diff --git a/besu-fullnode.yml b/besu-fullnode.yml
new file mode 100644
index 00000000..95059e4e
--- /dev/null
+++ b/besu-fullnode.yml
@@ -0,0 +1,102 @@
+version: '3.1'
+
+services:
+  mainnet-besu:
+    image: hyperledger/besu:23.4.4
+    ports:
+      - "7791:7791/tcp"
+      - "7791:7791/udp"
+    volumes:
+      - mainnet-besu-fullnode:/var/lib/besu
+      - .jwtsecret:/jwt.hex
+    command:
+      [
+      "--rpc-ws-host='0.0.0.0'",
+      "--rpc-ws-enabled=true",
+      "--rpc-http-host='0.0.0.0'",
+      "--rpc-http-enabled=true",
+      "--host-allowlist=*",
+      "--rpc-http-cors-origins=*",
+      "--engine-rpc-port=8551",
+      "--engine-host-allowlist=*",
+      "--engine-jwt-secret=/jwt.hex",
+      "--engine-rpc-enabled=true",
+      "--data-storage-format=BONSAI",
+      "--metrics-enabled",
+      "--metrics-host='0.0.0.0'",
+      "--data-path=/var/lib/besu",
+      "--sync-mode=X_CHECKPOINT",
+      "--rpc-http-max-active-connections=170",
+      "--p2p-port=7791"
+      ]
+      restart: unless-stopped
+    security_opt:
+      - "seccomp:unconfined"
+    labels:                     
+      - "traefik.enable=true"
+      - "traefik.http.middlewares.mainnet-besu-stripprefix.stripprefix.prefixes=/mainnet-besu"                  
+      - "traefik.http.services.mainnet-besu.loadbalancer.server.port=8545"                                 
+      - "traefik.http.routers.mainnet-besu.entrypoints=websecure"                                          
+      - "traefik.http.routers.mainnet-besu.tls.certresolver=myresolver"                                    
+      - "traefik.http.routers.mainnet-besu.rule=Host(`$DOMAIN`) && PathPrefix(`/mainnet-besu`)"                 
+      - "traefik.http.routers.mainnet-besu.middlewares=mainnet-besu-stripprefix, ipwhitelist"
+      - "prometheus-scrape.enabled=true"
+      - "prometheus-scrape.port=6060"
+      - "prometheus-scrape.job_name=geth-mainnet-besu"
+      - "prometheus-scrape.metrics_path=/debug/metrics/prometheus"      
+
+      
+  lighthouse-mainnet:
+    image: sigp/lighthouse:v4.3.0-modern
+    restart: unless-stopped
+    networks:
+      - chains
+    ports:
+      - 20506:20506/tcp # p2p
+      - 20506:20506/udp # p2p
+    expose:
+      - 5054 # metrics
+      - 4000 # http
+      - 20506 # p2p
+    volumes:
+      - mainnet_consensus:/data
+      - .jwtsecret:/jwt.hex
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    command: |
+      lighthouse
+      beacon_node
+      --network=mainnet
+      --disable-upnp
+      --datadir=/data
+      --port=20506
+      --http
+      --http-address=0.0.0.0
+      --http-port=4000
+      --target-peers=50
+      --execution-endpoint=http://nethermind-mainnet:8551
+      --execution-jwt=/jwt.hex
+      --debug-level=info
+      --validator-monitor-auto
+      --subscribe-all-subnets
+      --import-all-attestations
+      --metrics
+      --metrics-port=5054
+      --metrics-address=0.0.0.0
+      --checkpoint-sync-url=https://mainnet-checkpoint-sync.attestant.io
+    labels:
+      - "prometheus-scrape.enabled=true"
+      - "prometheus-scrape.port=5054"
+      - "prometheus-scrape.job_name=lighthouse-mainnet"
+      - "prometheus-scrape.metrics_path=/metrics"
+      - "traefik.enable=true"
+      - "traefik.http.middlewares.lighthouse-mainnet-stripprefix.stripprefix.prefixes=/lighthouse-mainnet"
+      - "traefik.http.services.lighthouse-mainnet.loadbalancer.server.port=4000"
+      - "traefik.http.routers.lighthouse-mainnet.entrypoints=websecure"
+      - "traefik.http.routers.lighthouse-mainnet.tls.certresolver=myresolver"
+      - "traefik.http.routers.lighthouse-mainnet.rule=Host(`$DOMAIN`) && PathPrefix(`/lighthouse-mainnet`)"
+      - "traefik.http.routers.lighthouse-mainnet.middlewares=lighthouse-mainnet-stripprefix, ipwhitelist"
+
+      
+volumes:
+    mainnet-besu-fullnode: