Updated 2019-12-05

Hyperledger Besu Command Line

This reference describes the syntax of the Hyperledger Besu Command Line Interface (CLI) options and subcommands.

Specifying Options

Besu options can be specified:

If an option is specified in multiple places, the order of priority is command line, environment variable, configuration file.

Besu Environment Variables

For each command line option, the equivalent environment variable is:

  • Upper-case
  • - is replaced by _
  • Has a BESU_ prefix

For example, set --miner-coinbase using the BESU_MINER_COINBASE environment variable.

Options

To start a Besu node run:

besu [OPTIONS] [COMMAND]

banned-node-ids

--banned-node-ids=<bannedNodeId>[,<bannedNodeId>...]...
--banned-nodeids=0xc35c3...d615f,0xf42c13...fc456
BESU_BANNED_NODEIDS=0xc35c3...d615f,0xf42c13...fc456
banned-nodeids=["0xc35c3...d615f","0xf42c13...fc456"]

List of node IDs with which this node will not peer. The node ID is the public key of the node. You can specify the banned node IDs with or without the 0x prefix.

Tip

The singular --banned-node-id and plural --banned-node-ids are available and are two names for the same option.

bootnodes

--bootnodes[=<enode://[email protected]:port>[,<enode://[email protected]:port>...]...]
--bootnodes=enode://[email protected]:30303,enode://[email protected]:30303
BESU_BOOTNODES=enode://[email protected]:30303,enode://[email protected]:30303
bootnodes=["enode://[email protected]:30303","enode://[email protected]:30303"]

List of comma-separated enode URLs for P2P discovery bootstrap.

When connecting to MainNet or public testnets, the default is a predefined list of enode URLs.

In private networks defined using --genesis-file or when using --network=dev, the default is an empty list of bootnodes.

config-file

--config-file=<FILE>
--config-file=/home/me/me_node/config.toml
BESU_CONFIG_FILE=/home/me/me_node/config.toml

The path to the TOML configuration file. The default is none.

data-path

--data-path=<PATH>
--data-path=/home/me/me_node
BESU_DATA_PATH=/home/me/me_node
data-path="/home/me/me_node"

The path to the Besu data directory. The default is the directory in which Besu is installed or /opt/besu/database if using the Besu Docker image.

discovery-enabled

--discovery-enabled=false
BESU_DISCOVERY_ENABLED=false
discovery-enabled=false

Enables or disables P2P peer discovery. The default is true.

fast-sync-min-peers

--fast-sync-min-peers=<INTEGER>
--fast-sync-min-peers=2
BESU_FAST_SYNC_MIN_PEERS=2
fast-sync-min-peers=2

Minimum number of peers required before starting fast sync. Default is 5.

Note

If synchronizing in FAST mode, most historical world state data is unavailable. Any methods attempting to access unavailable world state data return null.

genesis-file

Genesis file is used to create a custom network.

Tip

To use a public Ethereum network such as Rinkeby, use the --network option. The network option defines the genesis file for public networks.

--genesis-file=<FILE>
--genesis-file=/home/me/me_node/customGenesisFile.json
BESU_GENESIS_FILE=/home/me/me_node/customGenesisFile.json
genesis-file="/home/me/me_node/customGenesisFile.json"

The path to the genesis file.

Important

The --genesis-file and --network option can’t be used at the same time.

graphql-http-cors-origins

--graphql-http-cors-origins=<graphQLHttpCorsAllowedOrigins>
--graphql-http-cors-origins="http://medomain.com","https://meotherdomain.com"
BESU_GRAPHQL_HTTP_CORS_ORIGINS="http://medomain.com","https://meotherdomain.com"
graphql-http-cors-origins=["http://medomain.com","https://meotherdomain.com"]

Comma separated origin domain URLs for CORS validation. The default is none.

graphql-http-enabled

--graphql-http-enabled
BESU_GRAPHQL_HTTP_ENABLED=true
graphql-http-enabled=true

Set to true to enable the GraphQL HTTP service. The default is false.

The default GraphQL HTTP service endpoint is http://127.0.0.1:8547/graphql if set to true.

graphql-http-host

--graphql-http-host=<HOST>
# to listen on all interfaces
--graphql-http-host=0.0.0.0
# to listen on all interfaces
BESU_GRAPHQL_HTTP_HOST=0.0.0.0
graphql-http-host="0.0.0.0"

Host for GraphQL HTTP to listen on. The default is 127.0.0.1.

To allow remote connections, set to 0.0.0.0

graphql-http-port

--graphql-http-port=<PORT>
# to listen on port 6175
--graphql-http-port=6175
# to listen on port 6175
BESU_GRAPHQL_HTTP_PORT=6175
graphql-http-port="6175"

Specifies GraphQL HTTP listening port (TCP). The default is 8547. Ports must be exposed appropriately.

help

-h, --help

Show the help message and exit.

host-whitelist

--host-whitelist=<hostname>[,<hostname>...]... or "*"
--host-whitelist=medomain.com,meotherdomain.com
BESU_HOST_WHITELIST=medomain.com,meotherdomain.com
host-whitelist=["medomain.com", "meotherdomain.com"]

Comma-separated list of hostnames to allow access to the JSON-RPC API. By default, access from localhost and 127.0.0.1 is accepted.

Tip

To allow all hostnames, use "*". We don’t recommend allowing all hostnames for production code.

identity

--identity=<String>
--identity=MyNode
BESU_IDENTITY=MyNode
identity="MyNode"

Name for the node. If specified, it is the second section of the client ID provided by some Ethereum network explorers. For example, in the client ID besu/MyNode/v1.3.4/linux-x86_64/oracle_openjdk-java-11, the node name is MyNode.

If a name is not specified, the name section is not included in the client ID. For example, besu/v1.3.4/linux-x86_64/oracle_openjdk-java-11.

key-value-storage

--key-value-storage=<keyValueStorageName>
--key-value-storage=rocksdb
BESU_KEY_VALUE_STORAGE=rocksdb
key-value-storage="rocksdb"

Key-value storage to be used. Use this option only if using a storage system provided with a plugin. Default is rocksdb.

logging

-l, --logging=<LEVEL>
--logging=DEBUG
BESU_LOGGING=DEBUG
logging="DEBUG"

Sets the logging verbosity. Log levels are OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE, ALL. Default is INFO.

max-peers

--max-peers=<INTEGER>
--max-peers=42
BESU_MAX_PEERS=42
max-peers=42

Specifies the maximum P2P connections that can be established. The default is 25.

metrics-category

--metrics-category=<metrics-category>[,metrics-category...]...
--metrics-category=BLOCKCHAIN,PEERS,PROCESS
BESU_METRICS_CATEGORY=BLOCKCHAIN,PEERS,PROCESS
metrics-category=["BLOCKCHAIN","PEERS","PROCESS"]

Comma separated list of categories for which to track metrics. Defaults are BLOCKCHAIN, ETHEREUM, EXECUTORS, JVM, NETWORK, PEERS, PERMISSIONING, PROCESS, PRUNER, RPC, SYNCHRONIZER, and TRANSACTION_POOL.

Additional categories are KVSTORE_ROCKSDB, KVSTORE_PRIVATE_ROCKSDB, KVSTORE_ROCKSDB_STATS, and KVSTORE_PRIVATE_ROCKSDB_STATS.

Categories that contain PRIVATE track metrics when private transactions are enabled.

metrics-enabled

--metrics-enabled
BESU_METRICS_ENABLED=true
metrics-enabled=true

Set to true to enable the metrics exporter. The default is false.

--metrics-enabled cannot be specified with --metrics-push-enabled. That is, either Prometheus polling or Prometheus push gateway support can be enabled but not both at once.

metrics-host

--metrics-host=<HOST>
--metrics-host=127.0.0.1
BESU_METRICS_HOST=127.0.0.1
metrics-host="127.0.0.1"

Specifies the host on which Prometheus accesses Besu metrics. The metrics server respects the --host-whitelist option.

The default is 127.0.0.1.

metrics-port

--metrics-port=<PORT>
--metrics-port=6174
BESU_METRICS_PORT=6174
metrics-port="6174"

Specifies the port (TCP) on which Prometheus accesses Besu metrics. The default is 9545. Ports must be exposed appropriately.

metrics-push-enabled

--metrics-push-enabled[=<true|false>]
--metrics-push-enabled
BESU_METRICS_PUSH_ENABLED=true
metrics-push-enabled="true"

Set to true to start the push gateway integration.

--metrics-push-enabled cannot be specified with --metrics-enabled. That is, either Prometheus polling or Prometheus push gateway support can be enabled but not both at once.

metrics-push-host

--metrics-push-host=<HOST>
--metrics-push-host=127.0.0.1
BESU_METRICS_PUSH_HOST=127.0.0.1
metrics-push-host="127.0.0.1"

Host of the Prometheus Push Gateway. The default is 127.0.0.1. The metrics server respects the --host-whitelist option.

Note

When pushing metrics, ensure --metrics-push-host is set to the machine on which the push gateway is. Generally, this will be a different machine to the machine on which Besu is running.

metrics-push-interval

--metrics-push-interval=<INTEGER>
--metrics-push-interval=30
BESU_METRICS_PUSH_INTERVAL=30
metrics-push-interval=30

Interval in seconds to push metrics when in push mode. The default is 15.

metrics-push-port

--metrics-push-port=<PORT>
--metrics-push-port=6174
BESU_METRICS_PUSH_PORT=6174
metrics-push-port="6174"

Port (TCP) of the Prometheus Push Gateway. The default is 9001. Ports must be exposed appropriately.

metrics-push-prometheus-job

--metrics-prometheus-job=<metricsPrometheusJob>
--metrics-prometheus-job="my-custom-job"
BESU_METRICS_PROMETHEUS_JOB="my-custom-job"
metrics-prometheus-job="my-custom-job"

Job name when in push mode. The default is besu-client.

miner-coinbase

--miner-coinbase=<Ethereum account address>
--miner-coinbase=fe3b557e8fb62b89f4916b721be55ceb828dbd73
BESU_MINER_COINBASE=fe3b557e8fb62b89f4916b721be55ceb828dbd73
--miner-coinbase="0xfe3b557e8fb62b89f4916b721be55ceb828dbd73"

Account to which mining rewards are paid. You must specify a valid coinbase when you enable mining using the --miner-enabled option or the miner_start JSON RPC-API method.

Note

This option is ignored in networks using Clique and IBFT 2.0 consensus protocols.

miner-enabled

--miner-enabled
BESU_MINER_ENABLED=true
miner-enabled=true

Enables mining when the node is started. Default is false.

miner-extra-data

--miner-extra-data=<Extra data>
--miner-extra-data=0x444F4E27542050414E4943202120484F444C2C20484F444C2C20484F444C2021
BESU_MINER_EXTRA_DATA=0x444F4E27542050414E4943202120484F444C2C20484F444C2C20484F444C2021
miner-extra-data="0x444F4E27542050414E4943202120484F444C2C20484F444C2C20484F444C2021"

A hex string representing the 32 bytes to be included in the extra data field of a mined block. The default is 0x.

miner-stratum-enabled

--miner-stratum-enabled
BESU_MINER_STRATUM_ENABLED=true
miner-stratum-enabled=true

Enables a node to perform stratum mining. Default is false.

miner-stratum-host

--miner-stratum-host=<HOST>
--miner-stratum-host=192.168.1.132
BESU_MINER_STRATUM_HOST=192.168.1.132
miner-stratum-host="192.168.1.132"

Host of the stratum mining service. Default is 0.0.0.0.

miner-stratum-port

--miner-stratum-port=<PORT>
--miner-stratum-port=8010
BESU_MINER_STRATUM_PORT=8010
miner-stratum-port="8010"

Port of the stratum mining service. Default is 8008. Ports must be exposed appropriately.

min-gas-price

--min-gas-price=<minTransactionGasPrice>
--min-gas-price=1337
BESU_MIN_GAS_PRICE=1337
min-gas-price=1337

The minimum price that a transaction offers for it to be included in a mined block. To retrieve the minimum price in a running node, use eth_gasPrice. Default is 1000.

nat-method

--nat-method=UPNP
nat-method="UPNP"

Specify the method for handling NAT environments. Options are: UPNP and NONE. The default is NONE, which disables NAT functionality.

Tip

UPnP support is often disabled by default in networking firmware. If disabled by default, explicitly enable UPnP support.

Notes

  • Option UPNP might introduce delays during node startup, especially on networks where no UPnP gateway device can be found.
  • --nat-method cannot be used with the Besu Docker image.

network

--network=<NETWORK>
--network=rinkeby
BESU_NETWORK=rinkeby
network="rinkeby"

Predefined network configuration. The default is mainnet.

Possible values are:

Network Chain Type Description
mainnet ETH Production Main network
ropsten ETH Test PoW network similar to current main Ethereum network
rinkeby ETH Test PoA network using Clique
goerli ETH Test PoA network using Clique
dev ETH Development PoW network with a very low difficulty to enable local CPU mining
classic ETC Production Main network
mordor ETC Test PoW network
kotti ETC Test PoA network using Clique

Tip

Values are case insensitive, so either mainnet or MAINNET works.

Important

The --network and --genesis-file options cannot be used at the same time.

network-id

--network-id=<INTEGER>
--network-id=8675309
BESU_NETWORK_ID=8675309
network-id="8675309"

P2P network identifier.

This option can be used to override the default network ID. The default value is the network chain ID defined in the genesis file.

node-private-key-file

--node-private-key-file=<FILE>
--node-private-key-file=/home/me/me_node/myPrivateKey
BESU_NODE_PRIVATE_KEY_FILE=/home/me/me_node/myPrivateKey
node-private-key-file="/home/me/me_node/myPrivateKey"

<FILE> is the path of the private key file of the node. The default is the key file in the data directory. If no key file exists, a key file containing the generated private key is created; otherwise, the existing key file specifies the node private key.

Attention

The private key is not encrypted.

p2p-enabled

--p2p-enabled=<true|false>
--p2p-enabled=false
BESU_P2P_ENABLED=false
p2p-enabled=false

Enables or disables all p2p communication. The default is true.

p2p-host

--p2p-host=<HOST>
# to listen on all interfaces
--p2p-host=0.0.0.0
# to listen on all interfaces
BESU_P2P_HOST=0.0.0.0
p2p-host="0.0.0.0"

Specifies the host on which P2P listens. The default is 127.0.0.1.

p2p-interface

--p2p-interface=<HOST>
--p2p-interface=192.168.1.132
BESU_P2P_INTERFACE=192.168.1.132
p2p-interface="192.168.1.132"

Specifies the network interface on which the node listens for P2P communication. Use the option to specify the required network interface when the device that Besu is running on has multiple network interfaces. The default is 0.0.0.0 (all interfaces).

p2p-port

--p2p-port=<PORT>
# to listen on port 1789
--p2p-port=1789
# to listen on port 1789
BESU_P2P_PORT=1789
p2p-port="1789"

Specifies the P2P listening ports (UDP and TCP). The default is 30303. Ports must be exposed appropriately.

permissions-accounts-config-file

--permissions-accounts-config-file=<FILE>
--permissions-accounts-config-file=/home/me/me_configFiles/myPermissionsFile
BESU_PERMISSIONS_ACCOUNTS_CONFIG_FILE=/home/me/me_configFiles/myPermissionsFile
permissions-accounts-config-file="/home/me/me_configFiles/myPermissionsFile"

Path to the accounts permissions configuration file. Default is the permissions_config.toml file in the data directory.

Tip

--permissions-accounts-config-file and --permissions-nodes-config-file can use the same file.

permissions-accounts-config-file-enabled

--permissions-accounts-config-file-enabled[=<true|false>]
--permissions-accounts-config-file-enabled
BESU_PERMISSIONS_ACCOUNTS_CONFIG_FILE_ENABLED=true
permissions-accounts-config-file-enabled=true

Set to enable file-based account level permissions. Default is false.

permissions-accounts-contract-address

--permissions-accounts-contract-address=<ContractAddress>
--permissions-accounts-contract-address=xyz
BESU_PERMISSIONS_ACCOUNTS_CONTRACT_ADDRESS=xyz
permissions-accounts-contract-address=xyz

Specifies the contract address for onchain account permissioning.

permissions-accounts-contract-enabled

--permissions-accounts-contract-enabled[=<true|false>]
--permissions-accounts-contract-enabled
BESU_PERMISSIONS_ACCOUNTS_CONTRACT_ENABLED=true
permissions-accounts-contract-enabled=true

Enables contract-based onchain account permissioning. Default is false.

permissions-nodes-config-file

--permissions-nodes-config-file=<FILE>
--permissions-nodes-config-file=/home/me/me_configFiles/myPermissionsFile
BESU_PERMISSIONS_NODES_CONFIG_FILE=/home/me/me_configFiles/myPermissionsFile
permissions-nodes-config-file="/home/me/me_configFiles/myPermissionsFile"

Path to the nodes permissions configuration file. Default is the permissions_config.toml file in the data directory.

Tip

--permissions-nodes-config-file and --permissions-accounts-config-file can use the same file.

permissions-nodes-config-file-enabled

--permissions-nodes-config-file-enabled[=<true|false>]
--permissions-nodes-config-file-enabled
BESU_PERMISSIONS_NODES_CONFIG_FILE_ENABLED=true
permissions-nodes-config-file-enabled=true

Set to enable file-based node level permissions. Default is false.

permissions-nodes-contract-address

--permissions-nodes-contract-address=<ContractAddress>
--permissions-nodes-contract-address=xyz
BESU_PERMISSIONS_NODES_CONTRACT_ADDRESS=xyz
permissions-nodes-contract-address=xyz

Specifies the contract address for onchain node permissioning.

permissions-nodes-contract-enabled

--permissions-nodes-contract-enabled[=<true|false>]
--permissions-nodes-contract-enabled
BESU_PERMISSIONS_NODES_CONTRACT_ENABLED=true
permissions-nodes-contract-enabled=true

Enables contract-based onchain node permissioning. Default is false.

privacy-enabled

--privacy-enabled[=<true|false>]
--privacy-enabled=false
BESU_PRIVACY_ENABLED=false
privacy-enabled=false

Set to enable private transactions. The default is false.

Important

Using private transactions with pruning is not supported.

privacy-marker-transaction-signing-key-file

--privacy-marker-transaction-signing-key-file=<FILE>
--privacy-marker-transaction-signing-key-file=/home/me/me_node/myPrivateKey
PANTHEON_PRIVACY_MARKER_TRANSACTION_SIGNING_KEY_FILE=/home/me/me_node/myPrivateKey
privacy-marker-transaction-signing-key-file="/home/me/me_node/myPrivateKey"

<FILE> is the name of the private key file used to sign Privacy Marker Transactions. If this option isn’t specified, each transaction is signed with a different randomly generated key.

If using account permissioning and privacy, a private key file must be specified and the signing key included in the accounts whitelist.

privacy-precompiled-address

--privacy-precompiled-address=<privacyPrecompiledAddress>

Address to which the privacy pre-compiled contract is mapped. The default is 126.

privacy-public-key-file

--privacy-public-key-file=<privacyPublicKeyFile>
--privacy-public-key-file=Orion/nodeKey.pub
BESU_PRIVACY_PUBLIC_KEY_FILE=Orion/nodeKey.pub
privacy-public-key-file="Orion/nodeKey.pub"

Path to the public key of the Orion node.

privacy-url

--privacy-url=<privacyUrl>
--privacy-url=http://127.0.0.1:8888
BESU_PRIVACY_URL=http://127.0.0.1:8888
privacy-url="http://127.0.0.1:8888"

URL on which the Orion node is running.

pruning-enabled

--pruning-enabled
--pruning-enabled=true
BESU_PRUNING_ENABLED=true
pruning-enabled=true

Enables pruning to reduce storage required for the world state.

Important

Using pruning with private transactions is not supported.

remote-connections-limit-enabled

--remote-connections-limit-enabled[=<true|false>]
--remote-connections-limit-enabled=false
BESU_REMOTE_CONNECTIONS_LIMIT_ENABLED=false
remote-connections-limit-enabled=false

Specify to limit the percentage of remote P2P connections initiated by peers. Default is true.

Tip

In private networks with a level of trust between peers, disabling the remote connection limits may increase the speed at which nodes can join the network.

Important

To prevent eclipse attacks, ensure the remote connections limit is enabled when connecting to any public network and especially when using --sync-mode and --fast-sync-min-peers.

remote-connections-max-percentage

--remote-connections-max-percentage=<DOUBLE>
--remote-connections-max-percentage=25
BESU_REMOTE_CONNECTIONS_MAX_PERCENTAGE=25
remote-connections-max-percentage=25

Percentage of remote P2P connections that can be established with the node. Must be between 0 and 100 inclusive. Default is 60.

required-block

--required-block, --required-blocks[=BLOCK=HASH[,BLOCK=HASH...]...]
--required-block=6485846=0x43f0cd1e5b1f9c4d5cda26c240b59ee4f1b510d0a185aa8fd476d091b0097a80
BESU_REQUIRED_BLOCK=6485846=0x43f0cd1e5b1f9c4d5cda26c240b59ee4f1b510d0a185aa8fd476d091b0097a80
required-block="6485846=0x43f0cd1e5b1f9c4d5cda26c240b59ee4f1b510d0a185aa8fd476d091b0097a80"

Requires a peer with the specified block number to have the specified hash when connecting, or that peer is rejected.

revert-reason-enabled

--revert-reason-enabled[=<true|false>]
--revert-reason-enabled=true
REVERT_REASON_ENABLED=true
revert-reason-enabled=true

Enables including the revert reason in the transaction receipt. Default is false.

Caution

Enabling revert reason may use a significant amount of memory. We do not recommend enabling revert reason when connected to public Ethereum networks.

rpc-http-api

--rpc-http-api=<api name>[,<api name>...]...
--rpc-http-api=ETH,NET,WEB3
BESU_RPC_HTTP_API=ETH,NET,WEB3
rpc-http-api=["ETH","NET","WEB3"]

Comma-separated APIs to enable on the HTTP JSON-RPC channel. When you use this option, the --rpc-http-enabled option must also be specified. The available API options are: ADMIN, ETH, NET, WEB3, CLIQUE, IBFT, PERM, DEBUG, MINER, EEA, PRIV, and TXPOOL. The default is: ETH, NET, WEB3.

Tip

The singular --rpc-http-api and plural --rpc-http-apis are available and are two names for the same option.

rpc-http-authentication-credentials-file

--rpc-http-authentication-credentials-file=<FILE>
--rpc-http-authentication-credentials-file=/home/me/me_node/auth.toml
BESU_RPC_HTTP_AUTHENTICATION_CREDENTIALS_FILE=/home/me/me_node/auth.toml
rpc-http-authentication-credentials-file="/home/me/me_node/auth.toml"

Credentials file for JSON-RPC API authentication.

rpc-http-authentication-enabled

--rpc-http-authentication-enabled
--rpc-http-authentication-enabled
BESU_RPC_HTTP_AUTHENTICATION_ENABLED=true
rpc-http-authentication-enabled=true

Set to true to require authentication for the HTTP JSON-RPC service.

rpc-http-authentication-jwt-public-key-file

--rpc-http-authentication-jwt-public-key-file=<FILE>
--rpc-http-authentication-jwt-public-key-file=publicKey.pem
BESU_RPC_HTTP_AUTHENTICATION-JWT-PUBLIC-KEY-FILE="publicKey.pem"
rpc-http-authentication-jwt-public-key-file="publicKey.pem"

JWT public key file for JSON-RPC HTTP authentication when authenticating with an external JWT token.

rpc-http-cors-origins

--rpc-http-cors-origins=<url>[,<url>...]... or all or "*"
# You can whitelist one or more domains with a comma-separated list.

--rpc-http-cors-origins="http://medomain.com","https://meotherdomain.com"
BESU_RPC_HTTP_CORS_ORIGINS="http://medomain.com","https://meotherdomain.com"
rpc-http-cors-origins=["http://medomain.com","https://meotherdomain.com"]
# The following allows Remix to interact with your Besu node.

--rpc-http-cors-origins="http://remix.ethereum.org"

Specifies domain URLs for CORS validation. Domain URLs must be enclosed in double quotes and comma-separated.

Listed domains can access the node using JSON-RPC. If your client interacts with Besu using a browser app (such as Remix or a block explorer), you must whitelist the client domains.

The default value is "none". If you don’t whitelist any domains, browser apps cannot interact with your Besu node.

Note

To run a local Besu node as a backend for MetaMask and use MetaMask anywhere, set --rpc-http-cors-origins to "all" or "*". To allow a specific domain to use MetaMask with the Besu node, set --rpc-http-cors-origins to the client domain.

Tip

For development purposes, you can use "all" or "*" to accept requests from any domain, but we don’t recommend this for production code.

rpc-http-enabled

--rpc-http-enabled
BESU_RPC_HTTP_ENABLED=true
rpc-http-enabled=true

Set to true to enable the HTTP JSON-RPC service. The default is false.

rpc-http-host

--rpc-http-host=<HOST>
# to listen on all interfaces
--rpc-http-host=0.0.0.0
BESU_RPC_HTTP_HOST=0.0.0.0
rpc-http-host="0.0.0.0"

Specifies the host on which HTTP JSON-RPC listens. The default is 127.0.0.1.

To allow remote connections, set to 0.0.0.0

Caution

Setting the host to 0.0.0.0 exposes the RPC connection on your node to any remote connection. In a production environment, ensure you are using a firewall to avoid exposing your node to the internet.

rpc-http-port

--rpc-http-port=<PORT>
# to listen on port 3435
--rpc-http-port=3435
BESU_RPC_HTTP_PORT=3435
rpc-http-port="3435"

Specifies HTTP JSON-RPC listening port (TCP). The default is 8545. Ports must be exposed appropriately.

rpc-ws-api

--rpc-ws-api=<api name>[,<api name>...]...
--rpc-ws-api=ETH,NET,WEB3
BESU_RPC_WS_API=ETH,NET,WEB3
rpc-ws-api=["ETH","NET","WEB3"]

Comma-separated APIs to enable on WebSockets channel. When you use this option, the --rpc-ws-enabled option must also be specified. The available API options are: ADMIN,ETH, NET, WEB3, CLIQUE, IBFT, PERM, DEBUG, MINER, EEA, PRIV, and TXPOOL. The default is: ETH, NET, WEB3.

Tip

The singular --rpc-ws-api and plural --rpc-ws-apis are available and are just two names for the same option.

rpc-ws-authentication-credentials-file

--rpc-ws-authentication-credentials-file=<FILE>
--rpc-ws-authentication-credentials-file=/home/me/me_node/auth.toml
BESU_RPC_WS_AUTHENTICATION_CREDENTIALS_FILE=/home/me/me_node/auth.toml
rpc-ws-authentication-credentials-file="/home/me/me_node/auth.toml"

Credentials file for JSON-RPC API authentication.

rpc-ws-authentication-enabled

--rpc-ws-authentication-enabled
--rpc-ws-authentication-enabled
BESU_RPC_WS_AUTHENTICATION_ENABLED=true
rpc-ws-authentication-enabled=true

Set to true to require authentication for the WebSockets JSON-RPC service.

Note

wscat does not support headers. Authentication requires an authentication token to be passed in the request header. To use authentication with WebSockets, an app that supports headers is required.

rpc-ws-authentication-jwt-public-key-file

--rpc-http-authentication-jwt-public-key-file=<FILE>
--rpc-http-authentication-jwt-public-key-file=publicKey.pem
BESU_RPC_HTTP_AUTHENTICATION-JWT-PUBLIC-KEY-FILE="publicKey.pem"
rpc-http-authentication-jwt-public-key-file="publicKey.pem"

JWT public key file for JSON-RPC websocket authentication when authenticating with an external JWT token.

rpc-ws-enabled

--rpc-ws-enabled
BESU_RPC_WS_ENABLED=true
rpc-ws-enabled=true

Set to true to enable the WebSockets JSON-RPC service. The default is false.

rpc-ws-host

--rpc-ws-host=<HOST>
# to listen on all interfaces
--rpc-ws-host=0.0.0.0
BESU_RPC_WS_HOST=0.0.0.0
rpc-ws-host="0.0.0.0"

Host for Websocket WS-RPC to listen on. The default is 127.0.0.1.

To allow remote connections, set to 0.0.0.0

rpc-ws-port

--rpc-ws-port=<PORT>
# to listen on port 6174
--rpc-ws-port=6174
BESU_RPC_WS_PORT=6174
rpc-ws-port="6174"

Specifies Websockets JSON-RPC listening port (TCP). The default is 8546. Ports must be exposed appropriately.

sync-mode

--sync-mode=FAST
--sync-mode=FAST
BESU_SYNC_MODE=FAST
sync-mode="FAST"

Specifies the synchronization mode. Default is FULL.

target-gas-limit

--target-gas-limit=<INTEGER>
--target-gas-limit=8000000
BESU_TARGET_GAS_LIMIT=8000000
target-gas-limit="8000000"

Specifies the gas limit toward which Besu will gradually move on an existing network, if enough miners are in agreement. Use target-gas-limit to change the block gas limit set in the genesis file without creating a new network. The gas limit between blocks can change only 1/1024th, so the target tells the block creator how to set the gas limit in its block. If the values are the same or within 1/1024th, the limit is set to the specified value. Otherwise, the limit moves as far as it can within that constraint.

If a value for target-gas-limit is not specified, the block gas limit remains at the value specified in the genesis file.

tx-pool-max-size

--tx-pool-max-size=<INTEGER>
--tx-pool-max-size=2000
BESU_TX_POOL_MAX_SIZE=2000
tx-pool-max-size="2000"

Maximum number of transactions kept in the transaction pool. Default is 4096.

tx-pool-retention-hours

--tx-pool-retention-hours=<INTEGER>
--tx-pool-retention-hours=5
BESU_TX_POOL_RETENTION_HOURS=5
tx-pool-retention-hours="5"

Maximum period in hours to retain pending transactions in the transaction pool. Default is 13.

version

  -V, --version

Print version information and exit.