2p-discovery-bootnodes "enr:-Iq4QMCTfIMXnow27baRUb35Q8iiFHSIDBJh6hQM5Axohhf4b6Kr_cOCu0htQ5WvVqKvFgY28893DHAg8gnBAXsAVqmGAX53x8JggmlkgnY0gmlwhLKAlv6Jc2VjcDI1NmsxoQK6S-Cii_KmfFdUJL2TANL3ksaKUnNXvTCv1tLwXs0QgIN1ZHCCIyk" \
--ee-endpoint http://localhost:8551 \
--Xee-version kilnv2 \
--ee-jwt-secret-file "/tmp/jwtsecret" \
--log-destination console \
--validators-proposer-default-fee-recipient=<Enter-eth-address-here> \
Please follow guide provided here.