🐋Op-Reth

Authors: [man4ela | catapulta.eth]

System Requirements

CPU
OS
RAM
DISK

8-Core CPU

Debian 12/Ubuntu 22.04

=> 16 GB RAM

1 TB+

(NVMe)

Op-Reth Base Sepolia archive node has a size of 637GB on March 10th, 2025

Before you start, make sure that you have your own synced Ethereum Sepolia L1 RPC URL and L1 Consensus Layer Beacon endpoint (e.g. Lighthouse Sepolia) ready

Pre-Requisites

sudo apt update -y && sudo apt upgrade -y && sudo apt autoremove -y
sudo apt install -y wget curl screen git ufw

Setting up Firewall

sudo ufw default deny incoming
sudo ufw default allow outgoing

sudo ufw allow 22/tcp
sudo ufw allow 80
sudo ufw allow 443

Enable Firewall

sudo ufw enable

Install Docker

Run this command to remove any conflicting docker

for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done

Add Docker's official GPG key:

sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

Add the repository to ppt sources:

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  
sudo apt-get update

Install docker

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

# Test docker is working
sudo docker run hello-world

#Install docker compose

sudo apt-get update
sudo apt-get install docker-compose-plugin

# Test the docker version
docker compose version

Setting up a domain name to access RPC

Get the IP address of the host machine, you can use the following command in a terminal or command prompt

curl ifconfig.me

Set an A record for a domain, you need to access the domain's DNS settings and create an A record that points to the IP address of the host machine. This configuration allows users to reach your domain by resolving the domain name to the specific IP address associated with your host machine.

Create Base Sepolia directory

mkdir base-sepolia && cd base-sepolia

Create .env file

sudo nano .env

Paste the following into the file.

EMAIL={YOUR_EMAIL} #Your email to receive SSL renewal emails
DOMAIN={YOUR_DOMAIN} #Domain should be something like rpc.mywebsite.com, e.g. base-sepolia.infradao.org
WHITELIST={YOUR_REMOTE_MACHINE_IP} #the server's own IP and comma separated list of IP's allowed to connect to RPC (e.g. Indexer)
LAYER_1_RPC={YOUR_L1_RPC} #Your ready synced L1 Ethereum Sepolia node RPC endpoint
L1_BEACON={YOUR_L1_BEACON} #Your synced L1 CL (Consensus Layer) Beacon endpoint, e.g. Lighthouse (Prysm, Lodestar) Sepolia

Ctrl + x and y to save file

Create JWT secret file

mkdir -p /root/data/base-sepolia/op-reth/ && cd /root/data/base-sepolia/op-reth/

openssl rand -hex 32 | tr -d "\n" > "./jwt.hex"

To sync from a snapshot, visit the Base Docs to validate the recommended approach for restoring from snapshot: https://docs.base.org/chain/run-a-base-node.

As downloading a snapshot takes some time it is good idea to run it in a screen session

screen -S reth

Use aria2c to download the most recent Base Sepolia Reth Archive Snapshot

cd /root/base-sepolia

aria2c --file-allocation=none -c -x 15 -s 15 https://sepolia-reth-archive-snapshots.base.org/$(curl https://sepolia-reth-archive-snapshots.base.org/latest)

press ctrl+A and D to return to previous screen and continue installation

screen -r reth #will bring you back to monitor downloading progress

You'll need to extract the downloaded snapshot and move its contents to the op-reth-data directory, where Docker stores persistent data.

zstd -d base-sepolia-reth-1741404553.tar.zst -c | tar xvf -
# replace the archive with an actual name
cd /var/lib/docker/volumes/reth_op-reth_data/_data 

ls 

#if directory isn't empty remove all contents

rm -rf blobstore  db  discovery-secret  invalid_block_hooks  known-peers.json  reth.toml  static_files

mv /root/base-sepolia/snapshots/sepolia/download/* /var/lib/docker/volumes/reth_op-reth_data/_data/

cd /var/lib/docker/volumes/reth_op-reth_data/_data/

ls

Launch Base Sepolia

cd /root/base-sepolia

sudo nano docker-compose.yml

Paste the following into the docker-compose.yml:

networks:
  monitor-net:
    driver: bridge

volumes:
  op-reth_data: {}
  traefik_letsencrypt: {}

services:

  ######################################################################################
  #####################         TRAEFIK PROXY CONTAINER          #######################
  ######################################################################################

  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    ports:
      - "443:443"
    networks:
      - monitor-net
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--api.dashboard=true"
      - "--log.level=DEBUG"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    volumes:
      - "traefik_letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=${WHITELIST}"

  ######################################################################################
  #####################            OP-NODE CONTAINER             #######################
  ######################################################################################

  opnode:
    image: us-docker.pkg.dev/oplabs-tools-artifacts/images/op-node:v1.11.1
    container_name: opnode
    user: root  # Run as root
    networks:
      - monitor-net
    restart: unless-stopped
    expose:
      - "7545"  # RPC
      - "7373"  # METRICS
    ports:
      - "9222:9222"      # P2P TCP
      - "9222:9222/udp"  # P2P UDP
    volumes:
      - /root/data/base-sepolia/op-reth/jwt.hex:/root/data/base-sepolia/op-reth/jwt.hex:ro
    environment:
      - OP_GETH_SEQUENCER_HTTP=https://sepolia-sequencer.base.org
      - OP_SEQUENCER_HTTP=https://sepolia-sequencer.base.org
      - OP_NODE_NETWORK=base-sepolia
      - OP_NODE_L1_ETH_RPC=${LAYER_1_RPC}
      - OP_NODE_L1_BEACON=${L1_BEACON}
      - OP_NODE_L2_ENGINE_AUTH=/root/data/base-sepolia/op-reth/jwt.hex
      - OP_NODE_L2_ENGINE_RPC=http://op-reth:8551
      - OP_NODE_LOG_LEVEL=info
      - OP_NODE_METRICS_ADDR=0.0.0.0
      - OP_NODE_METRICS_ENABLED=true
      - OP_NODE_METRICS_PORT=7373
      - OP_NODE_P2P_AGENT=base
      - OP_NODE_P2P_LISTEN_IP=0.0.0.0
      - OP_NODE_P2P_LISTEN_TCP_PORT=9222
      - OP_NODE_P2P_LISTEN_UDP_PORT=9222
      - OP_NODE_ROLLUP_LOAD_PROTOCOL_VERSIONS=true
      - OP_NODE_RPC_ADDR=0.0.0.0
      - OP_NODE_RPC_PORT=7545
      - OP_NODE_SNAPSHOT_LOG=/tmp/op-node-snapshot-log
      - OP_NODE_VERIFIER_L1_CONFS=4
      - OP_NODE_L1_TRUST_RPC=true
      - OP_NODE_P2P_BOOTNODES=enr:-J64QBwRIWAco7lv6jImSOjPU_W266lHXzpAS5YOh7WmgTyBZkgLgOwo_mxKJq3wz2XRbsoBItbv1dCyjIoNq67mFguGAYrTxM42gmlkgnY0gmlwhBLSsHKHb3BzdGFja4S0lAUAiXNlY3AyNTZrMaEDmoWSi8hcsRpQf2eJsNUx-sqv6fH4btmo2HsAzZFAKnKDdGNwgiQGg3VkcIIkBg,enr:-J64QFa3qMsONLGphfjEkeYyF6Jkil_jCuJmm7_a42ckZeUQGLVzrzstZNb1dgBp1GGx9bzImq5VxJLP-BaptZThGiWGAYrTytOvgmlkgnY0gmlwhGsV-zeHb3BzdGFja4S0lAUAiXNlY3AyNTZrMaEDahfSECTIS_cXyZ8IyNf4leANlZnrsMEWTkEYxf4GMCmDdGNwgiQGg3VkcIIkBg

  ######################################################################################
  #####################            OP-RETH CONTAINER            ######################
  ######################################################################################

  op-reth:
    image: ghcr.io/paradigmxyz/op-reth:v1.1.5
    container_name: op-reth
    user: root  # Run as root
    restart: unless-stopped
    networks:
      - monitor-net
    expose:
      - "8545"  # RPC
      - "8546"  # WebSocket
      - "7300"  # Metrics
      - "8551"  # AuthRPC
    ports:
      - "30303:30303"      # Peers
      - "30303:30303/udp"  # Peers
      - "8551:8551"
    volumes:
      - /root/data/base-sepolia/op-reth/jwt.hex:/root/data/base-sepolia/op-reth/jwt.hex:ro
      - op-reth_data:/data
    command: node --authrpc.jwtsecret=/root/data/base-sepolia/op-reth/jwt.hex --datadir=/data --log.stdout.format log-fmt --ws --ws.origins="*" --ws.addr=0.0.0.0 --ws.port=8546 --ws.api="debug,eth,net,trace,txpool,web3,rpc,reth,admin" --http --http.corsdomain="*" --http.addr=0.0.0.0 --http.port=8545 --http.api="debug,eth,net,trace,txpool,web3,rpc,reth,admin" --authrpc.addr=0.0.0.0 --authrpc.port=8551 --metrics=0.0.0.0:7300 --chain=base-sepolia --rollup.sequencer-http=https://sepolia-sequencer.base.org --rollup.disable-tx-pool-gossip
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.base.service=base"
      - "traefik.http.services.base.loadbalancer.server.port=8545"
      - "traefik.http.routers.base.entrypoints=websecure"
      - "traefik.http.routers.base.tls.certresolver=myresolver"
      - "traefik.http.routers.base.rule=Host(`${DOMAIN}`)"
      - "traefik.http.routers.base.middlewares=ipwhitelist"

docker compose up -d

Monitor Logs

Use docker logs to monitor your op-reth and op-node. The -f flag ensures you are following the log output

docker logs op-reth -f --tail 100

docker logs opnode -f --tail 100

Once your Base node starts syncing, the logs should look like this:

for op-reth:

ts=2025-03-10T02:53:38.709075686Z level=info target=reth_node_events::node message="Canonical chain committed" number=22903465 hash=0xa134676a4ed89f82eb1ce0ef5cf6fd58b0041e5e5c64e2f54cbc39a2bcfc34bf elapsed=132.57µs
ts=2025-03-10T02:53:40.4913852Z level=info target=reth_node_events::node message="Block added to canonical chain" number=22903466 hash=0x14dad5067b691a304f9b4167834cfd7664ffabf5dc87aef941e2854a60864158 peers=39 txs=77 gas="15.59 Mgas" gas_throughput="312.27 Mgas/second" full=26.0% base_fee=0.00gwei blobs=0 excess_blobs=0 elapsed=49.936088ms

for op-node:

t=2025-03-10T02:52:20+0000 lvl=info msg="Sync progress" reason="new chain head block" 
l2_finalized=0xaefc5cf3494778144b7be0b0f60ec021f62be261fe436408ec444d5beb96f59b:22902892 l2_safe=0x68567e5cbacbb9d765746e6057e15c52b20b403131f8910467cc1566deb10a8d:22903391 l2_pending_safe=0x68567e5cbacbb9d765746e6057e15c52b20b403131f8910467cc1566deb10a8d:22903391 
l2_unsafe=0x676daa0eff1ab38bc20afeae069231b7cb870d3280a89a4a0aa756f05be9a361:22903426 l2_backup_unsafe=0x0000000000000000000000000000000000000000000000000000000000000000:0 l2_time=1741575140
t=2025-03-10T02:52:20+0000 lvl=info msg="successfully processed payload" ref=0x676daa0eff1ab38bc20afeae069231b7cb870d3280a89a4a0aa756f05be9a361:22903426 txs=92
curl --data '{"method":"eth_syncing","params":[],"id":1,"jsonrpc":"2.0"}' -H "Content-Type: application/json" -X POST https://{YOUR_DOMAIN}

The result will return false if a node is fully synced

Alternatively you can run

curl -d '{"id":0,"jsonrpc":"2.0","method":"eth_getBlockByNumber","params":["latest",false]}' \
  -H "Content-Type: application/json" https://{YOUR_DOMAIN}

and it will return more details about syncing progress

References

Last updated

Was this helpful?