Tutorial: Launch a Full Eth2 Node and Connect with the bloXroute Gateway

bloXroute Team
9 min readOct 6, 2022

By: Chris Cacace, Technical Product Manager

Running your own Node is the best way to achieve the lowest latency for making trades through the Go-Gateway. The Merge was a great leap forward for Ethereum, but it also created an extra step for connecting the Execution Layer to the Consensus Layer. This article contains a step-by-step tutorial explaining how to set up an Eth2 infrastructure and peer it with the fastest, most reliable companion — the bloXroute Go-Gateway.

For this tutorial, the technologies we will be using are:

  • AWS EC2 running Ubuntu
  • Geth Execution Layer node
  • Nimbus Consensus Layer node and Teku Consensus Layer node
  • Docker
  • bloXroute Go-Gateway

Launch the EC2 Instance

To begin, we will Launch an EC2 instance that meets the minimum system requirements recommended by Geth.

Specifically, we will be using an instance with these parameters:

For more detailed information on spinning up an EC2, see the additional Information section below.

Install and Start Geth

Once the instance is done initializing, go to the EC2 Dashboard and click “Connect” to pull up your instance’s connection information. Follow the steps in the modal to establish an SSH connection to your instance.

After running this command, you will be connected to the instance:

ssh -i “tutorialNodeKey.pem” ubuntu@ec2–54–167–58–50.compute-1.amazonaws.com

We will follow the instructions in the Geth docs to install and run Geth on this instance. Follow these steps to install and run Geth:

  1. Run the following command to enable the launchpad repository:

sudo add-apt-repository -y ppa:ethereum/ethereum

2. Then, install the stable version of go-ethereum:

sudo apt-get update

sudo apt-get install ethereum

3. Once the install is complete, start the Geth node so that it runs in the background using this command:

nohup geth —-http.api web3,eth,net,engine --ws.api web3,eth,net,engine --metrics --metrics.expensive --authrpc.jwtsecret /home/ubuntu/.ethereum/geth/jwtsecret --authrpc.addr localhost --authrpc.vhosts=* --pprof --pprof.addr 127.0.0.1 &

4. This will generate a nohup.out file which you can observe in the console using this:

tail -f nohup.out

5. You should see node information along with this message:

~ % WARN [09–23|15:01:49.947] Post-merge network, but no beacon client seen. Please launch one to follow the chain!

6. The Geth Node is ready to connect to the beacon node client. Leave this window open while we set up the Consensus Layer.

Option 1: Install and Perform a Trusted Sync on Nimbus

Note: Beacon Node must sync first before Geth node can begin

We will use the Nimbus how-to guide to install and sync the Nimbus client.

Since we are using Ubuntu Linux, we will first install the chrony dependency. Run this command:

sudo apt-get install -y chrony

Next, we will build the nimbus beacon node from the source:

  1. Clone the nimbus-eth2 repository:

git clone https://github.com/status-im/nimbus-eth2

cd nimbus-eth2

2. Run the beacon node build process:
make -j4 nimbus_beacon_node

It will save a lot of time to run a trusted node sync so that your beacon node can fetch a recent checkpoint. Create an infura account (it’s free) and make a node:

  1. Sign up for an Infura account at infura.io.
  2. Go to the Dashboard and click Create New Key. Choose “Ethereum Beacon Chain” from the dropdown and name the node.

3. Copy the endpoint address. This will be used in the command to sync your Nimbus node. It should look like this.

https://2FJW0QiF2btsK0MqrnjX1IGsS…@eth2-beacon-mainnet.infura.io

4. Run this command to sync from the infura node
build/nimbus_beacon_node trustedNodeSync --network:mainnet --data-dir=build/data/shared_mainnet_0 --trusted-node-url=https://2FJW0QiF2btsK0MqrnjX1IGsS…@eth2-beacon-mainnet.infura.io --backfill=false

5. Your node will sync within a few minutes. Below is a screenshot of the trusted node sync process.

Now that your Nimbus node is synced to the most recent checkpoint, you can run it using the start command. In this command, we will include the tags necessary to keep the enr (ethereum node record) and peerID consistent for the beacon node. More specific information about these tags can be found here.

  1. Run this command to get YourOwnPublicIP

curl ifconfig.me

2. Run this command to start the Nimbus Node. It includes

./run-mainnet-beacon-node.sh — web3-url=ws://127.0.0.1:8551 --jwt-secret=../.ethereum/geth/jwtsecret --discv5=true --nat:extip:<YourOwnPublicIP> --netkey-file=/home/ubuntu/nimbus-eth2/netkey --insecure-netkey-password=true

Your Nimbus Node will begin backfilling. Since you’ve given the beacon node the JWT secret generated by the geth node, it will establish a connection.

Your Geth execution node should begin printing “Syncing beacon headers”

~ % INFO [09–26|01:18:28.562] Syncing beacon headers downloaded=204,288 left=15,409,863 eta=1h43m44.824s

Once the beacon headers are fully synced, execute this command to run the beacon node “without hanging up”

Execute this command to run the beacon node without hanging up

nohup ./run-mainnet-beacon-node.sh --web3-url=ws://127.0.0.1:8551 --jwt-secret=../.ethereum/geth/jwtsecret --discv5=true --nat:extip:<YourOwnPublicIP> --netkey-file=/home/ubuntu/nimbus-eth2/netkey --insecure-netkey-password=true

Option 2: Install and Perform a Trusted Sync on Nimbus

We will use the Nimbus How-to guide to install and sync the Nimbus client.

We will build the Teku beacon node using Homebrew:

  1. Install Java (Common Problem)

sudo apt-get update

sudo apt install default-jdk

sudo apt install gradle

java -version

2. Follow this guide to Install Homebrew for Linux

3. Install Teku using Homebrew ( Note: this will take one hour or more)

brew tap ConsenSys/teku

brew install ConsenSys/teku/teku

4. Confirm the Installation

teku --version

Next, we will use the bloXroute documentation to generate the private key that the node will use to keep its peerID consistent between restarts.

  1. Create a new directory for Teku

mkdir teku

cd teku

2. Use teku command to create a new set of public/private keys

teku peer generate --number=1 --output-file key-details.txt

3. Open key-details.txt using vim and copy the Private Key(Hex) it should look like:

0x0802122100de1b920d44aa73a10a … 0fff3e0b417bb6d3

4. Create a new private key file with

echo -n ‘0x0802122100de1b920d44aa73a10a … 0fff3e0b417bb6d3’ > key.txt

5. You now have a compatible private key: key.txt

Then, we will sync from a trusted node:

  1. Create an Infura account as shown in Option 1.
  2. Change into the directory for Teku

cd teku

3. Run this command to get YourOwnPublicIP

curl ifconfig.me

4. Run this command to start Teku with an initialized sync

teku --ee-endpoint=http://127.0.0.1:8551 --initial state=https://2CwxsMHH7fUtqRg6mzOGEF76ITl:aee0d2f4b16036875b0dd630134a884a@eth2-beacon-mainnet.infura.io/eth/v2/debug/beacon/states/finalized --ee-jwt-secret-file=”../.ethereum/geth/jwtsecret” --p2p-advertised-ip=<YourIP> --p2p-private-key-file /home/ubuntu/teku/key.txt --rest-api-enabled

Your Teku node will now allow your Geth execution layer to begin syncing

Wait for Geth to fully Sync

The Geth node will start downloading the entire blockchain. This process usually takes 2–3 days.

INFO [09–26|01:33:26.287] Block synchronization started

INFO [09–26|01:33:34.582] State sync in progress synced=0.04% state=79.23MiB accounts=68428@16.18MiB slots=283,421@57.18MiB codes=2727@5.87MiB eta=6h4m27.185s

You must wait until the Geth node has fully synced and state healed to connect it to the bloXroute Gateway

Build and Attach the bloXroute Gateway

Now that your execution and consensus layers are fully synced, we can build the bloXroute Gateway locally using Docker.

To start, we will obtain the Geth Enode and the Nimbus ENR. Use these commands to obtain the enode:

  1. Connect to the Geth console

geth attach

2. Then when the geth console opens, use:

> admin.nodeInfo

3. It should print out:

{enode: “enode://5d1f138db81d0822db5e5b49b332b753e30fb99cb1085477bb618fece476be63712495b037fc14debba54a45caa4482f1ad5e805dc04fa9cdbf4b1f53dc7dbd7@54.237.232.34:30303”,…

Your enode will be passed as a parameter for the bloXroute gateway.

Next, obtain your Nimbus consensus layer’s enr.

  1. Run this curl request for Nimbus

curl -1s http:/127.0.0.1:5052/eth/v1/node/identity | jq -r ‘.data.enr’

OR

Run this curl request for Teku

curl -1s http:/127.0.0.1:5051/eth/v1/node/identity | jq -r ‘.data.enr’

2. It should print out

enr:-LK4QGsa2_q-CGS2tAUJ3-FcZpgTmskjoiS3EmoU562wWCtZJdHJXAZOliCzUqAUm8X_L0wXhoRYnxMlYdDdgS88BosBh2F0dG5ldHOIAAAAAAAAAACEZXRoMpBKJsWLAgAAAP__________gmlkgnY0gmlwhDbt6CKJc2VjcDI1NmsxoQLAKZ42wviknv8gK8U-UWSTzJZzmnlYwL540K-_ItkeGoN0Y3CCIyiDdWRwgiMo

With your enode and enr we can build the bloXroute gateway locally. Note: Make sure docker is properly installed and up to date.

  1. Pull the latest Gateway image locally using:

Note: Make sure docker is properly installed and up to date.

docker pull bloxroute/bloxroute-gateway-go

2. Build the Gateway using this command

docker run --name bxgateway-go-ELCL -d -v /Users/christophercacace/Desktop/gateway_logs:/app/bloxroute/logs -v /Users/christophercacace/Desktop/external_gateway:/app/bloxroute/ssl -p 1801:1801 -p 28333:28333 bloxroute/bloxroute-gateway-go --blockchain-network Mainnet --ws --port 1801 --enodes enode://5d1f138db81d0822db5e5b49b332b753e30fb99cb1085477bb618fece476be63712495b037fc14debba54a45caa4482f1ad5e805dc04fa9cdbf4b1f53dc7dbd7@54.237.232.34:30303 --enr enr:-LK4QGsa2_q-CGS2tAUJ3-FcZpgTmskjoiS3EmoU562wWCtZJdHJXAZOliCzUqAUm8X_L0wXhoRYnxMlYdDdgS88BosBh2F0dG5ldHOIAAAAAAAAAACEZXRoMpBKJsWLAgAAAP__________gmlkgnY0gmlwhDbt6CKJc2VjcDI1NmsxoQLAKZ42wviknv8gK8U-UWSTzJZzmnlYwL540K-_ItkeGoN0Y3CCIyiDdWRwgiMo

Now that the Gateway has been created and is running, we will follow the bloXroute documentation to add the Gateway’s enode as a trusted peer to Geth.

  1. Search for “Started p2p networking” in the docker logs to obtain the Gateway’s enode.

My Gateways enode is:

enode://4ffb44c94bfce958c7b2ba4fd3b53f21346186e65aef581b13bb394a99abc5e183c930ab6f16c11e7b51ee3d08a73a100d3a68ad6761a27e296a1762af63d4b7

2. Go to your remote console and attach to the Geth console once again.

geth attach

3. Add the Gateway enode as a trusted peer to Geth

> admin.addTrustedPeer(“enode://4ffb44c94bfce958c7b2ba4fd3b53f21346186e65aef581b13bb394a99abc5e183c930ab6f16c11e7b51ee3d08a73a100d3a68ad6761a27e296a1762af63d4b7”)

4. This should return

true

Next, we will follow the bloXroute documentation to add the Gateways as a trusted peer to Nimbus Consensus Layer. To do this, we will need to assemble your Gateway’s multi-address.

  1. Search for “Starting P2P beacon node” in the docker logs to obtain the Gateway’s peerID.

My logs read:

time=”2022–09–27T01:12:49.551174" level=info msg=”Starting P2P beacon node: [/ip4/172.17.0.2/tcp/13000 /ip4/<MyIP>/tcp/13000], peer ID: 16Uiu2HAkzW96bU9DZ7XUevQ1jjZKAoiB4SPZao3Lz6WJTrDeu7g7" connType=beacon

2. The multiaddress required is structured like

“/ip4/<IPaddressOfGateway>/tcp/13000/p2p/<GatewayPeerID>”

From my own logs I can find /ip4/173.68.187.173/tcp/13000 and peer ID: 16Uiu2HAkzW96bU9DZ7XUevQ1jjZKAoiB4SPZao3Lz6WJTrDeu7g7

3. Take these values and add a “/p2p” to assemble the Gateways multi-address

“/ip4/173.68.187.173/tcp/13000/p2p/16Uiu2HAkzW96bU9DZ7XUevQ1jjZKAoiB4SPZao3Lz6WJTrDeu7g7”

Return to your remote machine running your Nimbus/Teku node and kill the process.

  1. Display all of the processes running:

ps -e

2. Find the nimbus process in the output

23032 ? 00:13:20 nimbus_beacon_n

OR

Find the teku process in the output

707100 ? 00:34:41 java

3. Kill the nimbus process totally:

kill -9 23032

OR

kill -9 707100

Restart the nimbus/teku node with the added “ — direct-peer” tag:

  1. A) For Nimbus, run this command to start the beacon node without “hanging up”

~ % nohup ./run-mainnet-beacon-node.sh --web3-url=ws://127.0.0.1:8551 --jwt-secret=../.ethereum/geth/jwtsecret --discv5=true --nat:extip:<YourOwnPublicIP> --insecure-netkey-password=true --netkey-file=/home/ubuntu/nimbus-eth2/netkey --direct-peer=/ip4/173.68.187.173/tcp/13000/p2p/16Uiu2HAkzW96bU9DZ7XUevQ1jjZKAoiB4SPZao3Lz6WJTrDeu7g7

B) For Teku, run this command to start the beacon node without “hanging up”

nohup teku --ee-endpoint=http://127.0.0.1:8551 --ee-jwt-secret-file=”../.ethereum/geth/jwtsecret” --p2p-advertised-ip=54.237.232.34 --p2p-private-key-file /home/ubuntu/teku/key.txt --rest-api-enabled --p2p-static-peers=/ip4/173.68.187.173/tcp/13000/p2p/16Uiu2HAkzW96bU9DZ7XUevQ1jjZKAoiB4SPZao3Lz6WJTrDeu7g7

2. This will generate a nohup.out file, which you can observe in the console using this:

tail -f nohup.out

Once both the execution and consensus layers are running properly, restart the bloXroute gateway.

It’s done!

Your logs should read this:

INFO [10–07|15:52:53.035] Started P2P networking self=enode://e79647e1ffa5004dba8c93ec27e4cb90f7207234c19de0e0d7a269d9e3fcdbdc2742a897ced3ba42ce0f319ea1627040c5249178ece67642fe166a69f58b9be6@127.0.0.1:0

DEBUG[10–07|15:52:53.218] Adding p2p peer peercount=1 id=7a76e934550cf6a7 conn=staticdial addr=54.237.232.34:30303 name=Geth/v1.10.25-stable…

Conclusion

Your Gateway is now the greatest peer your Eth2 node could ask for. Your node will receive blocks hundreds of milliseconds faster than your competitors, and you will be able to execute trades faster than the competition.

Common Problems

  1. After downloading Java, if you see the problem

~ % ERROR: JAVA_HOME is set to an invalid directory: /usr/lib/jvm/java-11-openjdk-amd64/bin/java

~ % Please set the JAVA_HOME variable in your environment to match the location of your Java installation.

Run this command:

export JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64

2. For other common issues, see the bloXroute documentation.

Additional Information — Launch an EC2 on AWS

Sign into the AWS console at console.aws.amazon.com and navigate to EC2. Follow these steps to launch a properly configured EC2 instance:

  1. Name the Instance tutorialNode.

2. Choose Ubuntu.

3. Set the Hardware as t2X.large (this is a 4-core virtual CPU with 16GB of RAM)

4. Create a new Key Pair named tutorialNodeKey. Note: Store ‘tutorialNodeKey.pem’ in a secure location. You will need it to connect to the Server later.

5. Check the box to Allow Http and Https connections from the internet in Network Settings.

6. Set the storage to 1TB.

7. Click Launch Instance.

Your instance is now being created.

--

--

bloXroute Team

Scaling blockchains to thousands of on-chain transactions per second. Today.