Geth
Last updated
Last updated
We first need to create a JSON Web Token (JWT) that will allow the execution layer software (Geth) and the consensus layer software to talk to each other.
Run the following commands one line at a time to create a folder on the server to store the JWT file and generate the JWT file:
We will be pointing the configuration files of the execution and consensus clients to this JWT file later.
Download the latest version of Geth and run the checksum verification process to ensure that the downloaded file has not been tampered with.
Each downloadable file comes with it's own checksum (see below). Replace the actual checksum and URL of the download link in the code block above.
Make sure to choose the amd64 version. Right click on the linked text and select "copy link address" to get the URL of the download link to curl.
Expected output: Verify output of the checksum verification
If checksum is verified, extract the files and move them into the (/usr/local/bin) directory for neatness and best practice. Then, clean up the duplicated copies.
Create an account (geth) without server access for Geth to run as a background service. This type of user account will not have root access so it restricts potential attackers to only the Geth service in the unlikely event that they manage to infiltrate via a compromised client update.
Create a directory for Geth to store the blockchain data of the execution layer. Then set the owner of this directory to geth so that this user can read and write to the directory.
Create a systemd configuration file for the Geth service to run in the background.
Paste the configuration parameters below into the file:
Once you're done, save with Ctrl+O and Enter, then exit with Ctrl+X. Understand and review your configuration summary below, and amend if needed.
Geth configuration summary:
--holesky: Run the on the Holesky testnet
--datadir: The directory for Geth to store the blockchain data of the execution layer
--authrpc.jwtsecret: The directory pointing to the JWT secret we generated earlier
--state.scheme=path: Use Geth's path-based state storage feature that is faster and prunes continuously. More information here
--port: Sets the port used for peer-to-peer communication. Defaults to 30303.
--http: Enables the HTTP-RPC service on http and websocket. This is so that DVT clients such as the Diva service can connect to your execution client
--http.addr: Sets the IP address to connect to the JSON RPC service. Use the internal IP address of your device here (check by running ip a) - e.g. 192.168.x.x. Defaults to 127.0.0.1 otherwise
--http.port: Sets the port to connect to the HTTP-RPC service that will be used by the DVT services. You may choose any unused port number but remember to allow incoming connections into your chosen port in your firewall (ufw) rules. Defaults to 8545.
--pprof: Enables the pprof HTTP server, providing profiling data about the Geth process. Includes CPU usage, memory allocation, blocking profiles, etc. Useful for debugging and optimizing performance.
--metrics: Enable monitoring metrics on the Geth service.
Reload the systemd daemon to register the changes made, start Geth, and check its status to make sure its running.
Expected output: The output should say Geth is “active (running)”. Press CTRL-C to exit and Geth will continue to run. It should take around 6 hours for Geth to sync on the Holesky testnet.
Use the following command to check the logs of Geth’s syncing process. Watch out for any warnings or errors.
Expected output:
Press CTRL-C to exit.
For more details on interpreting the Geth journalctl logs, head here.
If the Geth service is running smoothly, we can now enable it to fire up automatically when rebooting the system.
Expected output:
Releases: https://geth.ethereum.org/downloads
Documentation: https://geth.ethereum.org/docs
Discord: https://discord.com/invite/nthXNEv
