Updated 2020-02-20

Configuring Ports

Ports must be exposed appropriately to enable communication. An example port configuration for a Hyperledger Besu node on AWS is:

Port Configuration

When running Besu from the Docker image, expose ports.


Besu supports UPnP for home or small office environments where a wireless router or modem provides NAT isolation.

P2P Networking

To enable peer discovery, the P2P UDP port must be open for inbound connections. The P2P port is specified by the --p2p-port option. The default is 30303.

We also recommended opening the P2P TCP port for inbound connections. This is not strictly required because Besu attempts to initiate outbound TCP connections. However, if no nodes on the network are accepting inbound TCP connections, nodes cannot communicate.

The P2P port is combined with --p2p-host and --p2p-interface when specifying the P2P host and P2P network interface.


By default, peer discovery listens on (all interfaces). If the device that Besu runs on must bind to a specific interface, use the --p2p-interface option to specify the network interface to use.


To enable access to the JSON-RPC API, open the HTTP JSON-RPC and WebSockets JSON-RPC ports to the intended users of the JSON-RPC API on TCP.

The --rpc-http-port and --rpc-ws-port options specify the HTTP and WebSockets JSON-RPC ports. The defaults are 8545 and 8546.


To enable Prometheus to access Besu, open the metrics port or metrics push port to Prometheus or the Prometheus push gateway on TCP.

The --metrics-port and --metrics-push-port options specify the ports for Prometheus and Prometheus push gateway. The defaults are 9545 and 9001.