User:Bipface/Installing H@H on Debian or Ubuntu

From EHWiki
Jump to navigationJump to search


  • Basic familiarity with Linux.
  • A server running Debian version 9 (Stretch) or newer, or Ubuntu version 16 (Xenial Xerus) or newer.
    To use earlier versions you will need to determine how to install a Java 8 runtime, which may not be a straightforward process and is beyond the scope of this guide.
  • Root access to your server (i.e. su/sudo).
  • PuTTY or any other SSH program to connect to your server. This allows for copying/pasting of commands.
  • An open port through which the client can accept connections from the internet, as explained in the minimum requirements section.
    Check for firewall rules by running # iptables --list-rules.
  • This guide assumes a server-style environment, typical of VPS/cloud-hosted systems. Installation on desktop or IoT systems, for example, may require doing some things differently.

Optional Tools

To perform the installation, you may also require the following:

  • A command-line HTTP client such as wget or curl.
  • A zip-file extractor such as unzip.
  • A text editor such as nano or vi.

On some distributions, such as Minimal Ubuntu, standard command-line tools might not be present by default. Use # apt install to install these packages as needed.

Take Note

  • Linux is case-sensitive with file names. Therefore, it is best to use lowercase names everywhere to make it easier for yourself.
  • Commands starting with $ are to be run as current user, those starting with # as root.
  • Before installing packages, refresh the package manager by running # apt update.
  • H@H 1.6.0 and above uses SSL certificates. For them to work properly, you need the ntp package, which keeps the server's date and time in sync. It is normally installed by default.


At a glance, the steps to install H@H are as follows, with further details in the subsequent sections:

  • Install a Java version 8 (or newer) runtime environment.
  • Obtain and configure the latest H@H client software.
  • Define a service (systemd unit file) to run it.

Installing Java

Start by checking whether a Java runtime is already available by running:

$ java -version

A result such as openjdk version "1.8.0_242", where the version number is 1.8 or greater, indicates that your server has a suitable Java runtime and you can skip to the next section.

If you see a result such as java: command not found, no Java runtime is installed yet.

Examine the default JRE package:

# apt show default-jre-headless

You should expect to find a line in the output such as Depends: openjdk-8-jre-headless, java-common. If openjdk-7 or lower is listed instead, your OS version may be too old to install a Java 8 runtime by conventional means — refer to the Prerequisites section.

Install the JRE:

# apt install default-jre-headless

If you're planning to use H@H in GUI mode at any point, you should instead install the package default-jre (without the -headless suffix). Otherwise, the headless package will suffice.

Once complete, run $ java -version again to verify the result.

Preparing the H@H Client

It is recommended to create a dedicated service account to run the H@H client.
This is achieved with the command:

# adduser hath

Login as the newly created user, then download and extract the H@H client software:
(Replace VERSION with the version number of the latest release, which can be found on the Hentai@Home Clients page)

# login hath
$ wget ''
$ unzip

Launch the client by running:

$ java -jar HentaiAtHome.jar

You should be prompted to enter your Client ID and Client Key, which can be found on the Hentai@Home Clients page.

Once the client has successfully authenticated with the server, press ctrl+C to quit the client, then proceed to the next section.

Defining the H@H Service

Use the following command to create a new unit file defining the service:

# systemctl edit hath.service --full --force

Insert the following text and save the file:


ExecStart=/usr/bin/java -jar HentaiAtHome.jar


(The line SuccessExitStatus=143 is needed because the Java process may return a non-zero exit code even after a graceful shutdown).

Now start the service:

# systemctl start hath

Listening on Port 443

H@H will work on most port numbers, however making it accessible on port 443 is recommended as more users will be able to connect to it.
On Linux, ports numbers below 1024 are considered privileged. Additional steps are required in order for H@H to utilise ports in the privileged range.

There are multiple options for achieving this. The most common approaches are as follows.

Before proceeding, stop the H@H service (# systemctl stop hath) and configure your client to use port 443 on the Hentai@Home Clients page.

Using POSIX Capabilities

The easiest solution is to enable the corresponding capability on the Java binary.

Firstly ensure the setcap utility is installed, by running:

# apt install libcap2-bin

Next, edit the H@H unit file again, and add the following line in the [Service] section:

ExecStartPre=+/bin/sh -c 'setcap "cap_net_bind_service=+ep" "$(readlink -f /usr/bin/java)"'

This will ensure that the Java binary can bind to privileged ports before launching the H@H client.

Now start the service again:

# systemctl start hath

Note that this approach may not be suitable if your system is using Java for other purposes as well. Capabilities have been known to cause adverse effects in some cases, so be sure to test any other Java applications present on your system.

Using Network Address Translation (NAT)

Alteratively, network address translation can redirect traffic from your internet-facing port 443 to your H@H client listening on a non-privileged port.

Start by editing the H@H unit file again, and replacing the ExecStart line with:

ExecStart=/usr/bin/java -jar HentaiAtHome.jar --port=1024

Where 1024 is a port of your choice in the range 1024–65535.

If your system is behind a router/firewall, you most likely have a port-forwarding rule configured already to make your server accessible from the internet. You'll need to modify this rule to direct traffic from external port 443 to the port selected in the previous step (on your server's IP address).

Another way to perform port redirection is to apply the following iptables rule on the server itself:

# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 1024

Where eth0 is the name of your network interface and 1024 is your selected port.

Which approach you choose depends on the nature of your network, the features provided by your router, etc.

Once the NAT rule is in place, start the service again:

# systemctl start hath

Testing and Monitoring

You can see the current status of your H@H service by running:

# systemctl status hath

The output should indicate whether the service is active, and shows the last few lines of console output from the H@H process itself.

You can also read the two log files log_out and log_err, which are found in /home/hath/log/.

One way to confirm that the client is listening for connections is to open https://ADDRESS:PORT/robots.txt in a web browser, where PORT is the port number configured for the client and ADDRESS is the internet-facing IP address of your server. If the connection is established the browser will most likely present a HTTPS certificate error – bypass the error and a text file should be served to you.

See also