{"id":18602443,"url":"https://github.com/softstack/ethereum-2.0-validator-setup-guide","last_synced_at":"2025-04-10T19:31:02.706Z","repository":{"id":59652980,"uuid":"536162404","full_name":"softstack/ethereum-2.0-validator-setup-guide","owner":"softstack","description":"👨‍🏫 How to setup Ethereum 2.0 validator via dedicated server by OVHCloud ☁️","archived":false,"fork":false,"pushed_at":"2022-09-16T09:24:03.000Z","size":227,"stargazers_count":96,"open_issues_count":1,"forks_count":54,"subscribers_count":31,"default_branch":"main","last_synced_at":"2025-04-05T18:52:31.600Z","etag":null,"topics":["beacon-chain","blockchain","compare","dedicated-server","documentation","eth2","ethereum","ethereum-blockchain","ethereum-client","geth-node","guide","hardening","ovh","ovhcloud","proof-of-stake","prysm","rewards","setup","validator"],"latest_commit_sha":null,"homepage":"https://softstack.io","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/softstack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-09-13T14:21:05.000Z","updated_at":"2025-03-03T19:39:32.000Z","dependencies_parsed_at":"2022-09-19T13:40:17.836Z","dependency_job_id":null,"html_url":"https://github.com/softstack/ethereum-2.0-validator-setup-guide","commit_stats":null,"previous_names":["softstackhq/ethereum-2.0-validator-setup-guide","softstack/ethereum-2.0-validator-setup-guide"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softstack%2Fethereum-2.0-validator-setup-guide","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softstack%2Fethereum-2.0-validator-setup-guide/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softstack%2Fethereum-2.0-validator-setup-guide/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softstack%2Fethereum-2.0-validator-setup-guide/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/softstack","download_url":"https://codeload.github.com/softstack/ethereum-2.0-validator-setup-guide/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248281395,"owners_count":21077423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["beacon-chain","blockchain","compare","dedicated-server","documentation","eth2","ethereum","ethereum-blockchain","ethereum-client","geth-node","guide","hardening","ovh","ovhcloud","proof-of-stake","prysm","rewards","setup","validator"],"created_at":"2024-11-07T02:11:23.785Z","updated_at":"2025-04-10T19:31:02.396Z","avatar_url":"https://github.com/softstack.png","language":null,"readme":"# How to setup a fast and secure Ethereum 2.0 validator node with OVHcloud\n\n![](https://img.shields.io/twitter/url?url=https%3A%2F%2Fgithub.com%2Fchainsulting%2Fethereum-2.0-validator-setup-guide) ![](https://img.shields.io/github/issues/chainsulting/ethereum-2.0-validator-setup-guide) ![](https://img.shields.io/github/forks/chainsulting/ethereum-2.0-validator-setup-guide) ![](https://img.shields.io/github/stars/chainsulting/ethereum-2.0-validator-setup-guide) ![](https://img.shields.io/github/license/chainsulting/ethereum-2.0-validator-setup-guide)\n\n## Introduction\n\nEthereum 2.0 is the next step in the evolution of Ethereum. It brings with it many changes, including Proof-of-Stake, Sharding, new client implementations, new cryptography and more.\n\n## Be a validator\n* have learned the essentials by watching ['Intro to Eth2 \u0026 Staking for Beginners' by Superphiz](https://www.youtube.com/watch?v=tpkpW031RCI)\n* have passed or is actively enrolled in the [Eth2 Study Master course](https://ethereumstudymaster.com)\n* and have read the [8 Things Every Eth2 validator should know.](https://medium.com/chainsafe-systems/8-things-every-eth2-validator-should-know-before-staking-94df41701487)\n\n## 1.\tPrerequisites\n\n### 1.1 Recommended Hardware Setup\n* **Operating system:** 64-bit Linux (i.e. Ubuntu 20.04 LTS Server or Desktop)\n* **Processor:** Quad core CPU, Intel Core i7–4770 (3,40 GHz / Cores: 4 Threads: 8) or AMD FX-8310 or better\n* **Memory:** 16GB DDR4 RAM or more\n* **Storage:** 2TB NVMe or more, IOPS: 10,000 (medium speed) and 16,000 (fast)\n* **Internet:** Broadband internet connections with speeds at least 10 Mbps without data limit.\n* **Power:** Reliable electrical power with uninterruptible power supply (UPS)\n* **ETH balance:** at least 32 ETH and some ETH for deposit transaction fees\n* **Wallet:** Metamask installed\n\n### 1.2 Self-hosting vs. Dedicated Server by OVH\n\nHaving your own hardware\nFirst solution, buy equipment optimized for our needs and run it at home.\n\n| :white_check_mark: Benefits  | :x: Disadvantages |\n| ------------- | ------------- |\n| Cost optimization | Electricity and internet suppliers reliability  |\n| Possibility of reselling the equipment | Price of electricity |\n| Optimal participation to decentralization | Equipment maintenance  |\n| Physical security | Risk of having unsuitable equipment  |\n\nUsing a dedicated server\n\n| :white_check_mark: Benefits  | :x: Disadvantages |\n| ------------- | ------------- |\n| Electrical, network, and hardware security  | Premium to pay  |\n| Upgradability | Money invested is wasted |\n| No additional cost on your electricity bill | Less decentralization but mostly 99% up-time  |\n| Physical security | Risk of having unsuitable equipment  |\n\nRegarding physical security: https://docs.ovh.com/gb/en/dedicated/securing-a-dedicated-server/\n\n### 1.3 Buy a dedicated server\n\nGo to https://www.ovhcloud.com/en/bare-metal/prices/\n\n\u003cimg width=\"452\" alt=\"image\" src=\"https://user-images.githubusercontent.com/33572557/190447406-dbb77299-1632-4c54-a223-3e3b655ee025.png\"\u003e\n\n**Compare** \u003cbr\u003e\n\n\u003cimg width=\"452\" alt=\"image\" src=\"https://user-images.githubusercontent.com/33572557/190447790-cf0b5d81-8ecb-4513-b1c8-b65549ed58ca.png\"\u003e\n\nAdvance-1 gen2 for **fast sync** and Rise-1 for **medium sync** speed, you can decide \n\n\u003e**Note**\n\u003e We have chosen Advance-1 Gen2 with 1Gbit/s unmetered, guaranteed traffic and\n\u003e enough disk space to keep up with the chain increase for a while. \n\n\u003cimg width=\"452\" alt=\"image\" src=\"https://user-images.githubusercontent.com/33572557/190448972-0b325283-0cdb-4795-8599-3099db19aab2.png\"\u003e\n\nRent for 24 months and pay all upfront to earn in total 15% discount + free setup fee\n\n\u003cimg width=\"249\" alt=\"image\" src=\"https://user-images.githubusercontent.com/33572557/190449264-27ef97b5-c31a-452a-ad63-199e9039d4d4.png\"\u003e\n\nIt will take around 24h until the dedicated server is ready for setup\n\n\u003cimg width=\"452\" alt=\"image\" src=\"https://user-images.githubusercontent.com/33572557/190449918-da7debac-4886-4081-ae1b-f59701a11cfb.png\"\u003e\n\n\u003e **Note**\n\u003e Price for an Advance-1 Gen2 Server 2816.47 € over 2 years\u003cbr\u003e\n\u003e Monthly Price 117,35 € \u003cbr\u003e\n\u003e Still profitable, at the current Ethereum price \u003cbr\u003e\n\u003e\n\u003e https://www.stakingrewards.com/calculator/\n\u003e \u003cimg width=\"1032\" alt=\"Screenshot 2022-09-15 at 21 33 45\" src=\"https://user-images.githubusercontent.com/33572557/190493070-b14ed292-38b5-4b6d-b457-2ea3428719c9.png\"\u003e\n\n\n### 1.4 Initial Setup\nOnce you got an email regarding the successful creation of the server, go to your dedicated server dashboard and start the initial setup.\u003cbr\u003e\n**Go to:** https://www.ovh.com/manager/#/dedicated/server/.. \n\n\u003cimg width=\"450\" alt=\"image\" src=\"https://user-images.githubusercontent.com/33572557/190451473-a0326871-81a1-4eef-a076-da0c4b5e1a3c.png\"\u003e\n\nInstall the preferred OS, via “Last operating system (OS) installed by OVHcloud” \n\n\u003e **Note**\n\u003e Creating a server requires you to add an SSH Key, follow the guide \n\u003e https://docs.ovh.com/gb/en/dedicated/creating-ssh-keys-dedicated/ \n\n\nWe recommend **Ubuntu Server 20.04 LTS \"Focal Fossa\" - ubuntu2004-server 64 bit.** \nIn the last step you must set the SSH key and host name, before you are able to install the OS.\n\n\u003cimg width=\"452\" alt=\"image\" src=\"https://user-images.githubusercontent.com/33572557/190453011-fb3bcebb-0871-4156-b95a-b92995611a79.png\"\u003e\n\n### 1.5 Architecture Overview \n\u003cimg width=\"452\" alt=\"image\" src=\"https://user-images.githubusercontent.com/33572557/190492551-632238e7-7bcb-4e75-9fad-1f5504c8ddad.png\"\u003e\n\n## 2. Hardening you node\n\n### 2.1 Login via SSH to your server. Run the following command:\n```\nssh ubuntu@162.19.19.1\n```\n### 2.2 Create a non-root user with sudo privileges. Run the following commands:\n```\nsudo useradd -m -s /bin/bash ethereum\n```\nSet the password for ethereum user\n```\nsudo passwd ethereum\n```\nAdd ethereum to the sudo group\n```\nsudo usermod -aG sudo ethereum\n```\n### 2.3 Disable SSH password Authentication and Use SSH Keys only\n\nThe basic rules of hardening SSH are:\n\n* No password for SSH access (use private key)\n*\tDon't allow root to SSH (the appropriate users should SSH in, then su or sudo)\n*\tUse sudo for users so commands are logged\n*\tLog unauthorized login attempts (and consider software to block/ban users who try to access your server too many times, like fail2ban)\n*\tLock down SSH to only the ip range your require (if you feel like it)\n\nTransfer the public key to your remote node. Update keyname.pub appropriately.\n```\nssh-copy-id -i $HOME/.ssh/keyname.pub ethereum@server.public.ip.address\n```\n\nLogin with your new ethereum user\n```\nssh ethereum@server.public.ip.address\n```\n\nDisable root login and password based login. Edit the /etc/ssh/sshd_config file\n```\nsudo nano /etc/ssh/sshd_config\n```\n```\nLocate ChallengeResponseAuthentication and update to no\nChallengeResponseAuthentication no\n\nLocate PasswordAuthentication update to no\nPasswordAuthentication no\n\nLocate PermitRootLogin and update to prohibit-password\nPermitRootLogin prohibit-password\n\nLocate PermitEmptyPasswords and update to no\nPermitEmptyPasswords no\n\nLocate Port and customize it your random port.\nUse a random port # from 1024 thru 49141. Check for possible conflicts.\n\nPort \u003cport number\u003e\n```\n\nValidate the syntax of your new SSH configuration.\n```\nsudo sshd -t\n```\n\nIf no errors with the syntax validation, restart the SSH process\n```\nsudo systemctl restart sshd\n```\n\nVerify the login still works and login with ssh\n```\nssh ethereum@server.public.ip.address -p \u003ccustom port number\u003e\n```\n\n### 2.4 Update your system\n\nIt's critically important to keep your system up-to-date with the latest patches to prevent intruders from accessing your system.\n```\nsudo apt-get update -y \u0026\u0026 sudo apt dist-upgrade -y\nsudo apt-get autoremove\nsudo apt-get autoclean\n```\n\nEnable automatic updates so you don't have to manually install them.\n```\nsudo apt-get install unattended-upgrades \nsudo dpkg-reconfigure -plow unattended-upgrades\n```\n\n### 2.5\tDisable root account\n\nSystem admins should not frequently log in as root in order to maintain server security. Instead, you can use sudo execute that require low-level privileges.\n\n```\n# To disable the root account, simply use the -l option.\nsudo passwd -l root\n```\n\n```\n# If for some valid reason you need to re-enable the account, simply use the -u option.\nsudo passwd -u root\n```\n\n### 2.6 Secure Shared Memory\nOne of the first things you should do is secure the shared memory used on the system. If you're unaware, shared memory can be used in an attack against a running service. Because of this, secure that portion of system memory.\n\nEdit /etc/fstab\n```\nsudo nano /etc/fstab\n```\n\nInsert the following line to the bottom of the file and save/close. This sets shared memory into read-only mode.\n```\ntmpfs    /run/shm    tmpfs    ro,noexec,nosuid    0 0\n```\n\nReboot the node in order for changes to take effect.\n```\nsudo reboot\n```\n\n### 2.7 Install Fail2ban\n\nFail2ban is an intrusion-prevention system that monitors log files and searches for particular patterns that correspond to a failed login attempt. If a certain number of failed logins are detected from a specific IP address (within a specified amount of time), fail2ban blocks access from that IP address.\n```\nsudo apt-get install fail2ban -y\n```\n\nEdit a config file that monitors SSH logins.\n```\nsudo nano /etc/fail2ban/jail.local\n```\n\nAdd the following lines to the bottom of the file.\n```\nWhitelisting IP address tip: The ignoreip parameter accepts IP addresses, IP ranges or DNS hosts that you can specify to be allowed to connect. This is where you want to specify your local machine, local IP range or local domain, separated by spaces.\n# Example\nignoreip = 192.168.1.0/24 127.0.0.1/8\n\n[sshd]\nenabled = true\nport = \u003c22 or your random port number\u003e\nfilter = sshd\nlogpath = /var/log/auth.log\nmaxretry = 3\n# whitelisted IP addresses\nignoreip = \u003clist of whitelisted IP address, your local daily laptop/pc\u003e\n```\n\nSave/close file.\n\nRestart fail2ban for settings to take effect.\n```\nsudo systemctl restart fail2ban\n```\n\n\n### 2.8\tConfigure your Firewall\n\nThe standard UFW firewall can be used to control network access to your node.\nWith any new installation, ufw is disabled by default. Enable it with the following settings.\n\nPrysm\n\n```\n# By default, deny all incoming and outgoing traffic\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\n# Allow ssh access\nsudo ufw allow ssh #\u003cport 22 or your random ssh port number\u003e/tcp\n# Allow p2p ports\nsudo ufw allow 13000/tcp\nsudo ufw allow 12000/udp\n# Allow eth1 port\nsudo ufw allow 30303/tcp\nsudo ufw allow 30303/udp\n# Enable firewall\nsudo ufw enable\n```\n\n\u003e **Note**\n\u003e It is dangerous to open 3000 / 9090 for Grafana or Prometheus on a VPS/cloud node.\n\n### 2.9\tVerify Listening Ports\n\nIf you want to maintain a secure server, you should validate the listening network ports every once in a while. This will provide you essential information about your network.\n\n```\nsudo ss -tulpn or sudo netstat -tulpn\n```\n\u003e **Note**\n\u003e Further tips can be found here: \n\u003e https://www.ubuntupit.com/best-linux-hardening-security-tips-a-comprehensive-checklist/\n\n\n## 3. Initial Setup \n\n### 3.1\tTime Sync Check\nRun the following command: \n```\ntimedatectl \n```\n\n:white_check_mark: Check if NTP Service is active.\u003cbr\u003e\n:white_check_mark: Check if Local time, Time zone, and Universal time are all correct.\u003cbr\u003e\n:white_check_mark: If NTP Service is not active, run:\u003cbr\u003e\n```\nsudo timedatectl set-ntp on \n```\n\nIf you see error message Failed to set ntp: NTP not supported, you may need to install chrony or ntp package. \n\u003e **Note**\n\u003e by default, VMs may disable NTP so you may need to find a work-around for your environment.\n\n\n### 3.2\tCreate a jwtsecret file\n\nA jwtsecret file contains a hexadecimal string that is passed to both Execution Layer client and Consensus Layer clients, and is used to ensure authenticated communications between both clients.\n\n```\n#store the jwtsecret file at /secrets\nsudo mkdir -p /secrets\n```\n\n```\n#create the jwtsecret file\nopenssl rand -hex 32 | tr -d \"\\n\" | sudo tee /secrets/jwtsecret\n```\n\n```\n#enable read access\nsudo chmod 644 /secrets/jwtsecret\n```\n\n### 3.3\tInstall Execution Client\n\nTo process incoming validator deposits from the execution layer (formerly 'Eth1' chain), you'll need to run an execution client as well as your consensus client (formerly 'Eth2'). You can use a third-party service like Infura, but we recommend running your own client to keep the network as decentralized as possible. Go Ethereum is one of the three original implementations (along with C++ and Python) of the Ethereum protocol. It is written in Go, fully open source and licensed under the GNU LGPL v3.\n\n ![image](https://user-images.githubusercontent.com/33572557/190466176-d9ddd7d5-6ed3-4407-acd1-95c1213a4b0d.png)\n\n|      Client |      Type |      CPU Usage |      Minimum RAM Usage |      Sync Time  |\n|---|---|---|---|---|\n|     Geth    |     Full    |     Moderate    |     4 GB    |     Moderate    |\n|     Besu    |     Full    |     Moderate    |     8 GB    |     Slow    |\n|     Nethermind    |     Full    |     Moderate    |     16 GB    |     Fast    |\n\n**We have chosen Geth, as it’s the most stable and used client.**\n\nThe easiest way to install Geth on Ubuntu-based distributions is with the built-in launchpad PPAs (Personal Package Archives). A single PPA repository is provided, containing stable and development releases for Ubuntu versions xenial, trusty, impish, focal, bionic.\n\n```\nsudo add-apt-repository -y ppa:ethereum/ethereum\n```\n```\nsudo apt-get update -y\n```\n```\nsudo apt-get install ethereum -y\n```\n\nSetup and configure systemd\n\nRun the following to create a unit file to define your eth1.service configuration.\nSimply copy/paste the following.\n\n```\ncat \u003e $HOME/eth1.service \u003c\u003c EOF\n[Unit]\nDescription=Geth Execution Layer Client service\nWants=network-online.target\nAfter=network-online.target\n[Service]\nType=simple\nUser=$USER\nRestart=on-failure\nRestartSec=3\nTimeoutSec=300\nExecStart=/usr/bin/geth \\\n--mainnet \\\n--metrics \\\n--pprof \\\n--authrpc.jwtsecret=/secrets/jwtsecret\n[Install]\nWantedBy=multi-user.target\nEOF\n```\n\nMove the unit file to /etc/systemd/system and give it permissions.\n```\nsudo mv $HOME/eth1.service /etc/systemd/system/eth1.service\n```\n```\nsudo chmod 644 /etc/systemd/system/eth1.service\n```\n\nRun the following to enable auto-start at boot time.\n```\nsudo systemctl daemon-reload\nsudo systemctl enable eth1\n```\n\nStart geth\n```\nsudo systemctl start eth1\n```\n\n**When is my geth node synched?**\n\nYour execution client is fully sync'd when these events occur.\nGeth: Imported new chain segment\n\n1.\tAttach to the geth console with: geth attach\u003cbr\u003e\n2.\tType the following: ```eth.syncing``` \u003cbr\u003e\n3.\tIf it returns false, your geth node is synched.\u003cbr\u003e\n\u003cbr\u003e\n\nTo view and follow eth1 logs\n```\njournalctl -fu eth1\n```\n\n\u003e**Note**\n\u003eWith OVHCloud Dedicated Server Advance-1 we got a sync after 6 hours. \n\u003eSyncing an execution client can take up to 1 week. On high-end machines with gigabit internet, expect syncing to take less than a day.\n\n\n### 3.4\tGenerate your validator keys\n\ninstall the Ethereum Foundation deposit tool and generate your two sets of key pairs.\n\nYou have the choice of downloading the pre-built Ethereum staking deposit tool or building it from source. Alternatively, if you have a Ledger Nano X/S or Trezor Model T, you're able to generate deposit files with keys managed by a hardware wallet.\n\nIf using staking-deposit-cli, follow the prompts and pick a KEYSTORE password. This password encrypts your keystore files. Write down your mnemonic and keep this safe and offline.\n\nVisit and choose your operating system to generate the keys OFFLINE\nhttps://github.com/ethereum/staking-deposit-cli\n**Follow the CLI commands** \n![Picture 1](https://user-images.githubusercontent.com/33572557/190485697-8a386c2b-78c6-470e-a261-3bad49b9342c.png)\n\nIf you’re successfully done, you will see the rhino!\n\u003cimg width=\"452\" alt=\"image\" src=\"https://user-images.githubusercontent.com/33572557/190486084-784f4daa-117a-49e3-94a3-775ad678682e.png\"\u003e\n\n\u003e**Note**\n\u003eEverything is now saved within the validator_keys folders, keep them as you will need the files in the next step.\n\n### 3.5 Install Consensus Client\n\n|      Client |      Type |      CPU Usage |      Minimum RAM Usage |      Sync Time  |\n|---|---|---|---|---|\n|     Geth    |     Full    |     Moderate    |     4 GB    |     Moderate    |\n|     Besu    |     Full    |     Moderate    |     8 GB    |     Slow    |\n|     Nethermind    |     Full    |     Moderate    |     16 GB    |     Fast    |\n\n\n**Install Prysm** \n\n```\nmkdir ~/prysm \u0026\u0026 cd ~/prysm\ncurl https://raw.githubusercontent.com/prysmaticlabs/prysm/master/prysm.sh --output prysm.sh \u0026\u0026 chmod +x prysm.sh\n```\n\nConfigure port forwarding and/or firewall\n\nSpecific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.\n\n* Prysm consensus client will use port 12000 for udp and port 13000 for tcp\n* Execution client requires port 30303 for tcp and udp\n\n\u003e**Note**\n\u003eYou'll need to forward and open ports to your validator. \n\u003eVerify it's working with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .\n\nImport validator key\n\n```\n$HOME/prysm/prysm.sh validator accounts import --mainnet --keys-dir=$HOME/staking-deposit-cli/validator_keys\n```\n\n*\tType **\"accept\"** to accept terms of use\n*\tPress enter to accept default wallet location\n*\tEnter a new **prysm-only password** to encrypt your local prysm wallet files\n*\tand enter the **keystore password** for your imported accounts.\n\nVerify your validators imported successfully.\n```\n$HOME/prysm/prysm.sh validator accounts list --mainnet\n```\n\n### 3.6 Start the beacon chain\n\nSetup systemd service\n\nCreate a systemd unit file to define yourbeacon-chain.service configuration.\n```\nsudo nano /etc/systemd/system/beacon-chain.service\n```\n\nPaste the following configuration into the file.\n```\n# The eth beacon chain service (part of systemd)\n# file: /etc/systemd/system/beacon-chain.service\n\n[Unit]\nDescription=eth consensus layer beacon chain service\nWants=network-online.target\nAfter=network-online.target\n\n[Service]\nType=simple\nUser=\u003cUSER\u003e\nRestart=on-failure\nExecStart=\u003cHOME\u003e/prysm/prysm.sh beacon-chain \\\n  --mainnet \\\n  --checkpoint-sync-url=https://beaconstate.info \\\n  --genesis-beacon-api-url=https://beaconstate.info \\\n  --execution-endpoint=http://localhost:8551 \\\n  --jwt-secret=/secrets/jwtsecret \\\n  --suggested-fee-recipient=0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS \\\n  --accept-terms-of-use\n\n[Install]\nWantedBy=multi-user.target\n```\n\nReplace0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS with your own Ethereum address that you control. Tips are sent to this address and are immediately spendable, unlike the validator's attestation and block proposal rewards.\nTo exit and save, press Ctrl + X, then Y, thenEnter.\nUpdate the configuration file with your current user's home path and user name.\n```\nsudo sed -i /etc/systemd/system/beacon-chain.service -e \"s:\u003cHOME\u003e:${HOME}:g\"\n```\n```\nsudo sed -i /etc/systemd/system/beacon-chain.service -e \"s:\u003cUSER\u003e:${USER}:g\"\n```\n\nUpdate file permissions.\n```\nsudo chmod 644 /etc/systemd/system/beacon-chain.service\n```\nRun the following to enable auto-start at boot time and then start your beacon node service.\n```\nsudo systemctl daemon-reload\nsudo systemctl enable beacon-chain\nsudo systemctl start beacon-chain\n```\n\n### 3.7 Start the validator\nStore your prysm-only password in a file and make it read-only.\nThis is required so that Prysm can decrypt and load your validators.\n\nReplace \u003cmy_password_goes_here\u003e with your prysm-only password.\n\n```\necho '\u003cmy_password_goes_here\u003e' \u003e $HOME/.eth2validators/validators-password.txt\n```\n```\nsudo chmod 600 $HOME/.eth2validators/validators-password.txt\n```\nVerify your password is correct.\n```\ncat $HOME/.eth2validators/validators-password.txt\n```\nClear the bash history in order to remove traces of your prysm-only password.\n```\nshred -u ~/.bash_history \u0026\u0026 touch ~/.bash_history\n```\n\nSetup systemd service\nCreate a systemd unit file to define your validator.service configuration.\n```\nsudo nano /etc/systemd/system/validator.service\n```\n\nPaste the following configuration into the file.\n```\n# The eth validator service (part of systemd)\n# file: /etc/systemd/system/validator.service\n[Unit]\nDescription=eth validator service\nWants=network-online.target beacon-chain.service\nAfter=network-online.target\n[Service]\nType=simple\nUser=\u003cUSER\u003e\nRestart=on-failure\nExecStart=\u003cHOME\u003e/prysm/prysm.sh validator \\\n--mainnet \\\n--graffiti \"\u003cMY_GRAFFITI\u003e\" \\\n--accept-terms-of-use \\\n--wallet-password-file \u003cHOME\u003e/.eth2validators/validators-password.txt \\\n--suggested-fee-recipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS \\\n--enable-doppelganger\n[Install]\nWantedBy=multi-user.target\n```\n\n*\tReplace0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS with your own Ethereum address that you control. Tips are sent to this address and are immediately spendable, unlike the validator's attestation and block proposal rewards.\n*\tReplace \u003cMY_GRAFFITI\u003e with your own graffiti message. However for privacy and opsec reasons, avoid personal information. Optionally, leave it blank by deleting the flag option.\n*\t\nTo exit and save, press Ctrl + X, then Y, thenEnter.\n\nUpdate the configuration file with your current user's home path and user name.\n```\nsudo sed -i /etc/systemd/system/validator.service -e \"s:\u003cHOME\u003e:${HOME}:g\"\nsudo sed -i /etc/systemd/system/validator.service -e \"s:\u003cUSER\u003e:${USER}:g\"\n```\n\nUpdate file permissions.\n```\nsudo chmod 644 /etc/systemd/system/validator.service\n```\n\nRun the following to enable auto-start at boot time and then start your validator.\n```\nsudo systemctl daemon-reload\nsudo systemctl enable validator\nsudo systemctl start validator\n```\n\n#view and follow the log\n```\njournalctl --unit=beacon-chain -f\n```\n\u003cimg width=\"452\" alt=\"image\" src=\"https://user-images.githubusercontent.com/33572557/190487899-94e2f1c5-ecc9-4a64-a650-155c4bf023bf.png\"\u003e\n\n\n#view and follow the log\n```\njournalctl --unit=validator -f\n```\n\u003cimg width=\"452\" alt=\"image\" src=\"https://user-images.githubusercontent.com/33572557/190488022-6b14d888-eea2-48c7-a5e2-2aadcb3b85b5.png\"\u003e\n\n## 4.\tMonitoring your validator\n\nPrometheus is a monitoring platform that collects metrics from monitored targets by scraping metrics HTTP endpoints on these targets. Official documentation is available here. Grafana is a dashboard used to visualize the collected data.\n\n\n### 4.1\tInstall prometheus and prometheus node exporter.\n```\nsudo apt-get install -y prometheus prometheus-node-exporter\n```\n\n### 4.2. Install grafana.\n```\nwget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -\necho \"deb https://packages.grafana.com/oss/deb stable main\" \u003e grafana.list\nsudo mv grafana.list /etc/apt/sources.list.d/grafana.list\nsudo apt-get update \u0026\u0026 sudo apt-get install -y grafana\n```\n\nEnable services so they start automatically.\n```\nsudo systemctl enable grafana-server.service prometheus.service prometheus-node-exporter.service\n```\n\nCreate the prometheus.yml config file. Choose the tab for your eth client. Simply copy and paste.\n```\ncat \u003e $HOME/prometheus.yml \u003c\u003c EOF\nglobal:\n  scrape_interval:     15s # By default, scrape targets every 15 seconds.\n\n  # Attach these labels to any time series or alerts when communicating with\n  # external systems (federation, remote storage, Alertmanager).\n  external_labels:\n    monitor: 'codelab-monitor'\n\n# A scrape configuration containing exactly one endpoint to scrape:\n# Here it's Prometheus itself.\nscrape_configs:\n   - job_name: 'node_exporter'\n     static_configs:\n       - targets: ['localhost:9100']\n   - job_name: 'validator'\n     static_configs:\n       - targets: ['localhost:8081']\n   - job_name: 'beacon node'\n     static_configs:\n       - targets: ['localhost:8080']\n   - job_name: 'slasher'\n     static_configs:\n       - targets: ['localhost:8082']\nEOF\n```\n\nSetup prometheus for your execution client. Start by editing prometheus.yml\n```\nnano $HOME/prometheus.yml\n```\n\nAppend the applicable job snippet for your execution client to the end of prometheus.yml. Save the file.\n```\n   - job_name: 'geth'\n     scrape_interval: 15s\n     scrape_timeout: 10s\n     metrics_path: /debug/metrics/prometheus\n     scheme: http\n     static_configs:\n     - targets: ['localhost:6060']\n```\n\nMove it to /etc/prometheus/prometheus.yml\n```\nsudo mv $HOME/prometheus.yml /etc/prometheus/prometheus.yml\n```\n\nUpdate file permissions.\n```\nsudo chmod 644 /etc/prometheus/prometheus.yml\n```\n\nFinally, restart the services.\n```\nsudo systemctl restart grafana-server.service prometheus.service prometheus-node-exporter.service\n```\n\nVerify that the services are running properly:\n```\nsudo systemctl status grafana-server.service prometheus.service prometheus-node-exporter.service\n```\n\n\u003e**Note**\n\u003e It is dangerous to open 3000 / 9090 for Grafana or Prometheus on a VPS/cloud node. \n\u003e Better to connect via wireguard to the server or setup between monitoring server and node a wireguard ssh connection\n\u003e https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04\n\n## 5.\tMaintenance \n\n### 5.1 Updating your consensus client\nRecommended to watch the following repository https://github.com/prysmaticlabs/prysm/releases\n\n#Simply restart the processes\n```\nsudo systemctl reload-or-restart beacon-chain validator\n```\n\nCheck the logs to verify the services are working properly and ensure there are no errors. \n```\nsudo systemctl status beacon-chain validator\nsudo systemctl status beacon-chain\n```\n\n### 5.2 Updating your execution client\n\nStop your execution client process.\n**This can take a few minutes.**\n```\nsudo systemctl stop eth1\n```\n\nUpdate the execution client package or binaries.\n```\nsudo apt update\nsudo apt dist-upgrade -y\n```\n\n\nCheck the logs to verify the services are working properly and ensure there are no errors.\n```\nsudo systemctl status eth1 beacon-chain validator\nsudo systemctl status eth1 beacon-chain\n```\n\n## 6. Signing up to be a validator \n\nTo be an ETH 2.0 validator, one has to make a deposit through the launchpad’s website.\n\nhttps://launchpad.ethereum.org/en/overview\n\n### 6.1\tCheck all steps before connecting to the launchpad with your Metamask wallet, review and accept terms.\n\u003cimg width=\"1040\" alt=\"Screenshot 2022-09-15 at 21 15 33\" src=\"https://user-images.githubusercontent.com/33572557/190490012-7fc14e86-5ae2-495d-939a-b945e3d29411.png\"\u003e\n\n### 6.2\tDeposit your validator amount \n![image](https://user-images.githubusercontent.com/33572557/190602838-da5d5035-73c0-45f1-afc2-9e6d1508be49.png)\n\n![image](https://user-images.githubusercontent.com/33572557/190602713-83c45c0f-25b6-4e48-8e7d-2686b94ea888.png)\n\n![image](https://user-images.githubusercontent.com/33572557/190490631-53489650-d7fb-4b08-8615-a4e3df58f160.png)\n\n### 6.3 Follow the status on beaconcha.in\n\n![image](https://user-images.githubusercontent.com/33572557/190491124-6d865694-ecd9-4928-877a-159908f46817.png)\n\n\u003e\n\u003e 🎉 You are now officially an Ethereum 2.0 validator, congrats! 🎉\n\u003e\n\n## 7. Validator duties \n\nA validators is required to\n\n* propose new blocks on shards to which the validator is assigned.\n* Participate in committees by signing attestations on blocks proposed by other validators within the committee.\n* Aggregrate attestations from other validators on a committee when assigned for broadcasting to the beacon chain.\n* Maintain an RPC connection to a trusted beacon node to listen for validator assignment/shuffling.\n* Sync assigned shard with beacon chain for each proof of custody period.\n\n\n## Resources\n\n\u003cdetails\u003e\n  \u003csummary\u003eKnowledge Base\u003c/summary\u003e\n  Links to aggregators of knowledge with additional information on topics above and more\n\n* ConsenSys: https://consensys.net/knowledge-base/ethereum-2\n* BeaconChain: https://kb.beaconcha.in\n* Ethhub: https://docs.ethhub.io/ethereum-roadmap/ethereum-2.0/eth-2.0-phases/\n* Calculator + resources: https://docs.google.com/spreadsheets/d/15tmPOvOgi3wKxJw7KQJKoUe-uonbYR6HF7u83LR5Mj4/edit#gid=1548910165\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eEthereum 2.0 block explorers\u003c/summary\u003e \n  \n* Etherscan: https://beaconscan.com\n* Beacon Chain: https://beaconcha.in\n  \n\u003c/details\u003e\n\n\n\u003cdetails\u003e\n  \u003csummary\u003eValidator stats\u003c/summary\u003e \n  \n* Eth2stats: https://eth2stats.io/medalla-testnet\n  \n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eEthereum 2.0 client implementations\u003c/summary\u003e \n  \n* Prysm (Go): https://github.com/prysmaticlabs/prysm\n* Lighthouse (Rust) https://github.com/sigp/lighthouse\n* Teku (Java): https://github.com/PegaSysEng/teku\n* LodeStart (TypeScript): https://github.com/ChainSafe/lodestar\n* Trinity (Python): https://github.com/ethereum/trinity\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003eUseful links\u003c/summary\u003e \n\n* https://kb.beaconcha.in/staking-and-hardware\n* https://launchpad.ethereum.org/en/checklist#section-one\n* https://medium.com/simplystaking/setting-up-an-eth-2-0-validator-node-simply-staking-40b5f96a9e8d\n* https://www.coincashew.com/coins/overview-eth/guide-or-how-to-setup-a-validator-on-eth2-mainnet/part-i-installation/prerequisites\n* https://www.stakingrewards.com/calculator/\n\n\u003c/details\u003e\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftstack%2Fethereum-2.0-validator-setup-guide","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoftstack%2Fethereum-2.0-validator-setup-guide","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftstack%2Fethereum-2.0-validator-setup-guide/lists"}