SSV Mainnet Node Stack Setup
This guide deploys an SSV mainnet operator node with the official SSV Node stack. The default BlockNth flow starts ssv-key-generation, ssv-node, and ssv-dkg; it does not start Prometheus, Grafana, or Alertmanager.
Do not use plain docker compose up -d for the default setup in this guide. That command starts the full monitoring stack, including Prometheus and Grafana. Use docker compose --profile dkg up -d ssv-key-generation ssv-node ssv-dkg unless you explicitly want the monitoring services.
Prerequisites
System Requirements
- Operating System: Ubuntu 22.04/24.04 LTS x64
- CPU: 4 cores minimum
- Memory: 8GB RAM minimum
- Storage: 100GB SSD minimum for SSV data and logs
- Docker: Docker Engine with Docker Compose plugin v2+
- Ethereum Endpoints: Reliable execution WebSocket and consensus HTTP endpoints
- Firewall: Open TCP
13001, UDP12001, and only expose API/metrics locally unless required
Network Information
| Component | Value | Description |
|---|---|---|
| Network | mainnet | SSV production network |
| Stack Repository | https://github.com/ssvlabs/ssv-stack.git | Official stack repository |
| SSV Node Image | docker.io/ssvlabs/ssv-node:latest | Image used by stack |
| SSV Node Release | v2.4.2 | Latest SSV node release checked on 2026-05-11 |
| P2P TCP | 13001 | Must be reachable by peers |
| P2P UDP | 12001 | Must be reachable by peers |
| SSV API | 16000 | Health endpoint |
| Metrics | 15000 | Bound to 127.0.0.1 by stack |
The ssv-stack repository commit checked for this guide is 27b8159 from 2025-12-24. Re-check the official SSV docs and repository before production upgrades.
Step 1: Install Docker
sudo apt -q update
sudo apt -qy install ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
| sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" \
| sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt -q update
sudo apt -qy install docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo systemctl enable --now docker
docker compose version
Step 2: Clone SSV Stack
cd $HOME
git clone https://github.com/ssvlabs/ssv-stack.git
cd ssv-stack
Step 3: Configure Environment
cp ssv.example.env ssv.env
chmod 600 ssv.env
mkdir -p ssv-node-data
Edit ssv.env and set at least these values:
BEACON_NODE_ADDR=http://YOUR_CONSENSUS_ENDPOINT:5052
ETH_1_ADDR=ws://YOUR_EXECUTION_ENDPOINT:8546
NETWORK=mainnet
PRIVATE_KEY_FILE=/data/private_key
PASSWORD_FILE=/data/password
TCP_PORT=13001
UDP_PORT=12001
SSV_API_PORT=16000
DB_PATH=/data/db
LOG_LEVEL=info
If your execution or consensus clients run on the host machine, do not blindly use 127.0.0.1 inside ssv.env; inside Docker that points at the SSV container itself. Use a reachable LAN address, reverse proxy address, or Docker host gateway configuration.
Step 4: Prepare Operator Key
The stack can generate a new encrypted operator key on first start. It stores the encrypted private key and password under ./ssv-node-data.
For a new operator key:
mkdir -p ssv-node-data
docker compose run --rm ssv-key-generation
ls -la ssv-node-data
For an existing operator key, place your files before starting:
install -m 600 /secure/path/private_key ./ssv-node-data/private_key
install -m 600 /secure/path/password ./ssv-node-data/password
Back up ssv-node-data/private_key and ssv-node-data/password to separate secure storage. Losing either file can make the operator key unusable.
Step 5: Configure DKG
Edit dkg-data/operator.yaml before starting the stack:
operatorID: YOUR_OPERATOR_ID
ethEndpointURL: http://YOUR_EXECUTION_ENDPOINT:8545
Open TCP 3030 on your firewall if this operator should expose DKG:
sudo ufw allow 3030/tcp
Step 6: Start SSV Node, Key Generation, and DKG
Start only the required SSV services:
docker compose pull ssv-node ssv-key-generation ssv-dkg
docker compose --profile dkg up -d ssv-key-generation ssv-node ssv-dkg
This starts ssv-key-generation, ssv-node, and ssv-dkg. It does not start prometheus, grafana, or alertmanager.
Verify the running services:
docker compose ps
docker compose logs -f ssv-node
docker compose logs -f ssv-dkg
Expected services for the default guide:
ssv-stack-ssv-key-generation-1
ssv-stack-ssv-node-1
ssv-stack-ssv-dkg-1
ssv-key-generation is a one-shot container. After it creates or confirms the key files, Docker Compose may show it as exited successfully. That is expected.
Step 7: Health Checks
curl -s http://127.0.0.1:16000/v1/node/health | jq .
curl -s http://127.0.0.1:15000/metrics | head
Check peer ports:
sudo ss -tulpn | grep -E '13001|12001|16000|15000|3030'
Step 8: Register Operator
After the node is running and the operator key is backed up, register the operator through the official SSV operator flow.
This guide covers infrastructure setup only. Follow the official SSV operator registration documentation before accepting validators or joining clusters.
Optional: Monitoring Stack
The upstream stack includes Prometheus, Grafana, and Alertmanager. They are intentionally not started by the default command in this guide.
Start monitoring only when you have reviewed passwords, bind addresses, firewall rules, and alertmanager secrets:
docker compose up -d prometheus grafana alertmanager
The upstream Grafana defaults are intended for examples. Change admin credentials and keep Prometheus/Grafana bound to trusted interfaces only.
Maintenance
Update the Stack
cd $HOME/ssv-stack
git pull
docker compose pull ssv-node ssv-key-generation ssv-dkg
docker compose --profile dkg up -d ssv-key-generation ssv-node ssv-dkg
Stop the SSV Services
docker compose stop ssv-node ssv-dkg
Restart the SSV Services
docker compose restart ssv-node ssv-dkg