User:Bipface/Installing H@H on Debian or Ubuntu
- Basic familiarity with Linux.
- A server running Debian version 9 (Stretch) or newer, or Ubuntu version 16 (Xenial Xerus) or newer.
To use earlier versions you will need to determine how to install a Java 8 runtime, which may not be a straightforward process and is beyond the scope of this guide.
- Root access to your server (i.e.
- PuTTY or any other SSH program to connect to your server. This allows for copying/pasting of commands.
- One or more 'active' Hentai@Home Clients on your account.
- An open port through which the client can accept connections from the internet, as explained in the minimum requirements section.
Check for firewall rules by running
# iptables --list-rules.
- This guide assumes a server-style environment, typical of VPS/cloud-hosted systems. Installation on desktop or IoT systems, for example, may require doing some things differently.
To perform the installation, you may also require the following:
- A command-line HTTP client such as
- A zip-file extractor such as
- A text editor such as
On some distributions, such as Minimal Ubuntu, standard command-line tools might not be present by default. Use
# apt install to install these packages as needed.
- Linux is case-sensitive with file names. Therefore, it is best to use lowercase names everywhere to make it easier for yourself.
- Commands starting with $ are to be run as current user, those starting with # as root.
- Before installing packages, refresh the package manager by running
# apt update.
- H@H 1.6.0 and above uses SSL certificates. For them to work properly, you need the ntp package, which keeps the server's date and time in sync. It is normally installed by default.
At a glance, the steps to install H@H are as follows, with further details in the subsequent sections:
- Install a Java version 8 (or newer) runtime environment.
- Obtain and configure the latest H@H client software.
- Define a service (systemd unit file) to run it.
Start by checking whether a Java runtime is already available by running:
$ java -version
A result such as
openjdk version "1.8.0_242", where the version number is 1.8 or greater, indicates that your server has a suitable Java runtime and you can skip to the next section.
If you see a result such as
java: command not found, no Java runtime is installed yet.
Examine the default JRE package:
# apt show default-jre-headless
You should expect to find a line in the output such as
Depends: openjdk-8-jre-headless, java-common. If openjdk-7 or lower is listed instead, your OS version may be too old to install a Java 8 runtime by conventional means — refer to the Prerequisites section.
Install the JRE:
# apt install default-jre-headless
If you're planning to use H@H in GUI mode at any point, you should instead install the package
default-jre (without the -headless suffix). Otherwise, the headless package will suffice.
Once complete, run
$ java -version again to verify the result.
Preparing the H@H Client
It is recommended to create a dedicated service account to run the H@H client.
This is achieved with the command:
# adduser hath
Login as the newly created user, then download and extract the H@H client software:
VERSION with the version number of the latest release, which can be found on the Hentai@Home Clients page)
# login hath $ wget 'https://repo.e-hentai.org/hath/HentaiAtHome_VERSION.zip' $ unzip HentaiAtHome_VERSION.zip
Launch the client by running:
$ java -jar HentaiAtHome.jar
You should be prompted to enter your Client ID and Client Key, which can be found on the Hentai@Home Clients page.
Once the client has successfully authenticated with the server, press
ctrl+C to quit the client, then proceed to the next section.
Defining the H@H Service
Use the following command to create a new unit file defining the service:
# systemctl edit hath.service --full --force
Insert the following text and save the file:
[Unit] Description=Hentai@Home After=local-fs.target remote-fs.target network.target [Service] Type=simple User=hath WorkingDirectory=/home/hath SuccessExitStatus=143 ExecStart=/usr/bin/java -jar HentaiAtHome.jar Restart=on-failure [Install] WantedBy=multi-user.target
SuccessExitStatus=143 is needed because the Java process may return a non-zero exit code even after a graceful shutdown).
Now start the service:
# systemctl start hath
Listening on Port 443
H@H will work on most port numbers, however making it accessible on port 443 is recommended as more users will be able to connect to it.
On Linux, ports numbers below 1024 are considered privileged. Additional steps are required in order for H@H to utilise ports in the privileged range.
There are multiple options for achieving this. The most common approaches are as follows.
Before proceeding, stop the H@H service (
# systemctl stop hath) and configure your client to use port 443 on the Hentai@Home Clients page.
Using POSIX Capabilities
The easiest solution is to enable the corresponding capability on the Java binary.
Firstly ensure the
setcap utility is installed, by running:
# apt install libcap2-bin
Next, edit the H@H unit file again, and add the following line in the
ExecStartPre=+/bin/sh -c 'setcap "cap_net_bind_service=+ep" "$(readlink -f /usr/bin/java)"'
This will ensure that the Java binary can bind to privileged ports before launching the H@H client.
Now start the service again:
# systemctl start hath
Note that this approach may not be suitable if your system is using Java for other purposes as well. Capabilities have been known to cause adverse effects in some cases, so be sure to test any other Java applications present on your system.
Using Network Address Translation (NAT)
Alteratively, network address translation can redirect traffic from your internet-facing port 443 to your H@H client listening on a non-privileged port.
Start by editing the H@H unit file again, and replacing the
ExecStart line with:
ExecStart=/usr/bin/java -jar HentaiAtHome.jar --port=1024
1024 is a port of your choice in the range 1024–65535.
If your system is behind a router/firewall, you most likely have a port-forwarding rule configured already to make your server accessible from the internet. You'll need to modify this rule to direct traffic from external port 443 to the port selected in the previous step (on your server's IP address).
Another way to perform port redirection is to apply the following iptables rule on the server itself:
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 1024
eth0 is the name of your network interface and
1024 is your selected port.
Which approach you choose depends on the nature of your network, the features provided by your router, etc.
Once the NAT rule is in place, start the service again:
# systemctl start hath
Testing and Monitoring
You can see the current status of your H@H service by running:
# systemctl status hath
The output should indicate whether the service is active, and shows the last few lines of console output from the H@H process itself.
You can also read the two log files
log_err, which are found in
One way to confirm that the client is listening for connections is to open
https://ADDRESS:PORT/robots.txt in a web browser, where
PORT is the port number configured for the client and
ADDRESS is the internet-facing IP address of your server. If the connection is established the browser will most likely present a HTTPS certificate error – bypass the error and a text file should be served to you.