Skip to main content

Command line options

This reference describes the syntax of the Hyperledger Besu command line interface (CLI) options.

info

This reference contains options that apply to both public and private networks. For private-network-specific options, see the private network options reference.

Specify options

You can specify Besu options:

  • On the command line.

    besu [OPTIONS] [SUBCOMMAND]
  • As an environment variable. For each command line option, the equivalent environment variable is:

    • Uppercase.
    • _ replaces -.
    • Has a BESU_ prefix.

    For example, set --miner-coinbase using the BESU_MINER_COINBASE environment variable.

  • In a configuration file.

If you specify an option in more than one place, the order of priority is command line, environment variable, configuration file.

If using Bash or Z shell, you can view option suggestions by entering -- and pressing the Tab key twice.

besu --Tab+Tab
caution

Characters such as smart quotes and long (em) hyphens don't work in Besu command line options. Ensure quotes aren't automatically converted to smart quotes, or double hyphens combined into em hyphens.

Options

api-gas-price-blocks

--api-gas-price-blocks=<INTEGER>

Number of blocks back from the head block to examine for eth_gasPrice. The default is 100.

api-gas-price-max

--api-gas-price-max=<INTEGER>

Maximum gas price to return for eth_gasPrice, regardless of the percentile value measured. The default is 500000000000 (500 GWei).

api-gas-price-percentile

--api-gas-price-percentile=<DOUBLE>

Percentile value to measure for eth_gasPrice. The default is 50.0.

For eth_gasPrice, to return the:

auto-log-bloom-caching-enabled

--auto-log-bloom-caching-enabled[=<true|false>]

Enables or disables automatic log bloom caching. APIs such as eth_getLogs and eth_getFilterLogs use the cache for improved performance. The default is true.

If automatic log bloom caching is enabled and a log bloom query reaches the end of the cache, Besu performs an uncached query for logs not yet written to the cache.

Automatic log bloom caching has a small impact on performance. If you are not querying logs blooms for a large number of blocks, you might want to disable automatic log bloom caching.

banned-node-ids

--banned-node-ids=<bannedNodeId>[,<bannedNodeId>...]...

A list of node IDs with which this node will not peer. The node ID is the public key of the node. You can specify the banned node IDs with or without the 0x prefix.

tip

The singular --banned-node-id and plural --banned-node-ids are available and are two names for the same option.

bonsai-historical-block-limit

--bonsai-historical-block-limit=256

When using Bonsai Tries, the maximum number of previous blocks for which Bonsai can reconstruct a historical state. The default is 512.

bootnodes

--bootnodes[=<enode://id@host:port>[,<enode://id@host:port>...]...]

A list of comma-separated enode URLs for P2P discovery bootstrap.

When connecting to Mainnet or public testnets, the default is a predefined list of enode URLs.

In private networks defined using --genesis-file or when using --network=dev, the default is an empty list of bootnodes.

color-enabled

--color-enabled[=<true|false>]

Enables or disables color output to console. The default is true.

compatibility-eth64-forkid-enabled

--compatibility-eth64-forkid-enabled[=<true|false>]

Enables or disables the legacy Eth/64 fork ID. For any networks with nodes using Besu v1.4 or earlier and nodes using Besu v20.10.1 or later, either:

  • All nodes must be upgraded to v20.10.1 or later.
  • All nodes using v20.10.1 or later must have --compatibility-eth64-forkid-enabled set to true.

The default is false.

caution

If networks have Besu nodes using v1.4 or earlier and other Besu nodes using v20.10.1 or later, the nodes on different versions cannot communicate unless --compatibility-eth64-forkid-enabled is set to true.

config-file

--config-file=<FILE>

The path to the TOML configuration file. The default is none.

data-path

--data-path=<PATH>

The path to the Besu data directory. The default is the directory you installed Besu in, or /opt/besu/database if using the Besu Docker image.

data-storage-format

--data-storage-format=<FORMAT>

The data storage format to use. Set to BONSAI for Bonsai Tries or FOREST for Forest of Tries. The default is FOREST.

discovery-dns-url

--discovery-dns-url=<enrtree URL>

The enrtree URL of the DNS node list for node discovery via DNS. The default is null.

discovery-enabled

--discovery-enabled[=<true|false>]

Enables or disables P2P discovery. The default is true.

note

You can override the default DNS server if it's unreliable or doesn't serve TCP DNS requests, using the early access option --Xp2p-dns-discovery-server=<HOST>.

engine-host-allowlist

--engine-host-allowlist=<hostname>[,<hostname>...]... or "*"

A comma-separated list of hostnames to allow for Engine API access (applies to both HTTP and WebSocket).

tip

To allow all hostnames, use "*". We don't recommend allowing all hostnames in production environments.

engine-jwt-disabled

--engine-jwt-disabled[=<true|false>]

Disables or enables authentication for Engine APIs. The default is false (authentication is enabled by default).

engine-jwt-secret

--engine-jwt-secret=<FILE>

Shared secret used to authenticate consensus clients when using the Engine JSON-RPC API (both HTTP and WebSocket). Contents of file must be at least 32 hex-encoded bytes and not begin with 0x. May be a relative or absolute path. See an example of how to generate this.

engine-rpc-enabled

--engine-rpc-enabled[=<true|false]>

Enables or disables the Engine API. The default is true.

engine-rpc-port

--engine-rpc-port=<PORT>

The listening port for the Engine API calls (ENGINE, ETH) for JSON-RPC over HTTP and WebSocket. The default is 8551.

ethstats

--ethstats=<[ws://|wss://]nodename:secret@host:[port]>

Reporting URL of an Ethstats server. If specified without a port, the default port is 443 for SSL connections and 80 for non-SSL connections.

You can optionally specify ws:// or wss:// in the Ethstats URL. If you specify this scheme, the connection doesn't need to switch from SSL to non-SSL on each retry logic.

ethstats-cacert-file

--ethstats-cacert-file=<FILE>

Path to the root certificate authority (CA) certificate file of the Ethstats server specified by --ethstats. This option is useful in non-production environments.

ethstats-contact

--ethstats-contact=<CONTACT>

Contact email address to send to the Ethstats server specified by --ethstats.

fast-sync-min-peers

--fast-sync-min-peers=<INTEGER>

The minimum number of peers required before starting fast synchronization in proof of work networks. The default is 5.

info

This option only applies to proof of work networks.

genesis-file

--genesis-file=<FILE>

The path to the genesis file.

caution

You can't use the --genesis-file and --network options at the same time.

graphql-http-cors-origins

--graphql-http-cors-origins=<graphQLHttpCorsAllowedOrigins>

A list of comma-separated origin domain URLs for CORS validation. The default is none.

graphql-http-enabled

--graphql-http-enabled[=<true|false>]

Enables or disables the GraphQL HTTP service. The default is false.

The default GraphQL HTTP service endpoint is http://127.0.0.1:8547/graphql if set to true.

graphql-http-host

--graphql-http-host=<HOST>

The host on which GraphQL HTTP listens. The default is 127.0.0.1.

To allow remote connections, set to 0.0.0.0.

graphql-http-port

--graphql-http-port=<PORT>

The port (TCP) on which GraphQL HTTP listens. The default is 8547. Ports must be exposed appropriately.

help

-h, --help

Show the help message and exit.

host-allowlist

--host-allowlist=<hostname>[,<hostname>...]... or "*"

A comma-separated list of hostnames to access the JSON-RPC API and pull Besu metrics. By default, Besu accepts requests from localhost and 127.0.0.1.

info

This isn't a permissioning feature. To restrict access to the API, we recommend using the Besu authentication mechanism with username and password authentication or JWT public key authentication.

note

If using Prometheus to pull metrics from a node, you must specify all the other nodes you want to pull metrics from in the list of allowed hostnames.

tip

To allow all hostnames, use "*". We don't recommend allowing all hostnames for production environments.

identity

--identity=<String>

The name for the node. If specified, it's the second section of the client ID provided by some Ethereum network explorers. For example, in the client ID besu/MyNode/v1.3.4/linux-x86_64/oracle_openjdk-java-11, the node name is MyNode.

If a name is not specified, the name section is not included in the client ID. For example, besu/v1.3.4/linux-x86_64/oracle_openjdk-java-11.

json-pretty-print-enabled

--json-pretty-print-enabled[=<true|false>]

Enables or disables the pretty-print output for HTTP and WebSocket responses. The default is false.

key-value-storage

--key-value-storage=<keyValueStorageName>

The key-value storage to use. Use this option only if using a storage system provided with a plugin. The default is rocksdb.

For development use only, the memory option provides ephemeral storage for sync testing and debugging.

kzg-trusted-setup

--kzg-trusted-setup=<PATH>

The path to the C-KZG-4844 trusted setup file. Use this option to pass a custom setup file for custom networks or to override the default setup file for named networks.

logging

-l, --logging=<LEVEL>

Sets logging verbosity. Log levels are OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL. The default is INFO.

max-peers

--max-peers=<INTEGER>

The maximum number of P2P connections you can establish. The default is 25.

caution

The minimum number of peers is set by the early access option --Xp2p-peer-lower-bound, which also has a default of 25. If you reduce the --max-peers from the default, you must also set the --Xp2p-peer-lower-bound option to the same value or lower. For example, if you decrease --max-peers to 20, set --Xp2p-peer-lower-bound to 20 or lower.

metrics-category

--metrics-category=<metrics-category>[,metrics-category...]...

A comma-separated list of categories for which to track metrics. The defaults are BLOCKCHAIN, ETHEREUM, EXECUTORS, JVM, NETWORK, PEERS, PERMISSIONING, PROCESS, PRUNER, RPC, STRATUM, SYNCHRONIZER, and TRANSACTION_POOL.

Other categories are KVSTORE_ROCKSDB, KVSTORE_PRIVATE_ROCKSDB, KVSTORE_ROCKSDB_STATS, and KVSTORE_PRIVATE_ROCKSDB_STATS.

Categories containing PRIVATE track metrics when you enable private transactions.

metrics-enabled

--metrics-enabled[=<true|false>]

Enables or disables the metrics exporter. The default is false.

You can't specify --metrics-enabled with --metrics-push-enabled. That is, you can enable either Prometheus polling or Prometheus push gateway support, but not both at once.

metrics-host

--metrics-host=<HOST>

The host on which Prometheus accesses Besu metrics. The metrics server respects the --host-allowlist option.

The default is 127.0.0.1.

metrics-port

--metrics-port=<PORT>

The port (TCP) on which Prometheus accesses Besu metrics. The default is 9545. Ports must be exposed appropriately.

metrics-protocol

--metrics-protocol=<metrics-protocol>

Metrics protocol to use: PROMETHEUS, OPENTELEMETRY, or NONE. The default is PROMETHEUS.

metrics-push-enabled

--metrics-push-enabled[=<true|false>]

Enables or disables push gateway integration.

You can't specify --metrics-push-enabled with --metrics-enabled. That is, you can enable either Prometheus polling or Prometheus push gateway support, but not both at once.

metrics-push-host

--metrics-push-host=<HOST>

The host of the Prometheus Push Gateway. The default is 127.0.0.1. The metrics server respects the --host-allowlist option.

note

When pushing metrics, ensure you set --metrics-push-host to the machine on which the push gateway is. Generally, this is a different machine to the machine on which Besu is running.

metrics-push-interval

--metrics-push-interval=<INTEGER>

The interval, in seconds, to push metrics when in push mode. The default is 15.

metrics-push-port

--metrics-push-port=<PORT>

The port (TCP) of the Prometheus Push Gateway. The default is 9001. Ports must be exposed appropriately.

metrics-push-prometheus-job

--metrics-push-prometheus-job=<metricsPrometheusJob>

The job name when in push mode. The default is besu-client.

min-block-occupancy-ratio

--min-block-occupancy-ratio=<minBlockOccupancyRatio>

Minimum occupancy ratio for a mined block if the transaction pool is not empty. When filling a block during mining, the occupancy ratio indicates the threshold at which the node stops waiting for smaller transactions to fill the remaining space. The default is 0.8.

note

Besu ignores the --min-block-occupancy-ratio option for proof of stake networks (for example, Mainnet).

miner-coinbase

--miner-coinbase=<Ethereum account address>

The account you pay mining rewards to. You must specify a valid coinbase when you enable mining using the --miner-enabled option or the miner_start JSON-RPC API method.

note

Besu ignores this option in networks using Clique, IBFT 2.0, or QBFT consensus protocols.

miner-enabled

--miner-enabled[=<true|false>]

Enables or disables mining when you start the node. The default is false.

miner-extra-data

--miner-extra-data=<Extra data>

A hex string representing the 32 bytes included in the extra data field of a mined block. The default is 0x.

miner-stratum-enabled

--miner-stratum-enabled

Enables a node to perform stratum mining. The default is false.

miner-stratum-host

--miner-stratum-host=<HOST>

The host of the stratum mining service. The default is 0.0.0.0.

miner-stratum-port

--miner-stratum-port=<PORT>

The port of the stratum mining service. The default is 8008. You must expose ports appropriately.

min-gas-price

--min-gas-price=<minTransactionGasPrice>

The minimum price a transaction offers to include it in a mined block. The minimum gas price is the lowest value eth_gasPrice can return. The default is 1000 Wei.

tip

In a free gas network, ensure the minimum gas price is set to zero for every node. Any node with a minimum gas price set higher than zero will silently drop transactions with a zero gas price. You can query a node's gas configuration using eth_gasPrice.

nat-method

--nat-method=UPNP

Specify the method for handling NAT environments. The options are:

The default is AUTO. NONE disables NAT functionality.

tip

UPnP support is often disabled by default in networking firmware. If disabled by default, explicitly enable UPnP support.

tip

Use UPNPP2PONLY if you wish to enable UPnP for p2p traffic but not JSON-RPC.

note

Specifying UPNP might introduce delays during node startup, especially on networks without a UPnP gateway device.

You must specify DOCKER when using the Besu Docker image.

network

--network=<NETWORK>

The predefined network configuration. The default is mainnet.

Possible values are:

NetworkChainTypeDefault Sync ModeDescription
mainnetETHProductionFASTThe main network
goerliETHTestFASTA PoS network
holeskyETHTestFASTA PoS network
sepoliaETHTestFASTA PoS network
devETHDevelopmentFULLA PoW network with a low difficulty to enable local CPU mining
classicETCProductionFASTThe main Ethereum Classic network
mordor ETCTestFASTA PoW network
tip

Values are case insensitive, so either mainnet or MAINNET works.

info
  • You can't use the --network and --genesis-file options at the same time.

  • The Ropsten, Rinkeby, and Kiln testnets are deprecated.

network-id

--network-id=<INTEGER>

The P2P network identifier.

Use this option to override the default network ID. The default value is the same as the chain ID defined in the genesis file.

node-private-key-file

--node-private-key-file=<FILE>

The private key file for the node. The default is the key file in the data directory. If no key file exists, Besu creates a key file containing the generated private key, otherwise, the existing key file specifies the node private key.

danger

The private key is not encrypted.

This option is ignored if --security-module is set to a non-default value.

p2p-enabled

--p2p-enabled[=<true|false>]

Enables or disables all P2P communication. The default is true.

p2p-host

--p2p-host=<HOST>

The advertised host that can be used to access the node from outside the network in P2P communication. The default is 127.0.0.1.

info

If --nat-method is set to NONE, --p2p-host is not overridden and must be specified for the node to be accessed from outside the network.

p2p-interface

--p2p-interface=<HOST>

The network interface on which the node listens for P2P communication. Use the option to specify the required network interface when the device that Besu is running on has multiple network interfaces. The default is 0.0.0.0 (all interfaces).

p2p-port

--p2p-port=<PORT>

The P2P listening ports (UDP and TCP). The default is 30303. You must expose ports appropriately.

pruning-block-confirmations

--pruning-block-confirmations=<INTEGER>

The minimum number of confirmations on a block before marking of newly-stored or in-use state trie nodes that cannot be pruned. The default is 10.

info

Using pruning with private transactions is not supported.

pruning-blocks-retained

--pruning-blocks-retained=<INTEGER>

The minimum number of recent blocks to keep the entire world state for. The default is 1024.

info

Using pruning with private transactions isn't supported.

pruning-enabled

--pruning-enabled

Enables pruning to reduce storage required for the world state. The default is false.

info

Using pruning with private transactions isn't supported.

note

Pruning is being deprecated for Bonsai Tries and is currently not being updated.

random-peer-priority-enabled

--random-peer-priority-enabled[=<true|false>]

Enables or disables random prioritization of incoming connections. Enable in small, stable networks to prevent closed groups of peers forming. The default is false.

remote-connections-limit-enabled

--remote-connections-limit-enabled[=<true|false>]

Enables or disables using the --remote-connections-max-percentage option to limit the percentage of remote P2P connections initiated by peers. The default is true.

tip

In private and permissioned networks with a level of trust between peers, disabling the remote connection limits may increase the speed at which nodes can join the network.

danger

To prevent eclipse attacks, ensure you enable the remote connections limit when connecting to any public network, and especially when using --sync-mode and --fast-sync-min-peers.

remote-connections-max-percentage

--remote-connections-max-percentage=<DOUBLE>

The percentage of remote P2P connections you can establish with the node. Must be between 0 and 100, inclusive. The default is 60.

reorg-logging-threshold

--reorg-logging-threshold=<INTEGER>

Minimum depth of chain reorganizations to log. The default is 6.

required-block

--required-block, --required-blocks[=BLOCK=HASH[,BLOCK=HASH...]...]

Requires a peer with the specified block number to have the specified hash when connecting, or Besu rejects that peer.

revert-reason-enabled

--revert-reason-enabled[=<true|false>]

Enables or disables including the revert reason in the transaction receipt, eth_estimateGas error response, eth_call error response, and trace response. The default is false.

caution

Enabling revert reason may use a significant amount of memory. We don't recommend enabling revert reason when connected to public Ethereum networks.

rpc-http-api

--rpc-http-api=<api name>[,<api name>...]...

A comma-separated list of APIs to enable on the HTTP JSON-RPC channel. When you use this option you must also specify the --rpc-http-enabled option. The available API options are: ADMIN, CLIQUE, DEBUG, EEA, ETH, IBFT, MINER, NET, PERM, PLUGINS, PRIV, QBFT, TRACE, TXPOOL, and WEB3. The default is: ETH, NET, WEB3.

tip

The singular --rpc-http-api and plural --rpc-http-apis are available and are two names for the same option.

rpc-http-authentication-credentials-file

--rpc-http-authentication-credentials-file=<FILE>

The credentials file for JSON-RPC API authentication.

rpc-http-authentication-enabled

--rpc-http-authentication-enabled[=<true|false>]

Enables or disables authentication for the HTTP JSON-RPC service.

rpc-http-authentication-jwt-public-key-file

--rpc-http-authentication-jwt-public-key-file=<FILE>

The JWT provider's public key file used for JSON-RPC HTTP authentication with an external JWT.

rpc-http-cors-origins

--rpc-http-cors-origins=<url>[,<url>...]... or all or "*"

A list of domain URLs for CORS validation.

Listed domains can access the node using JSON-RPC. If your client interacts with Besu using a browser app (such as Remix or a block explorer), add the client domain to the list.

The default value is "none". If you do not list any domains, browser apps cannot interact with your Besu node.

note

To run a local Besu node with MetaMask, set --rpc-http-cors-origins to chrome-extension://nkbihfbeogaeaoehlefnkodbefgpgknn.

Remember to also include the dapp domain MetaMask interacts with, for example if your app is deployed on Remix and you're using MetaMask to interact with the contract, use --rpc-http-cors-origins=chrome-extension://nkbihfbeogaeaoehlefnkodbefgpgknn,http://remix.ethereum.org

tip

For testing and development purposes, use "all" or "*" to accept requests from any domain. We don't recommend accepting requests from any domain for production environments.

rpc-http-enabled

--rpc-http-enabled[=<true|false>]

Enables or disables the HTTP JSON-RPC service. The default is false.

rpc-http-host

--rpc-http-host=<HOST>

The host on which HTTP JSON-RPC listens. The default is 127.0.0.1.

To allow remote connections, set to 0.0.0.0.

caution

Setting the host to 0.0.0.0 exposes the RPC connection on your node to any remote connection. In a production environment, ensure you are using a firewall to avoid exposing your node to the internet.

rpc-http-max-active-connections

--rpc-http-max-active-connections=<INTEGER>

The maximum number of allowed HTTP JSON-RPC connections. Once this limit is reached, incoming connections are rejected. The default is 80.

rpc-http-max-request-content-length

--rpc-http-max-request-content-length=<LONG>

The maximum request content length. Besu only accepts JSON-RPC API requests with a body size less than or equal to this value. The default is 5242880 (5 MB).

rpc-http-max-batch-size

--rpc-http-max-batch-size=<INTEGER>

The maximum number of allowed requests in a RPC batch request. The default limit is 1024, and -1 specifies no limit.

rpc-http-port

--rpc-http-port=<PORT>

The port (TCP) on which HTTP JSON-RPC listens. The default is 8545. You must expose ports appropriately.

rpc-http-tls-ca-clients-enabled

--rpc-http-tls-ca-clients-enabled[=<true|false>]

Enables or disables clients with trusted CA certificates to connect. The default is false.

note

You must enable client authentication using the --rpc-http-tls-client-auth-enabled option.

rpc-http-tls-client-auth-enabled

--rpc-http-tls-client-auth-enabled[=<true|false>]

Enables or disables TLS client authentication for the JSON-RPC HTTP service. The default is false.

rpc-http-tls-cipher-suite

--rpc-http-tls-cipher-suite=<cipherSuiteName>[, <cipherSuiteName>...]

A list of comma-separated TLS cipher suites to support.

tip

The singular --rpc-http-tls-cipher-suite and plural --rpc-http-tls-cipher-suites are available and are two names for the same option.

rpc-http-tls-enabled

--rpc-http-tls-enabled[=<true|false>]

Enables or disables TLS for the JSON-RPC HTTP service. The default is false.

note

--rpc-http-enabled must be enabled.

rpc-http-tls-keystore-file

--rpc-http-tls-keystore-file=<FILE>

The Keystore file (in PKCS #12 format) that contains private key and the certificate presented to the client during authentication.

rpc-http-tls-keystore-password-file

--rpc-http-tls-keystore-password-file=<FILE>

The path to the file containing the password to decrypt the keystore.

rpc-http-tls-known-clients-file

--rpc-http-tls-known-clients-file=<FILE>

The path to the file used to authenticate clients using self-signed certificates or non-public certificates.

Must contain the certificate's Common Name, and SHA-256 fingerprint in the format <CommonName> <hex-string>.

note

You must enable client authentication using the --rpc-http-tls-client-auth-enabled option.

rpc-http-tls-protocol

--rpc-http-tls-protocol=<protocolName>[, <protocolName>...]

A list of comma-separated TLS protocols to support. The default is DEFAULT_TLS_PROTOCOLS, a list which includes TLSv1.3 and TLSv1.2.

tip

The singular --rpc-http-tls-protocol and plural --rpc-http-tls-protocols are available and are two names for the same option.

rpc-max-logs-range

--rpc-max-logs-range=<INTEGER>

When using eth_getLogs, the maximum number of blocks to retrieve logs from. Set to 0 to specify no limit. The default is 5000.

caution

Using eth_getLogs to get logs from a large range of blocks, especially an entire chain from its genesis block, might cause Besu to hang for an indeterminable amount of time while generating the response.

We recommend setting a range limit or leaving this option at its default value.

rpc-tx-feecap

--rpc-tx-feecap=<MAX_FEE>

The maximum transaction fee (in Wei) accepted for transactions submitted through the eth_sendRawTransaction RPC. The default is 1000000000000000000 (1 ether).

If set to 0, then this option is ignored and no cap is applied.

rpc-ws-api

--rpc-ws-api=<api name>[,<api name>...]...

A comma-separated list of APIs to enable on the WebSockets channel. When you use this option you must also specify the --rpc-ws-enabled option. The available API options are: ADMIN, CLIQUE, DEBUG, EEA, ETH, IBFT, MINER, NET, PERM, PLUGINS, PRIV, QBFT, TRACE, TXPOOL, and WEB3. The default is: ETH, NET, WEB3.

tip

The singular --rpc-ws-api and plural --rpc-ws-apis options are available and are two names for the same option.

rpc-ws-authentication-credentials-file

--rpc-ws-authentication-credentials-file=<FILE>

The path to the credentials file for JSON-RPC API authentication.

rpc-ws-authentication-enabled

--rpc-ws-authentication-enabled[=<true|false>]

Enables or disables authentication for the WebSocket JSON-RPC service.

note

wscat doesn't support headers. Authentication requires you to pass an authentication token in the request header. To use authentication with WebSockets, you need an app that supports headers.

rpc-ws-authentication-jwt-public-key-file

--rpc-ws-authentication-jwt-public-key-file=<FILE>

The JWT provider's public key file used for JSON-RPC WebSocket authentication with an external JWT.

rpc-ws-enabled

--rpc-ws-enabled[=<true|false>]

Enables or disables the WebSocket JSON-RPC service. The default is false.

rpc-ws-host

--rpc-ws-host=<HOST>

The host on which WebSocket JSON-RPC listens. The default is 127.0.0.1.

To allow remote connections, set to 0.0.0.0

rpc-ws-max-active-connections

--rpc-ws-max-active-connections=<INTEGER>

The maximum number of WebSocket connections allowed for JSON-RPC. Once this limit is reached, incoming connections are rejected. The default is 80.

rpc-ws-max-frame-size

--rpc-ws-max-frame-size=<INTEGER>

The maximum size in bytes for JSON-RPC WebSocket frames. If this limit is exceeded, the WebSocket disconnects. The default is 1048576 (or 1 MB).

rpc-ws-port

--rpc-ws-port=<PORT>

The port (TCP) on which WebSocket JSON-RPC listens. The default is 8546. You must expose ports appropriately.

security-module

--security-module=<NAME>

Name of the security module plugin to use. For example, a Hardware Security Module (HSM) or V3 filestore plugin.

The default is the node's local private key file specified using --node-private-key-file.

static-nodes-file

--static-nodes-file=<FILE>

Static nodes JSON file containing the static nodes for this node to connect to. The default is datapath/static-nodes.json.

strict-tx-replay-protection-enabled

--strict-tx-replay-protection-enabled[=<true|false>]

Enables or disables replay protection, in accordance with EIP-155, on transactions submitted using JSON-RPC. The default is false.

sync-mode

--sync-mode=<MODE>

The synchronization mode. Use X_SNAP for snap sync, X_CHECKPOINT for checkpoint sync, FAST for fast sync, and FULL for full sync.

  • The default is FULL when connecting to a private network by not using the --network option and specifying the --genesis-file option.
  • The default is FAST when using the --network option with named networks, except for the dev development network. FAST is also the default if running Besu on the default network (Ethereum Mainnet) by specifying neither network nor genesis file.
tip
  • We recommend using snap sync over fast sync because snap sync can be faster by several days.
  • Checkpoint sync is an early access feature.
  • It might become impossible to sync Ethereum Mainnet using fast sync in the future. Update Besu to a version that supports newer sync methods.
  • When synchronizing in a mode other than FULL, most historical world state data is unavailable. Any methods attempting to access unavailable world state data return null.

target-gas-limit

--target-gas-limit=<INTEGER>

The gas limit toward which Besu will gradually move on an existing network, if enough miners are in agreement. To change the block gas limit set in the genesis file without creating a new network, use target-gas-limit. The gas limit between blocks can change only 1/1024th, so the target tells the block creator how to set the gas limit in its block. If the values are the same or within 1/1024th, Besu sets the limit to the specified value. Otherwise, the limit moves as far as it can within that constraint.

If a value for target-gas-limit is not specified, the block gas limit remains at the value specified in the genesis file.

Use the miner_changeTargetGasLimit API to update the target-gas-limit while Besu is running. Alternatively restart Besu with an updated target-gas-limit value.

tx-pool

--tx-pool=<TYPE>

Type of transaction pool to use. Set to layered to use the layered transaction pool implementation. Set to legacy to opt out of the layered transaction pool. The default is layered.

caution

The legacy transaction pool implementation will be deprecated soon, so we recommend using the default layered transaction pool.

tx-pool-enable-save-restore

--tx-pool-enable-save-restore[=<true|false>]

Enables or disables saving the transaction pool contents to a file on shutdown and reloading it at startup. The default is false.

You can define a custom path to the transaction pool file using the --tx-pool-save-file option.

tx-pool-layer-max-capacity

--tx-pool-layer-max-capacity=<INTEGER>

Maximum amount of memory (in bytes) that any layer within the layered transaction pool can occupy. The default is 12500000, or 12.5 MB.

There are two memory-limited layers in the transaction pool, so the expected memory consumption is twice the value specified by this option, or 25 MB by default. Increase this value if you have spare RAM and the eviction rate is high for your network.

tx-pool-limit-by-account-percentage

--tx-pool-limit-by-account-percentage=<DOUBLE>

The maximum percentage of transactions from a single sender kept in the transaction pool. Accepted values are in the range (0–1]. The default is .001, or 0.1% of transactions from a single sender to be kept in the pool.

caution
  • With the layered transaction pool implementation, this option is not applicable. Replace this option with --tx-pool-max-future-by-sender to specify the maximum number of sequential transactions from a single sender kept in the pool.

  • The default value is often unsuitable for private networks. This feature mitigates future-nonce transactions from filling the pool without ever being executable by Besu. This is important for Mainnet, but may cause issues on private networks. Please update this value or set to 1 if you know the nodes gossiping transactions in your network.

tx-pool-max-future-by-sender

--tx-pool-max-future-by-sender=<INTEGER>

The maximum number of sequential transactions from a single sender kept in the layered transaction pool. The default is 200.

Increase this value to allow a single sender to fit more transactions in a single block. For private networks, you can set this in the hundreds or thousands if you want to ensure transactions with large nonce gaps remain in the transaction pool.

tx-pool-max-prioritized

--tx-pool-max-prioritized=<INTEGER>

The maximum number of transactions that are prioritized in the layered transaction pool. The default is 2000.

For private networks, we recommend setting this value to the maximum number of transactions that fit in a block in your network.

tx-pool-max-size

--tx-pool-max-size=<INTEGER>

The maximum number of transactions kept in the transaction pool. The default is 4096.

caution

With the layered transaction pool implementation, this option is not applicable because the layered pool is limited by memory size instead of the number of transactions. To configure the maximum memory capacity, use --tx-pool-layer-max-capacity.

tx-pool-no-local-priority

--tx-pool-no-local-priority[=<true|false>]

If this option is set to true, senders of transactions submitted via RPC are not prioritized over remote transactions in the transaction pool. The default is false.

tx-pool-price-bump

--tx-pool-price-bump=<INTEGER>

The price bump percentage to replace an existing transaction in the transaction pool. The default is 10, or 10%.

tx-pool-priority-senders

--tx-pool-priority-senders=<address>[,<address>,...]

A comma-separated list of sender addresses to prioritize in the transaction pool. Transactions sent from these addresses, from any source, are prioritized and only evicted after all others. If not specified, only senders submitting transactions via RPC have priority (unless --tx-pool-no-local-priority is set to true).

tx-pool-retention-hours

--tx-pool-retention-hours=<INTEGER>

The maximum period (in hours) to hold pending transactions in the transaction pool. The default is 13.

caution

With the layered transaction pool implementation, this option is not applicable because old transactions will expire when the memory cache is full.

tx-pool-save-file

--tx-pool-save-file=<FILE>

The path to the file that stores the transaction pool's content if the save and restore functionality is enabled using --tx-pool-enable-save-restore. The file is created on shutdown and reloaded during startup. The default file name is txpool.dump in the data directory.

Xhelp

-X, --Xhelp

Displays the early access options and their descriptions, and exit.

caution

The displayed options are unstable and may change between releases.

version

-V, --version

Prints version information and exit.