Skip to content
You are reading the Teku development version documentation and some features may not be available in the stable release. You can switch to the stable version using the version box at the bottom of the screen.

Updated on September 30, 2022

Connect to Mainnet

Important

The Merge was executed on September 15, 2022. Ethereum is now a proof of stake network, and a full Ethereum node requires both an execution client and a consensus client.

Run Teku as a consensus client with any execution client on Ethereum Mainnet.

If you’re using Hyperledger Besu as an execution client, you can follow the Besu and Teku Mainnet tutorial.

Prerequisites

1. Generate the shared secret

Run the following command:

openssl rand -hex 32 | tr -d "\n" > jwtsecret.hex

You will specify jwtsecret.hex when starting Teku and the execution client. This is a shared JWT secret the clients use to authenticate each other when using the Engine API.

2. Start the execution client

Refer to your execution client documentation to configure and start the execution client. Make sure you specify the shared secret generated in step 1.

If you’re using Besu, you can follow the Besu and Teku Mainnet tutorial.

Ensure your execution client is fully synced before submitting your staking deposit in the next step. This can take several days.

3. Generate validator keys and stake ETH

If you’re running a beacon node only, skip to the next step.

If you’re also running a validator client, have a funded Ethereum address ready (32 ETH and gas fees for each validator).

Generate validator keys and stake your ETH for one or more validators using the Staking Launchpad. Remember the passwords that you use to create the validator keys, because you need them to create the validator password files.

Create a password file for each validator key

For each validator key, create a text file containing the password to decrypt the key.

Teku allows you to specify individual keys and passwords in the command line, or you can specify directories from which to load keys and passwords. If specifying directories, password files must have the same name as the keys, but use the .txt extension.

Example

If the Launchpad creates a key named keystore-m_12381_3600_0_0_0-1596485378.json, then the password file must be named keystore-m_12381_3600_0_0_0-1596485378.txt.

Info

The password file format follows EIP-2335 requirements (UTF-8 encoded file, unicode normalization, and control code removal).

4. Start Teku

Open a new terminal window.

Beacon node only

To run Teku as a beacon node only (without validator duties), run the following command or specify the options in a configuration file:

teku \
    --ee-endpoint=http://localhost:8551          \
    --ee-jwt-secret-file=<path to jwtsecret.hex> \
    --metrics-enabled=true                       \
    --rest-api-enabled=true

Specify the path to the jwtsecret.hex file generated in step 1 using the --ee-jwt-secret-file option.

Also, in the command:

You can modify the option values and add other command line options as needed.

Beacon node and validator client

You can run the Teku beacon node and validator client as a single process or as separate processes.

You can check your validator status by searching your Ethereum address on the Beacon Chain explorer. It may take up to multiple days for your validator to be activated and start proposing blocks.

You can also use Prometheus and Grafana to monitor your nodes.

Single process

To run the Teku beacon node and validator client in a single process, run the following command or specify the options in the configuration file:

teku \
  --ee-endpoint=http://localhost:8551                       \
  --ee-jwt-secret-file=<path to jwtsecret.hex>              \
  --metrics-enabled=true                                    \
  --rest-api-enabled=true                                   \
  --validators-proposer-default-fee-recipient=<ETH address> \
  --validator-keys=<path to key file>:<path to password file>[,<path to key file>:<path to password file>,...]

Specify:

  • The path to the jwtsecret.hex file generated in step 1 using the --ee-jwt-secret-file option.
  • An Ethereum address you own as the default fee recipient using the --validators-proposer-default-fee-recipient option.
  • The paths to the keystore .json file and password .txt file created in step 3 for each validator using the --validator-keys option. Separate the .json and .txt files with a colon, and separate entries for multiple validators with commas. Alternatively, specify paths to directories to load multiple keys and passwords from.

Also, in the command:

You can modify the option values and add other command line options as needed.

Separate processes

To run the Teku beacon node and validator client as separate processes, first start Teku as a beacon node only.

On a separate machine, run Teku using the validator-client subcommand:

teku validator-client \
    --beacon-node-api-endpoint=<endpoint> \
    --validator-keys=<path to key file>:<path to password file>[,<path to key file>:<path to password file>,...]

Specify:

  • The location of one or more beacon node API endpoints using the --beacon-node-api-endpoint option.
  • The paths to the keystore .json file and password .txt file created in step 3 for each validator using the --validator-keys option. Separate the .json and .txt files with a colon, and separate entries for multiple validators with commas. Alternatively, specify paths to directories to load multiple keys and passwords from.
Questions or feedback? You can discuss issues and obtain free support on Teku Discord channel.