Install Prysm with Docker

Prysm can be installed on Windows, GNU/Linux, and MacOS systems with Docker. We use Bazel to push preconfigured Docker images to a publicly accessible Google Cloud container registry.

Not familiar with Docker? Try our quickstart

This guidance is targeted at users who are already comfortable with Docker. See our Quickstart for beginner-friendly installation instructions.

Select a configuration:

Operating system:

Linux, MacOS, Arm64

Windows

Network:

Mainnet

Sepolia

Holesky

Execution client:

Geth

Nethermind

Besu

EN-BN connection:

HTTP-JWT

IPC

Review system requirements

Minimum	Recommended
OS: 64-bit Linux, Mac OS X 10.14+, Windows 64-bit CPU: Intel Core i5–760 or AMD FX-8100 or better Memory: 8GB RAM Storage: SSD with 20GB+ available Internet: Broadband connection Software: The latest release of Docker installed.	CPU: Intel Core i7–4770 or AMD FX-8310 or better Memory: 16GB RAM Storage: SSD with 100GB+ available

Download the Prysm Docker images

First, ensure that you're running the most recent version of Docker:

docker -v

Next, pull the Prysm images:

## stable, without Busybox debugging tools
docker pull gcr.io/prysmaticlabs/prysm/validator:stable
docker pull gcr.io/prysmaticlabs/prysm/beacon-chain:stable

## latest, without Busybox debugging tools
docker pull gcr.io/prysmaticlabs/prysm/validator:latest
docker pull gcr.io/prysmaticlabs/prysm/beacon-chain:latest

## latest, with Busybox debugging tools
docker pull gcr.io/prysmaticlabs/prysm/validator:latest-alpine
docker pull gcr.io/prysmaticlabs/prysm/beacon-chain:latest-alpine

These commands will automatically install dependencies.

Configure ports (optional)

We recommend opening up ports tcp/13000 and udp/12000 on your router and firewall to improve peer-to-peer connectivity. Refer to your operating system and router documentation for port configuration instructions. With this complete, appending --p2p-host-ip=$(curl -s ident.me) to your beacon node startup command will configure Prysm to use your newly opened ports. Refer to Configure ports and firewalls for more information.

Run a beacon node

Knowledge Check

Not familiar with nodes, networks, and related terminology? Consider reading Nodes and networks before proceeding.

If you're not already running an execution node, refer to our Quickstart for beginner-friendly execution node installation instructions.

Next, use Docker to tell your beacon node to connect to your local execution node. Note that <YOUR_ETH_EXECUTION_NODE_ENDPOINT> is either an HTTP endpoint http://host:port or an IPC path such as /path/to/geth.ipc.

Linux, MacOS, Arm64

Mainnet

docker run -it -v $HOME/.eth2:/data -p 4000:4000 -p 13000:13000 -p 12000:12000/udp --name beacon-node \
  gcr.io/prysmaticlabs/prysm/beacon-chain:stable \
  --datadir=/data \
  --jwt-secret=<YOUR_JWT_SECRET> \
  --rpc-host=0.0.0.0 \
  --http-host=0.0.0.0 \
  --monitoring-host=0.0.0.0 \
  --execution-endpoint=<YOUR_ETH_EXECUTION_NODE_ENDPOINT>

Sepolia

Download the Sepolia genesis state from Github to a local file, then run:

docker run -it -v $HOME/.eth2:/data -v /path/to/genesis.ssz:/genesis/genesis.ssz -p 4000:4000 -p 13000:13000 -p 12000:12000/udp --name beacon-node \
  gcr.io/prysmaticlabs/prysm/beacon-chain@sha256:bf9b95661c71ad60f633ee14cf352a668d550076471154cf80dfef8fce0bb41e \
  --datadir=/data \
  --jwt-secret=<YOUR_JWT_SECRET> \
  --rpc-host=0.0.0.0 \
  --http-host=0.0.0.0 \
  --monitoring-host=0.0.0.0 \
  --execution-endpoint=<YOUR_ETH_EXECUTION_NODE_ENDPOINT> \
  --genesis-state=/genesis/genesis.ssz \
  --sepolia

Holesky

Download the Holesky genesis state from Github to a local file, then run:

docker run -it -v $HOME/.eth2:/data -v /path/to/genesis.ssz:/genesis/genesis.ssz -p 4000:4000 -p 13000:13000 -p 12000:12000/udp --name beacon-node \
  gcr.io/prysmaticlabs/prysm/beacon-chain@sha256:bf9b95661c71ad60f633ee14cf352a668d550076471154cf80dfef8fce0bb41e \
  --datadir=/data \
  --jwt-secret=<YOUR_JWT_SECRET> \
  --rpc-host=0.0.0.0 \
  --http-host=0.0.0.0 \
  --monitoring-host=0.0.0.0 \
  --execution-endpoint=<YOUR_ETH_EXECUTION_NODE_ENDPOINT> \
  --genesis-state=/genesis/genesis.ssz \
  --holesky

Windows

To ensure that your Docker image has access to a data directory, mount a local drive to your container. Right click your Docker tray icon -> Settings -> Shared Drives -> select your drive -> Apply. Next, create a directory named /prysm/ within your shared drive. This folder will be used as a local data directory for Prysm. This guide assumes that C: is the drive you've selected:

Mainnet

docker run -it -v %LOCALAPPDATA%\Eth2:/data -p 4000:4000 -p 13000:13000 -p 12000:12000/udp gcr.io/prysmaticlabs/prysm/beacon-chain:stable --datadir=/data --jwt-secret=<YOUR_JWT_SECRET> --rpc-host=0.0.0.0 --http-host=0.0.0.0 --monitoring-host=0.0.0.0 --execution-endpoint=<YOUR_ETH_EXECUTION_NODE_ENDPOINT> 

Sepolia

Download the Sepolia genesis state from Github to a local file, then run:

docker run -it -v %LOCALAPPDATA%\Eth2:/data -v \path\to\genesis.ssz:/genesis/genesis.ssz -p 4000:4000 -p 13000:13000 -p 12000:12000/udp gcr.io/prysmaticlabs/prysm/beacon-chain@sha256:bf9b95661c71ad60f633ee14cf352a668d550076471154cf80dfef8fce0bb41e --datadir=/data --jwt-secret=<YOUR_JWT_SECRET> --rpc-host=0.0.0.0 --http-host=0.0.0.0 --monitoring-host=0.0.0.0 --execution-endpoint=<YOUR_ETH_EXECUTION_NODE_ENDPOINT> --genesis-state=/genesis/genesis.ssz --sepolia

Holesky

Download the Holesky genesis state from Github to a local file, then run:

docker run -it -v %LOCALAPPDATA%\Eth2:/data -v \path\to\genesis.ssz:/genesis/genesis.ssz -p 4000:4000 -p 13000:13000 -p 12000:12000/udp gcr.io/prysmaticlabs/prysm/beacon-chain@sha256:bf9b95661c71ad60f633ee14cf352a668d550076471154cf80dfef8fce0bb41e --datadir=/data --jwt-secret=<YOUR_JWT_SECRET> --rpc-host=0.0.0.0 --http-host=0.0.0.0 --monitoring-host=0.0.0.0 --execution-endpoint=<YOUR_ETH_EXECUTION_NODE_ENDPOINT> --genesis-state=/genesis/genesis.ssz --holesky

Fee recipient

You plan to run a validator?

Consider using --suggested-fee-recipient on your beacon node. See How to configure Fee Recipient for more information about this feature.

Run a validator

Ensure that you're not running multiple instances of the same validator public key, especially if you're using scripts or other forms of automation. If the Ethereum network detects two instances of the same validator key submitting proposals, attestations, or votes, it may assume malicious intent and slash accordingly.

Verify that your beacon node and execution node are both fully synced. If you're not fully synced, you risk being penalized and losing some of your staked ETH.

Check the sync status of your node with the following command:

curl http://localhost:3500/eth/v1/node/syncing

If your node is done synchronizing, you will see the response:

{"syncing":false}%

Stake your ETH

Exercise caution

The Ethereum launchpad URL is https://launchpad.ethereum.org and the only, official validator deposit contract is 0x00000000219ab540356cbb839cbe05303d7705fa. Don't send ETH directly to the contract - deposit your stake through Ethereum.org launchpad.

Use the Mainnet Launchpad to deposit your 32 ETH. If you want to participate in the testnet, use the Holesky launchpad.

Throughout the process, you'll be asked to generate new validator credentials using the official Ethereum deposit command-line-tool. Make sure you use the mainnet option when generating keys with the deposit CLI. During the process, you will have generated a validator_keys folder under the eth2.0-deposit-cli directory. You can import all of your validator keys into Prysm from that folder in the next step.

Import keystores

Copy the path to the validator_keys folder under the eth2.0-deposit-cli directory you created during the launchpad process and issue the following command:

Linux, MacOS, Arm64

docker run -it -v $HOME/eth2.0-deposit-cli/validator_keys:/keys \
  -v $HOME/Eth2Validators/prysm-wallet-v2:/wallet \
  --name validator \
  --accept-terms-of-use \
  gcr.io/prysmaticlabs/prysm/validator:stable \
  accounts import --keys-dir=/keys --wallet-dir=/wallet

Windows

docker run -it -v %LOCALAPPDATA%\eth2.0-deposit-cli\validator_keys:/keys -v %LOCALAPPDATA%\Eth2Validators\prysm-wallet-v2:/wallet gcr.io/prysmaticlabs/prysm/validator:stable accounts import --keys-dir=/keys --wallet-dir=/wallet --accept-terms-of-use

Run validator

Open a second terminal window. Issue the following command to start the validator by replacing <YOUR_WALLET_ADDRESS> by the address of a wallet you own. See How to configure Fee Recipient for more information about this feature:

Linux, MacOS, Arm64

docker run -it -v $HOME/Eth2Validators/prysm-wallet-v2:/wallet \
  -v $HOME/Eth2:/validatorDB \
  --network="host" --name validator \
  gcr.io/prysmaticlabs/prysm/validator:stable \
  --beacon-rpc-provider=127.0.0.1:4000 \
  --wallet-dir=/wallet \
  --datadir=/validatorDB
  --suggested-fee-recipient=<YOUR_WALLET_ADDRESS>

Windows

docker run -it -v %LOCALAPPDATA%\Eth2Validators\prysm-wallet-v2:/wallet -v %LOCALAPPDATA%\Eth2:/validatorDB --network="host" --name validator gcr.io/prysmaticlabs/prysm/validator:stable --beacon-rpc-provider=127.0.0.1:4000 --wallet-dir=/wallet --datadir=/validatorDB --suggested-fee-recipient=<YOUR_WALLET_ADDRESS>

Congratulations!

You’re now running a full Ethereum node and a validator client.

It can a long time (from days to months) for your validator to become fully activated. To learn more about the validator activation process, see Deposit Process. See Check node and validator status for detailed status monitoring guidance.

You can leave your execution client, beacon node, and validator client terminal windows open and running. Once your validator is activated, it will automatically begin proposing and validating blocks.

Appendix A: Manage Prysm with Docker

To interact with your beacon node through Docker, use one of the following commands:

• Halt: docker stop beacon-node or Ctrl+c
• Restart: docker start -ai beacon-node
• Delete: docker rm beacon-node

To recreate a deleted container and refresh the chain database, issue the start command with an additional --clear-db parameter, where <YOUR_ETH_EXECUTION_NODE_ENDPOINT> is in the format of an http endpoint such as http://host:port (ex: http://localhost:8551 for Geth) or an IPC path such as /path/to/geth.ipc:

Linux, MacOS, Arm64

docker run -it -v $HOME/.eth2:/data -p 4000:4000 -p 13000:13000 -p 12000:12000/udp --name beacon-node \
  gcr.io/prysmaticlabs/prysm/beacon-chain:latest \
  --datadir=/data \
  --clear-db \
  --rpc-host=0.0.0.0 \
  --monitoring-host=0.0.0.0 \
  --execution-endpoint=<YOUR_ETH_EXECUTION_NODE_ENDPOINT> 

Windows

docker run -it -v %LOCALAPPDATA%\Eth2:/data -p 4000:4000 -p 13000:13000 -p 12000:12000/udp --name beacon-node gcr.io/prysmaticlabs/prysm/beacon-chain:latest --datadir=/data --clear-db --monitoring-host=0.0.0.0 --rpc-host=0.0.0.0 --execution-endpoint=<YOUR_ETH_EXECUTION_NODE_ENDPOINT>

Frequently asked questions

Why do we set --rpc-host and --http-host to 0.0.0.0?

info

http-host and http-port have replaced --grpc-gateway-host and --grpc-gateway-port respectively.

This tells your Docker container to to "listen" for connections from outside of your container, allowing you (and other services) to reach your RPC endpoint(s). See Configure ports and firewalls for more information.