Builders
Node Operators
Node Management
Configuration

Node Configuration

⚠️

Always run op-node and op-geth in a one-to-one configuration. Don't run multiple op-geth instances behind one op-node, or vice versa.

To configure your node, you will need to do the following:

  1. Configure op-node to point to the correct L1, op-geth, and L2 network.
  2. Initialize op-geth with the correct network parameters.
  3. Configure op-geth to properly communicate with the Rollup Node.
  4. Optionally, configure Legacy Geth.

Configuring op-geth

Even though the Docker image for the Execution Engine is called op-geth, the actual binary is still called geth in order to minimize differences between op-geth and go-ethereum.

We'll start with op-geth's configuration because it is more complex. As mentioned before, op-geth is a minimal fork of go-ethereum. As a result, it stores its state in a database that requires initialization. Initialization is done one of two ways, depending on which network you're deploying:

  1. With a Genesis File: This is for OP Sepolia, and other testnets or deployments that are not migrated from a legacy network. In this case, you'll download the genesis file (opens in a new tab) and initialize the data directory via geth init.
  2. With a Data Directory: This is used for networks that are migrated from a legacy network. This currently only includes OP Mainnet. In this case, you'll download a preconfigured data directory and extract it. No further initialization is necessary in this case, because the data directory contains the network's genesis information.

Regardless of how op-geth is initialized, you'll need to ensure that you have sufficient disk space available to store the network's data. As of this writing, the mainnet data directory is ~1TB for a full node and ~4TB for an archival node.

Instructions for each initialization method are below. If you're spinning up an OP Mainnet, use the Initialization via Data Directory path. If you're spinning up an OP Sepolia node, use the Initialization via Genesis File path.

Initialization via Genesis File

op-geth uses JSON files to encode a network's genesis information. Unlike OP Mainnet, the genesis for OP Sepolia is not currently included in the op-geth binary. For networks that are initialized in this way, you'll receive a URL to the genesis JSON. You'll need to download the genesis JSON, then run the following command to initialize the data directory:

#!/bin/sh
FILE=/$DATADIR/genesis.json
OP_GETH_GENESIS_URL=https://networks.optimism.io/op-sepolia/genesis.json
 
if [ ! -s $FILE ]; then
  apk add curl
  curl $OP_GETH_GENESIS_URL -o $FILE
  geth init --datadir /db $FILE
else
  echo "Genesis file already exists. Skipping initialization."
fi
⚠️

CLI Flag Requirements

  • op-node requires: --network=op-sepolia
  • do not set: --rollup.historicalrpc or rollup.historicalrpctimeout
  • op-geth requires: --op-network=op-sepolia

Initialization via Data Directory

To initialize op-geth with a preconfigured data directory, simply download and extract the data directory to a place of your choosing. The data directory is exported as a tar file. An example command to do this is below:

curl -o <path to data directory> -sL <URL to data directory>
tar -xvf <path to data directory>

Configuration

Once op-geth is initialized, it can be configured via CLI flags. op-geth accepts all the standard go-ethereum flags (opens in a new tab) as well as a few extra flags that are specific to Optimism. These flags are:

  • --rollup.historicalrpc: Enables the historical RPC endpoint. This endpoint is used to fetch historical execution data from Legacy Geth. This flag is only necessary for upgraded networks.
  • --rollup.sequencerhttp: HTTP endpoint of the sequencer. op-geth will route eth_sendRawTransaction calls to this URL. Bedrock does not currently have a public mempool, so this is required if you want your node to support transaction submission. Consult the documentation for the network you are participating in to get the correct URL.
  • --rollup.disabletxpoolgossip: Disables transaction pool gossiping. While not required, it's useful to set this to true since transaction pool gossip is currently unsupported.

To communicate with op-node and enable the Engine API, you'll also need to generate a JWT secret file and enable Geth's authenticated RPC endpoint.

To generate the JWT secret, run the following:

openssl rand -hex 32 > jwt.txt

Then, specify the following flags:

  • --authrpc.addr: Sets the address op-geth's authenticated RPC should listen on.
  • --authrpc.port: Sets the port op-geth's authenticated RPC should listen on. The default value is 8551.
  • --authrpc.jwtsecret: Sets the path to a JWT secret file you generated above.
  • --syncmode=full: This prevents Geth from attempting to snap sync. Snap sync is currently unsupported, but will be enabled shortly after the mainnet upgrade.
  • --maxpeers=0: This prevents Geth from peering with other Geth nodes. Execution-layer peering is currently unsupported, but will be added as part of enabling snap sync.
  • --nodiscover: This disables Geth's peer discovery mechanism. Execution-layer discovery is currently unsupported, but will be added as part of enabling snap sync.

Optional op-geth Configuration

You may also want to specify the following flags based on your configuration:

  • --authrpc.vhosts: Whitelists which hosts (as defined in the Host header) are allowed to access the authenticated RPC endpoint. This is useful if you're running op-geth on containerized infrastructure. The default value is localhost.
  • --http.vhosts: Whitelists which hosts (as defined in the Host header) are allowed to access the unauthenticated RPC endpoint. This is useful if you're running op-geth on containerized infrastructure. The default value is localhost.
  • --http, --http.addr, and --http.port: Enables the unauthenticated RPC endpoint, configures its address, and configures its port. You'll almost certainly want to specify these, since they will enable Geth's JSON-RPC endpoint.
  • --ws, --ws.addr, and --ws.port: Enables the WebSocket API.
  • --verbosity: Configures Geth's log level. This is a number between 0 and 5, with 5 being the most verbose. Defaults to 3.

Working Base Configuration

A valid command that runs op-geth and enables RPC over HTTP and WebSockets looks like:

geth \
  --ws \
  --ws.port=8546 \
  --ws.addr=localhost \
  --ws.origins="*" \
  --http \
  --http.port=8545 \
  --http.addr=localhost \
  --http.vhosts="*" \
  --http.corsdomain="*" \
  --authrpc.addr=localhost \
  --authrpc.jwtsecret=/var/secrets/jwt.txt \
  --authrpc.port=8551 \
  --authrpc.vhosts="*" \
  --datadir=/data \
  --verbosity=3 \
  --rollup.disabletxpoolgossip=true \
  --rollup.sequencerhttp=https://mainnet-sequencer.optimism.io/ \
  --nodiscover \
  --syncmode=full \
  --maxpeers=0 \
  --op-network=op-mainnet

Consult Geth's documentation (opens in a new tab) for more information on customizing op-geth's behavior.

Configuring op-node

op-node is a standalone, statically linked binary. It stores no state, and requires no initialization. It consumes configuration parameters either via the command line or environment variables. For some networks, the Rollup Node also requires a configuration file (called rollup.json or the "rollup config") that configures network-specific genesis parameters. For official networks like OP Sepolia and OP Mainnet, the genesis config is hardcoded in the op-node software and can be specified via a --network flag.

Following the Ecotone upgrade node operators must set an L1 beacon value to retrieve blobs from a Beacon node.

⚠️

The op-node RPC should not be exposed publicly. If left exposed, it could accidentally expose admin controls to the public internet.

Working Base Configuration

A minimal valid configuration that runs op-node looks like:

op-node --l1=<ethereum mainnet RPC url> \
        --l2=<op-geth authenticated RPC url> \
        --network=op-mainnet \
        --rpc.addr=127.0.0.1 \
        --rpc.port=9545 \
        --l2.jwt-secret=<path to JWT secret> \
        --l1.beacon=<http endpoint address of L1 Beacon-node>

You can manually specify a path to a rollup config with the --rollup.config flag. This is used for testnets or internal deployments that are not migrated from a legacy network.

Each of the above flags can also be defined via an environment variable. Run op-node --help to see a list of all available flags and environment variables.

Configuring Peer-to-Peer Networking

Unlike the previous system, the op-node participates in a peer-to-peer network. This network is used to distribute blocks that have not been submitted to L1 yet. The op-node will automatically discover and connect to peers using a hardcoded set of bootnodes. You can also manually specify peers to connect to via the --p2p.static flag.

For best results, run op-node with a static IP address that is accessible from the public Internet. For Kubernetes deployments, this can be achieved by configuring a dedicated Ingress with an external IP, and using the --p2p.advertise.ip flag to specify the IP address of the load balancer when advertising IP addresses to peers.

The default port for the peer-to-peer network is 9003. You will need to open this port on your firewall to receive unsubmitted blocks. For your node to be discoverable, this port must be accessible via both TCP and UDP protocols.

Legacy Geth

If you are running a node for an upgraded network like OP Mainnet (but not OP Sepolia), you will also need to run Legacy Geth in order to serve historical execution traces. Fundamentally, Legacy Geth is our old l2geth binary running against a preconfigured data directory. To configure Legacy Geth, follow the instructions above for using a preconfigured data directory, then execute the following command:

It is imperative that you specify the USING_OVM=true environment variable in the command below. Failing to specify this will cause l2geth to return invalid execution traces, or panic at startup.

USING_OVM=true \
  ETH1_SYNC_SERVICE_ENABLE=false \
  RPC_API=eth,rollup,net,web3,debug \
  RPC_ADDR=0.0.0.0 \
  RPC_CORS_DOMAIN=* \
  RPC_ENABLE=true \
  RPC_PORT=8545 \
  RPC_VHOSTS=* \
  geth --datadir <path to data directory>

This command is the minimum required to run Legacy Geth and expose a functioning RPC endpoint. As before, l2geth takes all standard go-ethereum flags so you can customize the configuration as needed.

As mentioned above, don't forget to specify --rollup.historicalrpc on op-geth to properly route requests for historical execution to Legacy Geth.

Since Legacy Geth is read-only, it is safe to run multiple Legacy Geth nodes behind a load balancer.

Historical Execution vs. Historical Data Routing

Only requests for historical execution will be routed to Legacy Geth. Everything else will be served by op-geth directly. The term historical execution refers to RPC methods that need to execute transactions prior to bedrock (not just read data from the database):

  • eth_call
  • eth_estimateGas
  • debug_traceBlockByNumber
  • debug_traceBlockByHash
  • debug_traceCall
  • debug_traceTransaction

If you do not need these RPC methods for historical data, then you do not need to run Legacy Geth at all.

Command line options

You can configure your node using command line options (a.k.a. flags). There are also has sub-commands, which can be used to invoke functionality such as the console or blockchain import/export.

The command line help listing is reproduced below for your convenience.

op-node

op-node implements most rollup-specific functionality as Consensus-Layer, similar to a L1 beacon-node. The following options are from the --help in v1.5.1 (opens in a new tab).

GLOBAL OPTIONS

conductor.enabled

Enable the conductor service. The default value is false.

--conductor.enabled=<boolean>
conductor.rpc

Conductor service rpc endpoint. The default value is http://127.0.0.1:8547.

--conductor.rpc=<value>
conductor.rpc-timeout value

Conductor service rpc timeout. The default value is 1s.

--conductor.rpc-timeout value=<value>
heartbeat.enabled

Enables or disables heartbeating. The default value is false.

--heartbeat.enabled=<boolean>
heartbeat.moniker

Sets a moniker for this node.

--heartbeat.moniker=<value>
heartbeat.url

Sets the URL to heartbeat to. The default value is "https://heartbeat.optimism.io".

--heartbeat.url=<value>
l1

Address of L1 User JSON-RPC endpoint to use (eth namespace required). The default value is "http://127.0.0.1:8545".

--l1=<value>
l1.beacon

Address of L1 Beacon-node HTTP endpoint to use.

--l1.beacon=<value>
l1.beacon.fetch-all-sidecars

If true, all sidecars are fetched and filtered locally. Workaround for buggy Beacon nodes. The default value is false.

--l1.beacon.fetch-all-sidecars=<boolean>
l1.beacon.ignore

When false, halts op-node startup if the healthcheck to the Beacon-node endpoint fails. The default value is false.

--l1.beacon.ignore=<boolean>
l1.epoch-poll-interval

Poll interval for retrieving new L1 epoch updates such as safe and finalized block changes. Disabled if 0 or negative. The default value is 6m24s.

--l1.epoch-poll-interval=<value>
l1.http-poll-interval

Polling interval for latest-block subscription when using an HTTP RPC provider. Ignored for other types of RPC endpoints. The default value is 12s.

--l1.http-poll-interval=<value>
l1.max-concurrency

Maximum number of concurrent RPC requests to make to the L1 RPC provider. The default value is 10.

--l1.max-concurrency=<value>
l1.rpc-max-batch-size

Maximum number of RPC requests to bundle, e.g., during L1 blocks receipt fetching. The L1 RPC rate limit counts this as N items, but allows it to burst at once. The default value is 20.

--l1.rpc-max-batch-size=<value>
l1.rpc-rate-limit

Optional self-imposed global rate-limit on L1 RPC requests, specified in requests / second. Disabled if set to 0. The default value is 0.

--l1.rpc-rate-limit=<value>
l1.rpckind

The kind of RPC provider, used to inform optimal transactions receipts fetching, and thus reduce costs. Valid options: alchemy, quicknode, infura, parity, nethermind, debug_geth, erigon, basic, any, standard. The default value is standard.

--l1.rpckind=<value>
l1.runtime-config-reload-interval

Poll interval for reloading the runtime config, useful when config events are not being picked up. Disabled if 0 or negative. The default value is 10m0s.

--l1.runtime-config-reload-interval=<value>
l1.trustrpc

Trust the L1 RPC, sync faster at risk of malicious/buggy RPC providing bad or inconsistent L1 data. The default value is false.

If you're running an Erigon Ethereum execution client for your L1 provider you will need to include --l1.trustrpc. At the time of writing, Erigon doesn't support the eth_getProof that we prefer to use to load L1 data for some processing in op-node. The trustrpc flag makes it use something else that erigon supports, but the op-node can't verify for correctness.

--l1.trustrpc=<boolean>
l2

Address of L2 Engine JSON-RPC endpoints to use (engine and eth namespace required).

--l2=<value>
l2.jwt-secret

Path to JWT secret key. Keys are 32 bytes, hex encoded in a file. A new key will be generated if left empty.

--l2.jwt-secret=<value>
log.color

Color the log output if in terminal mode. The default value is false.

--log.color=<boolean>
log.format

Format the log output. Supported formats: 'text', 'terminal', 'logfmt', 'json', 'json-pretty'. The default value is text.

--log.format=<value>
log.level

The lowest log level that will be output. The default value is info.

--log.level=<value>
metrics.addr

Metrics listening address. The default value is "0.0.0.0".

--metrics.addr=<value>
metrics.enabled

Enable the metrics server. The default value is false.

--metrics.enabled=<boolean>
metrics.port

Metrics listening port. The default value is 7300.

--metrics.port=<value>
network

Predefined network selection. Available networks: oplabs-devnet-0-sepolia-dev-0, op-labs-chaosnet-0-goerli-dev-0, zora-mainnet, base-sepolia, pgn-sepolia, zora-sepolia, base-devnet-0-sepolia-dev-0, base-goerli, base-devnet-0-goerli-dev-0, conduit-devnet-0-goerli-dev-0, base-mainnet, pgn-mainnet, op-sepolia, lyra-mainnet, mode-mainnet, op-mainnet, op-goerli, op-labs-devnet-0-goerli-dev-0, orderly-mainnet.

--network=<value>
override.canyon

Manually specify the Canyon fork timestamp, overriding the bundled setting. The default value is 0.

--override.canyon=<value>
override.delta

Manually specify the Delta fork timestamp, overriding the bundled setting. The default value is 0.

--override.delta=<value>
override.ecotone

Manually specify the ecotone fork timestamp, overriding the bundled setting. The default value is 0.

--override.ecotone=<value>
p2p.advertise.ip

The IP address to advertise in Discv5, put into the ENR of the node. This may also be a hostname/domain name to resolve to an IP.

--p2p.advertise.ip=<value>
p2p.advertise.tcp

The TCP port to advertise in Discv5, put into the ENR of the node. Set to p2p.listen.tcp value if 0. The default value is 0.

--p2p.advertise.tcp=<value>
p2p.advertise.udp

The UDP port to advertise in Discv5 as a fallback if not determined by Discv5, put into the ENR of the node. Set to p2p.listen.udp value if 0. The default value is 0.

--p2p.advertise.udp=<value>
p2p.ban.duration

The duration that peers are banned for. The default value is 1h0m0s.

--p2p.ban.duration=<value>
p2p.ban.peers

Enables peer banning. The default value is true.

--p2p.ban.peers=<boolean>
p2p.ban.threshold

The minimum score below which peers are disconnected and banned. The default value is -100.

--p2p.ban.threshold=<value>
p2p.bootnodes

Comma-separated base64-format ENR list. Bootnodes to start discovering other node records from.

--p2p.bootnodes=<value>
p2p.disable

Completely disable the P2P stack. The default value is false.

--p2p.disable=<boolean>
p2p.discovery.path

Enables persistent storage of discovered ENRs in a database to recover from a restart without bootstrapping the discovery process again. Set to 'memory' to never persist the peerstore. The default value is opnode_discovery_db.

--p2p.discovery.path=<value>
p2p.listen.ip

Specifies the IP to bind LibP2P and Discv5 to. The default value is 0.0.0.0.

--p2p.listen.ip=<value>
p2p.listen.tcp

Defines the TCP port to bind LibP2P to. Any available system port if set to 0. The default value is 9222.

--p2p.listen.tcp=<value>
p2p.listen.udp

Sets the UDP port to bind Discv5 to. It will be the same as the TCP port if left at 0. The default value is 0.

--p2p.listen.udp=<value>
p2p.nat

Enables NAT traversal with PMP/UPNP devices to learn external IP. The default value is false.

--p2p.nat=<boolean>
p2p.netrestrict

Specifies a comma-separated list of CIDR masks. P2P will only try to connect on these networks.

--p2p.netrestrict=<value>
p2p.no-discovery

Disables Discv5 (node discovery). The default value is false.

--p2p.no-discovery=<boolean>
p2p.peers.grace

Determines the grace period to keep a newly connected peer around, if it is not misbehaving. The default value is 30s.

--p2p.peers.grace=<value>
p2p.peers.hi

Sets the high-tide peer count. The node starts pruning peer connections slowly after reaching this number. The default value is 30.

--p2p.peers.hi=<value>
p2p.peers.lo

Determines the low-tide peer count. The node actively searches for new peer connections if below this amount. The default value is 20.

--p2p.peers.lo=<number>
p2p.peerstore.path

Specifies the Peerstore database location. Persisted peerstores help recover peers after restarts. Set to 'memory' to never persist the peerstore. Warning: a copy of the priv network key of the local peer will be persisted here. The default value is "opnode_peerstore_db".

--p2p.peerstore.path=<path>
p2p.priv.path

Defines the file path for reading the hex-encoded 32-byte private key for the peer ID. Created if not already exists. Important for maintaining the same network identity after restarting. The default value is "opnode_p2p_priv.txt".

--p2p.priv.path=<file-path>
p2p.scoring

Sets the peer scoring strategy for the P2P stack. Options include 'none' or 'light'. The default value is "light".

--p2p.scoring=<strategy>
p2p.sequencer.key

Hex-encoded private key for signing off on p2p application messages as sequencer.

--p2p.sequencer.key=<value>
p2p.static

Comma-separated multiaddr-format peer list. Static connections to make and maintain, these peers will be regarded as trusted. Addresses of the local peer are ignored. Duplicate/Alternative addresses for the same peer all apply, but only a single connection per peer is maintained.

--p2p.static=<value>
p2p.sync.req-resp

Enables P2P req-resp alternative sync method, on both server and client side. Default is true.

--p2p.sync.req-resp=[true|false]
pprof.addr

pprof listening address. Default is "0.0.0.0".

--pprof.addr=<value>
pprof.enabled

Enable the pprof server. Default is false.

--pprof.enabled=[true|false]
pprof.path

pprof file path. If it is a directory, the path is {dir}/{profileType}.prof

--pprof.path=<path>
pprof.port

pprof listening port. Default is 6060.

--pprof.port=<value>
pprof.type

pprof profile type. One of cpu, heap, goroutine, threadcreate, block, mutex, allocs

--pprof.type=<value>
rollup.config

Rollup chain parameters.

--rollup.config=<value>
rollup.halt

Opt-in option to halt on incompatible protocol version requirements of the given level (major/minor/patch/none), as signaled onchain in L1.

--rollup.halt=<value>
rollup.load-protocol-versions

Load protocol versions from the superchain L1 ProtocolVersions contract (if available), and report in logs and metrics. Default is false.

--rollup.load-protocol-versions=[true|false]
rpc.addr

RPC listening address. Default is "127.0.0.1".

--rpc.addr=<value>
rpc.admin-state

File path used to persist state changes made via the admin API so they persist across restarts. Disabled if not set.

--rpc.admin-state=<value>
rpc.enable-admin

Enable the admin API (experimental). Default is false.

--rpc.enable-admin=[true|false]
rpc.port

RPC listening port. Default is 9545.

--rpc.port=<value>
sequencer.enabled

Enable sequencing of new L2 blocks. A separate batch submitter has to be deployed to publish the data for verifiers. Default is false.

--sequencer.enabled=[true|false]
sequencer.l1-confs

Number of L1 blocks to keep distance from the L1 head as a sequencer for picking an L1 origin. Default is 4.

--sequencer.l1-confs=<value>
sequencer.max-safe-lag

Maximum number of L2 blocks for restricting the distance between L2 safe and unsafe. Disabled if 0. Default is 0.

--sequencer.max-safe-lag=<value>
sequencer.stopped

Initialize the sequencer in a stopped state. The sequencer can be started using the admin_startSequencer RPC. Default is false.

--sequencer.stopped=[true|false]
snapshotlog.file

Path to the snapshot log file.

--snapshotlog.file=<value>
verifier.l1-confs

Number of L1 blocks to keep distance from the L1 head before deriving L2 data from. Reorgs are supported, but may be slow to perform. Default is 0.

--verifier.l1-confs=<value>

MISC

--help, -h

Show help. The default value is false.

--help OR -h
--version, -v

Nodes built from source do not output the correct version numbers that are reported on the GitHub release page.

Print the version. The default value is false.

--version OR -v

op-geth

op-geth implements the Execution-Layer, with minimal changes for a secure Ethereum-equivalent application environment. The following are options from v1.101308.0 (opens in a new tab)

Please note that the executable is still named geth to maintain a minimal diff (opens in a new tab).

GLOBAL OPTIONS

ACCOUNT
allow-insecure-unlock

Allows insecure account unlocking when account-related RPCs are exposed by HTTP. The default value is false.

--allow-insecure-unlock
keystore

Directory for the keystore. The default is inside the data directory.

--keystore <value>
lightkdf

Reduce key-derivation RAM & CPU usage at some expense of KDF strength. The default value is false.

--lightkdf
password

Password file to use for non-interactive password input.

--password <value>
pcscdpath

Path to the smartcard daemon (pcscd) socket file. The default value is "/run/pcscd/pcscd.comm".

--pcscdpath <value>
signer

External signer (url or path to ipc file).

--signer <value>
unlock

Comma separated list of accounts to unlock.

--unlock <account address>
usb

Enable monitoring and management of USB hardware wallets. The default value is false.

--usb
API AND CONSOLE
authrpc.addr

Listening address for authenticated APIs. The default value is "localhost".

--authrpc.addr <value>
authrpc.jwtsecret

Path to a JWT secret to use for authenticated RPC endpoints.

--authrpc.jwtsecret <value>
authrpc.port

Listening port for authenticated APIs. The default value is 8551.

--authrpc.port <value>
authrpc.vhosts

Comma separated list of virtual hostnames from which to accept requests (server enforced). The default value is "localhost". Accepts '*' wildcard.

--authrpc.vhosts <value>
exec

Execute JavaScript statement.

--exec <value>
graphql

Enable GraphQL on the HTTP-RPC server. Note that GraphQL can only be started if an HTTP server is started as well. The default value is false.

--graphql
graphql.corsdomain

Comma separated list of domains from which to accept cross origin requests (browser enforced).

--graphql.corsdomain <value>
graphql.vhosts

Comma separated list of virtual hostnames from which to accept requests (server enforced). The default value is "localhost". Accepts '*' wildcard.

--graphql.vhosts <value>
header

Pass custom headers to the RPC server when using --remotedb or the geth attach console. This flag can be given multiple times.

--header <value>, -H <value>
http

Enable the HTTP-RPC server. The default value is false.

--http
http.addr

HTTP-RPC server listening interface. The default value is "localhost".

--http.addr <value>
http.api

API's offered over the HTTP-RPC interface.

--http.api <value>
http.corsdomain

Comma separated list of domains from which to accept cross origin requests (browser enforced).

--http.corsdomain <value>
http.port

HTTP-RPC server listening port. The default value is 8545.

--http.port <value>
http.rpcprefix`\

HTTP path prefix on which JSON-RPC is served. Use '/' to serve on all paths.

--http.rpcprefix <value>
http.vhosts

Comma separated list of virtual hostnames from which to accept requests (server enforced). The default value is "localhost". Accepts '*' wildcard.

--http.vhosts <value>
ipcdisable

Disable the IPC-RPC server. The default value is false.

--ipcdisable
ipcpath

Filename for IPC socket/pipe within the datadir (explicit paths escape it).

--ipcpath <value>
jspath

JavaScript root path for loadScript. The default value is . (current directory).

--jspath <value>
preload

Comma separated list of JavaScript files to preload into the console.

--preload <value>
rpc.allow-unprotected-txs

Allow for unprotected (non EIP155 signed) transactions to be submitted via RPC. The default value is false.

--rpc.allow-unprotected-txs
rpc.batch-request-limit

Maximum number of requests in a batch. The default value is 1000.

--rpc.batch-request-limit=<value>
rpc.batch-response-max-size

Maximum number of bytes returned from a batched call. The default value is 25000000.

--rpc.batch-response-max-size=<value>
rpc.enabledeprecatedpersonal

Enables the (deprecated) personal namespace. The default value is false.

--rpc.enabledeprecatedpersonal
rpc.evmtimeout

Sets a timeout used for eth_call (0=infinite). The default value is 5s.

--rpc.evmtimeout <value>
rpc.gascap

Sets a cap on gas that can be used in eth_call/estimateGas (0=infinite). The default value is 50000000.

--rpc.gascap=<value>
rpc.txfeecap

Sets a cap on transaction fee (in ether) that can be sent via the RPC APIs (0 = no cap). The default value is 1.

--rpc.txfeecap=<value>
ws

Enable the WS-RPC server. The default value is false.

--ws
ws.addr

WS-RPC server listening interface. The default value is "localhost".

--ws.addr=<value>
ws.api

API's offered over the WS-RPC interface.

--ws.api=<value>
ws.origins

Origins from which to accept websockets requests.

--ws.origins=<value>
ws.port

WS-RPC server listening port. The default value is 8546.

--ws.port=<value>
ws.rpcprefix

HTTP path prefix on which JSON-RPC is served over WS. Use '/' to serve on all paths.

--ws.rpcprefix=<value>
DEVELOPER CHAIN
dev

Ephemeral proof-of-authority network with a pre-funded developer account, mining enabled. The default value is false.

--dev
dev.gaslimit

Initial block gas limit. The default value is 11500000.

--dev.gaslimit=<value>
dev.period

Block period to use in developer mode (0 = mine only if transaction pending). The default value is 0.

--dev.period=<value>
ETHEREUM
bloomfilter.size

Megabytes of memory allocated to bloom-filter for pruning. The default value is 2048.

--bloomfilter.size=<value>
config

TOML configuration file.

--config=<value>
datadir

Data directory for the databases and keystore. The default value is /home/<user>/.ethereum.

--datadir=<value>
datadir.ancient

Root directory for ancient data (default = inside chaindata).

--datadir.ancient=<value>
datadir.minfreedisk

Minimum free disk space in MB, once reached triggers auto shut down (default = --cache.gc converted to MB, 0 = disabled).

--datadir.minfreedisk=<value>
db.engine

Backing database implementation to use ('pebble' or 'leveldb').

--db.engine=<value>
eth.requiredblocks

Comma separated block number-to-hash mappings to require for peering (<number>=<hash>).

--eth.requiredblocks=<value>
exitwhensynced

Exits after block synchronization completes. The default value is false.

--exitwhensynced
goerli

Görli network: pre-configured proof-of-authority test network. The default value is false.

--goerli
holesky

Holesky network: pre-configured proof-of-stake test network. The default value is false.

--holesky
mainnet

Ethereum mainnet. The default value is false.

--mainnet
networkid

Explicitly set network id (integer). The default value is 1. For testnets: use --goerli, --sepolia, --holesky instead.

--networkid <value>
op-network, beta.op-network

Select a pre-configured OP-Stack network (warning: op-mainnet and op-goerli require special sync, datadir is recommended), options: base-devnet-0-goerli-dev-0, base-devnet-0-sepolia-dev-0, base-goerli, base-mainnet, base-sepolia, conduit-devnet-0-goerli-dev-0, lyra-mainnet, mode-mainnet, op-goerli, op-labs-chaosnet-0-goerli-dev-0, op-labs-devnet-0-goerli-dev-0, op-mainnet, op-sepolia, oplabs-devnet-0-sepolia-dev-0, orderly-mainnet, pgn-mainnet, pgn-sepolia, zora-mainnet, zora-sepolia

--op-network=<value>
override.cancun

Manually specify the Cancun fork timestamp, overriding the bundled setting. The default value is 0.

--override.cancun=<value>
override.canyon

Manually specify the Optimism Canyon fork timestamp, overriding the bundled setting. The default value is 0.

--override.canyon=<value>
override.ecotone

Manually specify the Optimism Ecotone fork timestamp, overriding the bundled setting. The default value is 0.

--override.ecotone=<value>
override.interop

Manually specify the Optimism Interop feature-set fork timestamp, overriding the bundled setting. The default value is 0.

--override.interop=<value>
override.verkle

Manually specify the Verkle fork timestamp, overriding the bundled setting. The default value is 0.

--override.verkle=<value>
sepolia

Sepolia network: pre-configured proof-of-work test network. The default value is false.

--sepolia
snapshot

Enables snapshot-database mode. The default value is true.

--snapshot
GAS PRICE ORACLE
gpo.blocks

Number of recent blocks to check for gas prices. The default value is 20.

--gpo.blocks=<value>
gpo.ignoreprice

Gas price below which GPO will ignore transactions. The default value is 2.

--gpo.ignoreprice=<value>
gpo.maxprice

Maximum transaction priority fee (or gasprice before London fork) to be recommended by GPO. The default value is 500000000000.

--gpo.maxprice=<value>
gpo.minsuggestedpriorityfee

Minimum transaction priority fee to suggest. Used on OP chains when blocks are not full. The default value is 1000000.

--gpo.minsuggestedpriorityfee=<value>
gpo.percentile

Suggested gas price is the given percentile of a set of recent transaction gas prices. The default value is 60.

--gpo.percentile=<value>
LIGHT CLIENT
light.egress

Outgoing bandwidth limit for serving light clients (deprecated). The default value is 0.

--light.egress=<value>
light.ingress

Incoming bandwidth limit for serving light clients (deprecated). The default value is 0.

--light.ingress=<value>
light.maxpeers

Maximum number of light clients to serve, or light servers to attach to (deprecated). The default value is 100.

--light.maxpeers=<value>
light.nopruning

Disable ancient light chain data pruning (deprecated). The default value is false.

--light.nopruning
light.nosyncserve

Enables serving light clients before syncing (deprecated) The default value is false.

--light.nosyncserve
light.serve

Maximum percentage of time allowed for serving LES requests (deprecated). The default value is 0.

--light.serv=<value>
LOGGING AND DEBUGGING
log.compress

Compress the log files. The default value is false.

--log.compress
log.file

Write logs to a file.

--log.file=<value>
log.format

Log format to use (json|logfmt|terminal).

--log.format=<value>
log.maxage

Maximum number of days to retain a log file. The default value is 30.

--log.maxage=<value>
log.maxbackups

Maximum number of log files to retain. The default value is 10.

--log.maxbackups=<value>
log.maxsize

Maximum size in MBs of a single log file. The default value is 100.

--log.maxsize=<value>
log.rotate

Enables log file rotation. The default value is false.

--log.rotate
log.vmodule

Per-module verbosity: comma-separated list of <pattern>=<level> (e.g. eth/*=5,p2p=4).

--log.vmodule=<value>
nocompaction

Disables database compaction after import. The default value is false.

--nocompaction
pprof

Enable the pprof HTTP server. The default value is false.

--pprof
pprof.addr

pprof HTTP server listening interface. The default value is "127.0.0.1".

--pprof.addr=<value>
pprof.blockprofilerate

Turn on block profiling with the given rate. The default value is 0.

--pprof.blockprofilerate=<value>
pprof.cpuprofile

Write CPU profile to the given file.

--pprof.cpuprofile=<value>
pprof.memprofilerate

Turn on memory profiling with the given rate. The default value is 524288.

--pprof.memprofilerate=<value>
pprof.port

pprof HTTP server listening port. The default value is 6060.

--pprof.port=<value>
remotedb

URL for remote database.

--remotedb=<value>
trace

Write execution trace to the given file.

--trace=<value>
verbosity

Logging verbosity: 0=silent, 1=error, 2=warn, 3=info, 4=debug, 5=detail. The default value is 3.

--verbosity=<value>
METRICS AND STATS
ethstats

Reporting URL of an ethstats service (nodename:secret@host:port).

--ethstats=<value>
metrics

Enable metrics collection and reporting. The default value is false.

--metrics
metrics.addr

Enable stand-alone metrics HTTP server listening interface.

--metrics.addr=<value>
metrics.expensive

Enable expensive metrics collection and reporting. The default value is false.

--metrics.expensive
metrics.influxdb

Enable metrics export/push to an external InfluxDB database. The default value is false.

--metrics.influxdb
metrics.influxdb.bucket

InfluxDB bucket name to push reported metrics to (v2 only). The default value is "geth".

--metrics.influxdb.bucket=<value>
metrics.influxdb.database

InfluxDB database name to push reported metrics to. The default value is "geth".

--metrics.influxdb.database=<value>
metrics.influxdb.endpoint

InfluxDB API endpoint to report metrics to. The default value is "http://localhost:8086".

--metrics.influxdb.endpoint=<value>
metrics.influxdb.organization

InfluxDB organization name (v2 only). The default value is "geth".

--metrics.influxdb.organization=<value>
metrics.influxdb.password

Password to authorize access to the database. The default value is "test".

--metrics.influxdb.password=<value>
metrics.influxdb.tags

Comma-separated InfluxDB tags (key/values) attached to all measurements. The default value is "host=localhost".

--metrics.influxdb.tags=<value>
metrics.influxdb.token

Token to authorize access to the database (v2 only). The default value is "test".

--metrics.influxdb.token=<value>
metrics.influxdb.username

Username to authorize access to the database. The default value is "test".

--metrics.influxdb.username=<value>
metrics.influxdbv2

Enable metrics export/push to an external InfluxDB v2 database. The default value is false.

--metrics.influxdbv2
metrics.port

Metrics HTTP server listening port. The default value is 6060. Please note that --metrics.addr must be set to start the server.

--metrics.port=<value>
MINER
mine

Enable mining. The default value is false.

--mine
miner.etherbase

0x prefixed public address for block mining rewards.

--miner.etherbase=<value>
miner.extradata

Block extra data set by the miner (default = client version).

--miner.extradata=<value>
miner.gaslimit

Target gas ceiling for mined blocks. The default value is 30000000.

--miner.gaslimit=<value>
miner.gasprice

Minimum gas price for mining a transaction. The default value is 0.

--miner.gasprice=<value>
miner.newpayload-timeout

Specify the maximum time allowance for creating a new payload. The default value is 2s.

--miner.newpayload-timeout=<value>
miner.recommit

Time interval to recreate the block being mined. The default value is 2s.

--miner.recommit=<value>
MISC
help

Show help. This is typically used to display command-line options and usage information.

--help or -h
synctarget

Hash of the block to full sync to (dev testing feature).

--synctarget=<value>
version

Nodes built from source do not output the correct version numbers that are reported on the GitHub release page.

Print the version. This option is typically used to display the version of the software.

--version or -v
NETWORKING
bootnodes

Comma separated enode URLs for P2P discovery bootstrap.

--bootnodes=<value>
discovery.dns

Sets DNS discovery entry points (use "" to disable DNS).

--discovery.dns=<value>
discovery.port

Use a custom UDP port for P2P discovery. The default value is 30303.

--discovery.port=<value>
discovery.v4

Enables the V4 discovery mechanism. The default value is true.

--discovery.v4 or --discv4
discovery.v5

Enables the experimental RLPx V5 (Topic Discovery) mechanism. The default value is false.

--discovery.v5 or --discv5
identity

Custom node name.

--identity=<value>
maxpeers

Maximum number of network peers (network disabled if set to 0). The default value is 50.

--maxpeers=<value>
maxpendpeers

Maximum number of pending connection attempts (defaults used if set to 0). The default value is 0.

--maxpendpeers=<value>
nat

NAT port mapping mechanism (any|none|upnp|pmp|pmp:<IP>|extip:<IP>). The default value is "any".

--nat=<value>
netrestrict

Restricts network communication to the given IP networks (CIDR masks).

--netrestrict=<value>
nodekey

P2P node key file.

--nodekey=<value>
nodekeyhex

P2P node key as hex (for testing).

--nodekeyhex=<value>
nodiscover

Disables the peer discovery mechanism (manual peer addition). The default value is false.

--nodiscover
port

Network listening port. The default value is 30303.

--port=<value>
PERFORMANCE TUNING
cache

Megabytes of memory allocated to internal caching. The default is 4096 MB for mainnet full node and 128 MB for light mode.

--cache=<value>
cache.blocklogs

Size (in number of blocks) of the log cache for filtering. The default value is 32.

--cache.blocklogs=<value>
cache.database

Percentage of cache memory allowance to use for database I/O. The default value is 50.

--cache.database=<value>
cache.gc

Percentage of cache memory allowance to use for trie pruning. The default is 25% for full mode and 0% for archive mode.

--cache.gc=<value>
cache.noprefetch

Disable heuristic state prefetch during block import (less CPU and disk IO, more time waiting for data). The default value is false.

--cache.noprefetch
cache.preimages

Enable recording the SHA3/keccak preimages of trie keys. The default value is false.

--cache.preimages
cache.snapshot

Percentage of cache memory allowance to use for snapshot caching. The default is 10% for full mode and 20% for archive mode.

--cache.snapshot=<value>
cache.trie

Percentage of cache memory allowance to use for trie caching. The default is 15% for full mode and 30% for archive mode.

--cache.trie=<value>
crypto.kzg

KZG library implementation to use; gokzg (recommended) or ckzg. The default value is "gokzg".

--crypto.kzg=<value>
fdlimit

Raise the open file descriptor resource limit. The default is the system fd limit.

--fdlimit=<value>
ROLLUP NODE
rollup.computependingblock

By default, the pending block equals the latest block to save resources and not leak transactions from the tx-pool. This flag enables computing of the pending block from the tx-pool instead. The default value is false.

--rollup.computependingblock
rollup.disabletxpoolgossip

Disable transaction pool gossip. The default value is false.

--rollup.disabletxpoolgossip
rollup.halt

Opt-in option to halt on incompatible protocol version requirements of the given level (major/minor/patch/none), as signaled through the Engine API by the rollup node.

--rollup.halt=<value>
rollup.historicalrpc

RPC endpoint for historical data.

--rollup.historicalrpc <value>
rollup.historicalrpctimeout

Timeout for historical RPC requests. The default value is 5s.

--rollup.historicalrpctimeout=<value>
rollup.sequencerhttp

HTTP endpoint for the sequencer mempool.

--rollup.sequencerhttp=<value>
rollup.superchain-upgrades

Apply superchain-registry config changes to the local chain-configuration. The default value is true.

--rollup.superchain-upgrades or --beta.rollup.superchain-upgrades
STATE HISTORY MANAGEMENT
gcmode

Blockchain garbage collection mode, only relevant in state.scheme=hash. Options are "full" and "archive". The default value is "full".

--gcmode=<value>
history.state

Number of recent blocks to retain state history for. The default is 90000 blocks, with 0 representing the entire chain.

--history.state=<value>
history.transactions

Number of recent blocks to maintain transactions index for. The default is about one year (2350000 blocks), with 0 representing the entire chain.

--history.transactions=<value>
state.scheme

Scheme to use for storing Ethereum state. Options are 'hash' or 'path'.

--state.scheme=<value>
syncmode

Blockchain sync mode. Options are "snap", or "full". The default value is "snap".